Enable operator metrics collection

[OlivierCazade]

Enable collection for operator metrics.

[jotak]

What is missing for having a TLS without skipping verify?
It's basically the same reason why we have this bug: https://issues.redhat.com/browse/NETOBSERV-765

[OlivierCazade]

Similar to what we did for FLP we need to add the labels to the metric services to generate certificate and mount them in the kube-rbac-proxy container so they can be used.

[OlivierCazade]

Added SSL and auth configuration for downstream collection, this made operator metrics endpoint incompatible with monitoring user workload.

@memodi appart from review comments, the PR is ready to be tested.
After deploying this branch and setting DOWNSTREAM_DEPLOYMENT to true, you should see operator metrics without enabling user workload.

[codecov]

Codecov Report

Merging #273 (434ced9) into main (8a4db3c) will decrease coverage by 0.04%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main     #273      +/-   ##
==========================================
- Coverage   47.61%   47.57%   -0.04%     
==========================================
  Files          43       43              
  Lines        5015     5019       +4     
==========================================
  Hits         2388     2388              
- Misses       2416     2420       +4     
  Partials      211      211              

Flag	Coverage Δ
unittests	47.57% <0.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
controllers/flowcollector_controller.go	52.73% <0.00%> (ø)
controllers/flowcollector_objects.go	17.77% <0.00%> (-1.74%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[memodi]

Added SSL and auth configuration for downstream collection, this made operator metrics endpoint incompatible with monitoring user workload.

@OlivierCazade - is the idea, they would be compatible with SSL and auth configuration once operator is deployed with DOWNSTREAM_DEPLOYMENT to true?

[OlivierCazade]

Yes, SSL and authentication for the metrics endpoint. And the prometheus deployment should automatically use it from the ServiceMonitor configuration

[memodi]

/ok-to-test

[github-actions]

New image: ["quay.io/netobserv/network-observability-operator:1b5e2fb"]. It will expire after two weeks.

[memodi]

@OlivierCazade - I tried with image from this PR, I am not able to see those metrics:

$ oc get pod/netobserv-controller-manager-7794cf659b-vcnhn -o yaml | egrep -A 1 "DOWN"
    - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
    command:
--
    - name: DOWNSTREAM_DEPLOYMENT
      value: "true"

$ oc get servicemonitor
NAME                        AGE
netobserv-metrics-monitor   5m19s

am I missing something?

[OlivierCazade]

Most of the changes in this PR are at the bundle level, did you also used the bundle from this branch?

[memodi]

/ok-to-test

[github-actions]

New images:

• quay.io/netobserv/network-observability-operator:a5309c1
• quay.io/netobserv/network-observability-operator-bundle:v0.0.0-a5309c1
• quay.io/netobserv/network-observability-operator-catalog:v0.0.0-a5309c1

They will expire after two weeks.

Catalog source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-a5309c1
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

[memodi]

/ok-to-test

[github-actions]

New images:

• quay.io/netobserv/network-observability-operator:7a7c5bf
• quay.io/netobserv/network-observability-operator-bundle:v0.0.0-7a7c5bf
• quay.io/netobserv/network-observability-operator-catalog:v0.0.0-7a7c5bf

They will expire after two weeks.

Catalog source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-7a7c5bf
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

[memodi]

/label qe-approved

Verified NOO metrics and FLP metrics are getting scrapped by cluster prometheus when DOWNSTREAM_DEPLOYMENT == true

[jotak]

I don't think we want this file, do we? Is it included in the bundles, or is it just there as a helper (e.g. for make targets) ? afaict it should not be included in bundles

[OlivierCazade]

No sorry, this was one of my test file.

[jotak]

so, my understanding is that we should hardcode here the installation namespace, openshift-operators, right?

[OlivierCazade]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: OlivierCazade

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [OlivierCazade]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[memodi]

adding NETOBSERV-900 as JIRA reference