When you install metering on {product-title}, Prometheus is available at https://prometheus-k8s.openshift-monitoring.svc:9091/.
To secure the connection to Prometheus, the default metering installation uses the {product-title} certificate authority. If your Prometheus instance uses a different CA, the CA can be injected through a ConfigMap. See the following example.
spec:
reporting-operator:
spec:
config:
prometheus:
certificateAuthority:
useServiceAccountCA: false
configMap:
enabled: true
create: true
name: reporting-operator-certificate-authority-config
filename: "internal-ca.crt"
value: |
-----BEGIN CERTIFICATE-----
(snip)
-----END CERTIFICATE-----Alternatively, to use the system certificate authorities for publicly valid certificates, set both useServiceAccountCA and configMap.enabled to false.
The reporting-operator can also be configured to use a specified bearer token to auth with Prometheus. See the following example.
spec:
reporting-operator:
spec:
config:
prometheus:
metricsImporter:
auth:
useServiceAccountToken: false
tokenSecret:
enabled: true
create: true
value: "abc-123"