diff --git a/components/image-controller/base/kustomization.yaml b/components/image-controller/base/kustomization.yaml index 303e846d4fd..773df1551cc 100644 --- a/components/image-controller/base/kustomization.yaml +++ b/components/image-controller/base/kustomization.yaml @@ -1,5 +1,6 @@ resources: - allow-argocd-to-manage.yaml +- monitoring.yaml - rbac namespace: image-controller diff --git a/components/image-controller/base/monitoring.yaml b/components/image-controller/base/monitoring.yaml new file mode 100644 index 00000000000..37a8fd264f8 --- /dev/null +++ b/components/image-controller/base/monitoring.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metrics-reader +--- +apiVersion: v1 +kind: Secret +metadata: + name: metrics-reader + annotations: + kubernetes.io/service-account.name: metrics-reader +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus-image-controller-metrics-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: image-controller-metrics-reader +subjects: +- kind: ServiceAccount + name: metrics-reader +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: image-controller +spec: + endpoints: + - path: /metrics + interval: 15s + port: https + scheme: https + bearerTokenSecret: + name: "metrics-reader" + key: token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager