From 5a42ebdcf4bd6e3185c05a3accf18895823cf57c Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Fri, 15 May 2026 11:37:52 +0000 Subject: [PATCH] docs: Update monitoring procedures for automatic Prometheus resources The che-operator now automatically manages Prometheus monitoring resources (ServiceMonitor, Role, RoleBinding) when metrics are enabled. Updated both Che Server and DevWorkspace monitoring procedures to reflect this change. Manual ServiceMonitor and RBAC creation steps are no longer needed. Related: eclipse-che/che-operator#2117 Co-Authored-By: Claude Sonnet 4.5 --- ...ollecting-che-metrics-with-prometheus.adoc | 81 ++----------------- ...pace-operator-metrics-with-prometheus.adoc | 39 ++------- 2 files changed, 13 insertions(+), 107 deletions(-) diff --git a/modules/administration-guide/partials/proc_collecting-che-metrics-with-prometheus.adoc b/modules/administration-guide/partials/proc_collecting-che-metrics-with-prometheus.adoc index b86014256a..5d95ad4c86 100644 --- a/modules/administration-guide/partials/proc_collecting-che-metrics-with-prometheus.adoc +++ b/modules/administration-guide/partials/proc_collecting-che-metrics-with-prometheus.adoc @@ -9,93 +9,24 @@ To use the in-cluster Prometheus instance to collect, store, and query JVM metri * Your organization's instance of {prod-short} is installed and running in Red Hat OpenShift. -* An active `oc` session with administrative permissions to the destination OpenShift cluster. See link:https://docs.openshift.com/container-platform/{ocp4-ver}/cli_reference/openshift_cli/getting-started-cli.html[Getting started with the CLI]. +* An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}. * {prod-short} is exposing metrics on port `8087`. See xref:enabling-and-exposing-{prod-id-short}-metrics[Enabling and exposing {prod-short} server JVM metrics]. .Procedure -. Create the ServiceMonitor for detecting the {prod-short} JVM metrics Service. -+ -.ServiceMonitor -==== -[source,yaml,subs="+quotes,+attributes,+macros"] ----- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: che-host - namespace: {prod-namespace} <1> -spec: - endpoints: - - interval: 10s <2> - port: metrics - scheme: http - namespaceSelector: - matchNames: - - {prod-namespace} <1> - selector: - matchLabels: - app.kubernetes.io/name: {prod-deployment} ----- -<1> The {prod-short} namespace. The default is `{prod-namespace}`. -<2> The rate at which a target is scraped. -==== - -. Create a Role and RoleBinding to allow Prometheus to view the metrics. +The {prod-operator} automatically creates the following resources when metrics are enabled: -+ -.Role -==== -[source,yaml,subs="+quotes,+attributes,+macros"] ----- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: prometheus-k8s - namespace: {prod-namespace} <1> -rules: - - verbs: - - get - - list - - watch - apiGroups: - - '' - resources: - - services - - endpoints - - pods ----- -<1> The {prod-short} namespace. The default is `{prod-namespace}`. -==== +* A `ServiceMonitor` resource named `{prod-host}` for detecting the {prod-short} JVM metrics Service +* A `Role` and `RoleBinding` granting the `prometheus-k8s` service account permission to scrape metrics endpoints in the {prod-namespace} namespace -+ -.RoleBinding -==== -[source,yaml,subs="+quotes,+attributes,+macros"] ----- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: view-{prod-id-short}-openshift-monitoring-prometheus-k8s - namespace: {prod-namespace} <1> -subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: openshift-monitoring -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s ----- -<1> The {prod-short} namespace. The default is `{prod-namespace}`. -==== +To complete the monitoring configuration: . Allow the in-cluster Prometheus instance to detect the ServiceMonitor in the {prod-short} namespace. The default {prod-short} namespace is `{prod-namespace}`. + [source,terminal,subs="+attributes,quotes"] ---- -$ oc label namespace {prod-namespace} openshift.io/cluster-monitoring=true +$ {orch-cli} label namespace {prod-namespace} openshift.io/cluster-monitoring=true ---- .Verification diff --git a/modules/administration-guide/partials/proc_collecting-dev-workspace-operator-metrics-with-prometheus.adoc b/modules/administration-guide/partials/proc_collecting-dev-workspace-operator-metrics-with-prometheus.adoc index b198f24bd1..e075015a3e 100644 --- a/modules/administration-guide/partials/proc_collecting-dev-workspace-operator-metrics-with-prometheus.adoc +++ b/modules/administration-guide/partials/proc_collecting-dev-workspace-operator-metrics-with-prometheus.adoc @@ -8,49 +8,24 @@ To use the in-cluster Prometheus instance to collect, store, and query metrics a * Your organization's instance of {prod-short} is installed and running in Red Hat OpenShift. -* An active `oc` session with administrative permissions to the destination OpenShift cluster. See link:https://docs.openshift.com/container-platform/{ocp4-ver}/cli_reference/openshift_cli/getting-started-cli.html[Getting started with the CLI]. +* An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}. * The `devworkspace-controller-metrics` Service is exposing metrics on port `8443`. This is preconfigured by default. .Procedure -. Create the ServiceMonitor for detecting the Dev Workspace Operator metrics Service. -+ -.ServiceMonitor -==== -[source,yaml,subs="+quotes,+attributes,+macros"] ----- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: devworkspace-controller - namespace: {prod-namespace} <1> -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - interval: 10s <2> - port: metrics - scheme: https - tlsConfig: - insecureSkipVerify: true - namespaceSelector: - matchNames: - - openshift-operators - selector: - matchLabels: - app.kubernetes.io/name: devworkspace-controller ----- -<1> The {prod-short} namespace. The default is `{prod-namespace}`. -<2> The rate at which a target is scraped. -==== +The {prod-operator} automatically creates the following resources when metrics are enabled: + +* A `ServiceMonitor` resource named `devworkspace` for detecting the {devworkspace} Operator metrics Service +* A `Role` and `RoleBinding` granting the `prometheus-k8s` service account permission to scrape metrics endpoints in the `openshift-operators` namespace -include::example$snip_{project-context}-create-a-role-and-rolebinding-for-prometheus-to-view-metrics.adoc[] +To complete the monitoring configuration: . Allow the in-cluster Prometheus instance to detect the ServiceMonitor in the {prod-short} namespace. The default {prod-short} namespace is `{prod-namespace}`. + [source,subs="+attributes"] ---- -$ oc label namespace {prod-namespace} openshift.io/cluster-monitoring=true +$ {orch-cli} label namespace {prod-namespace} openshift.io/cluster-monitoring=true ---- .Verification