fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition

Signed-off-by: akhil nittala <[email protected]>

Author: akhilnittala

config/prometheus/monitor.yaml

@@ -1,22 +1,46 @@
-
-# Prometheus Monitor Service (Metrics)
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: metrics-monitor-bearer-token
+  namespace: openshift-gitops-operator
+  annotations:
+    kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager
+type: kubernetes.io/service-account-token
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  annotations:
+    openshift.io/description: This ConfigMap is used for Prometheus monitoring of the GitOps Operator.
+    openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap
+    openshift.io/owning-component: service-ca
+    service.beta.openshift.io/inject-cabundle: "true"
+  name: metrics-monitor-ca-bundle
+  namespace: openshift-gitops-operator
+---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
+  name: metrics-monitor
+  namespace: openshift-gitops-operator
   labels:
     control-plane: gitops-operator
-  name: metrics-monitor
-  namespace: system
 spec:
+  selector:
+    matchLabels:
+      control-plane: gitops-operator
   endpoints:
-    - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-      path: /metrics
+    - bearerTokenSecret:
+        name: openshift-gitops-operator-metrics-monitor-bearer-token
+        key: token
       interval: 30s
+      path: /metrics
       port: metrics
       scheme: https
       tlsConfig:
-        caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
-        serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc
-  selector:
-    matchLabels:
-      control-plane: gitops-operator
+        ca:
+          configMap:
+            name: openshift-gitops-operator-metrics-monitor-ca-bundle
+            key: service-ca.crt
+        serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc

test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go

@@ -6,6 +6,7 @@ import (
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	"github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture"
 	k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -34,18 +35,29 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() {
 			Eventually(sm).Should(k8sFixture.ExistByName())
 
 			Expect(sm.Spec.Endpoints).Should(Equal([]monitoringv1.Endpoint{{
-				BearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token",
-				Interval:        monitoringv1.Duration("30s"),
-				Path:            "/metrics",
-				Port:            "metrics",
-				Scheme:          "https",
+				BearerTokenSecret: &corev1.SecretKeySelector{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: "openshift-gitops-operator-metrics-monitor-bearer-token",
+					},
+					Key: "token",
+				},
+				Interval: monitoringv1.Duration("30s"),
+				Path:     "/metrics",
+				Port:     "metrics",
+				Scheme:   "https",
 				TLSConfig: &monitoringv1.TLSConfig{
 					SafeTLSConfig: monitoringv1.SafeTLSConfig{
-						CA:         monitoringv1.SecretOrConfigMap{},
+						CA: monitoringv1.SecretOrConfigMap{
+							ConfigMap: &corev1.ConfigMapKeySelector{
+								LocalObjectReference: corev1.LocalObjectReference{
+									Name: "openshift-gitops-operator-metrics-monitor-ca-bundle",
+								},
+								Key: "service-ca.crt",
+							},
+						},
 						Cert:       monitoringv1.SecretOrConfigMap{},
 						ServerName: "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc",
 					},
-					CAFile: "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt",
 				},
 			}}))