This is a cache of https://docs.openshift.com/container-platform/4.14/security/cert_manager_operator/cert-manager-monitoring.html. It is a snapshot of the page at 2024-11-28T14:57:45.549+0000.
Enabling monitoring for the cert-manager Operator for Red Hat OpenShift - cert-manager Operator for Red Hat OpenShift | Security and compliance | OpenShift Container Platform 4.14
×

You can expose controller metrics for the cert-manager Operator for Red Hat OpenShift in the format provided by the Prometheus Operator.

Enabling monitoring by using a service monitor for the cert-manager Operator for Red Hat OpenShift

You can enable monitoring and metrics collection for the cert-manager Operator for Red Hat OpenShift by using a service monitor to perform the custom metrics scraping.

Prerequisites
  • You have access to the cluster with cluster-admin privileges.

  • The cert-manager Operator for Red Hat OpenShift is installed.

Procedure
  1. Add the label to enable cluster monitoring by running the following command:

    $ oc label namespace cert-manager openshift.io/cluster-monitoring=true
  2. Create a service monitor:

    1. Create a YAML file that defines the Role, RoleBinding, and serviceMonitor objects:

      Example monitoring.yaml file
      apiVersion: rbac.authorization.k8s.io/v1
      kind: Role
      metadata:
        name: prometheus-k8s
        namespace: cert-manager
      rules:
      - apiGroups:
        - ""
        resources:
        - services
        - endpoints
        - pods
        verbs:
        - get
        - list
        - watch
      ---
      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        name: prometheus-k8s
        namespace: cert-manager
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: Role
        name: prometheus-k8s
      subjects:
      - kind: serviceAccount
        name: prometheus-k8s
        namespace: openshift-monitoring
      ---
      apiVersion: monitoring.coreos.com/v1
      kind: serviceMonitor
      metadata:
        labels:
          app: cert-manager
          app.kubernetes.io/component: controller
          app.kubernetes.io/instance: cert-manager
          app.kubernetes.io/name: cert-manager
        name: cert-manager
        namespace: cert-manager
      spec:
        endpoints:
        - interval: 30s
          port: tcp-prometheus-servicemonitor
          scheme: http
        selector:
          matchLabels:
            app.kubernetes.io/component: controller
            app.kubernetes.io/instance: cert-manager
            app.kubernetes.io/name: cert-manager
    2. Create the Role, RoleBinding, and serviceMonitor objects by running the following command:

      $ oc create -f monitoring.yaml

Querying metrics for the cert-manager Operator for Red Hat OpenShift

After you have enabled monitoring for the cert-manager Operator for Red Hat OpenShift, you can query its metrics by using the OpenShift Container Platform web console.

Prerequisites
  • You have access to the cluster as a user with the cluster-admin role.

  • You have installed the cert-manager Operator for Red Hat OpenShift.

  • You have enabled monitoring and metrics collection for the cert-manager Operator for Red Hat OpenShift.

Procedure
  1. From the OpenShift Container Platform web console, navigate to ObserveMetrics.

  2. Add a query by using one of the following formats:

    • Specify the endpoints:

      {instance="<endpoint>"} (1)
      1 Replace <endpoint> with the value of the endpoint for the cert-manager service. You can find the endpoint value by running the following command: oc describe service cert-manager -n cert-manager.
    • Specify the tcp-prometheus-servicemonitor port:

      {endpoint="tcp-prometheus-servicemonitor"}