route-monitor-operator/hack/olm-registry/rmo-config-template.yaml at 66ba51246635dfca7ed9a40032f202205f2a1d47 · openshift/route-monitor-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
apiVersion: v1
kind: Template
metadata:
  name: rmo-config-template

###############################################################################
# Per-region RMO configuration template
#
# This template deploys region-specific ConfigMaps to MCs via SelectorSyncSet.
# Each regional RHOBS cell requires its own PROBE_API_URL.
#
# Selector labels used:
# - api.openshift.com/managed: "true"
# - ext-hypershift.openshift.io/cluster-type: management-cluster
# - ext-hypershift.openshift.io/cluster-sector: <sector> (matchExpressions In)
# - api.openshift.com/fedramp: NotIn true
#
# For production traffic splitting in high-load regions (e.g., us-east-1 with
# multiple RHOBS cells), see SREP-3225 for adding rhobs-cell labels to MCs.
#
# Configuration Parameters:
# - DYNATRACE_ENABLED: Controls Dynatrace synthetic monitoring (default: "false")
#   Set to "true" to enable Dynatrace for specific sectors/regions
###############################################################################

parameters:
- name: REGION
  required: false
  description: "Unused. Kept for compatibility with callers that pass this parameter."
- name: SECTORS
  required: true
  description: "List of sectors to target (e.g., main, perf3)"
- name: SUFFIX
  required: true
  description: "Unique suffix for SelectorSyncSet name (e.g., stage-us-west-2-main)"
- name: NAMESPACE
  value: openshift-route-monitor-operator
- name: PROBE_API_URL
  required: true
  description: "RHOBS probes API URL for this region"
- name: OIDC_CLIENT_ID
  required: true
- name: OIDC_CLIENT_SECRET
  required: true
- name: OIDC_ISSUER_URL
  required: true
- name: ONLY_PUBLIC_CLUSTERS
  value: ""
  required: false
- name: DYNATRACE_ENABLED
  value: "false"
  required: false
  description: "Enable Dynatrace synthetic monitoring for this sector"

objects:
- apiVersion: hive.openshift.io/v1
  kind: SelectorSyncSet
  metadata:
    name: route-monitor-operator-config-${SUFFIX}
  spec:
    clusterDeploymentSelector:
      matchLabels:
        api.openshift.com/managed: "true"
      matchExpressions:
      - key: api.openshift.com/fedramp
        operator: NotIn
        values:
        - "true"
      - key: ext-hypershift.openshift.io/cluster-type
        operator: In
        values:
        - management-cluster
      - key: ext-hypershift.openshift.io/cluster-sector
        operator: In
        values: ${{SECTORS}}
    resourceApplyMode: Sync
    applyBehavior: CreateOrUpdate
    resources:
    - apiVersion: v1
      kind: ConfigMap
      metadata:
        name: route-monitor-operator-config
        namespace: ${NAMESPACE}
      data:
        probe-api-url: ${PROBE_API_URL}
        oidc-client-id: ${OIDC_CLIENT_ID}
        oidc-client-secret: ${OIDC_CLIENT_SECRET}
        oidc-issuer-url: ${OIDC_ISSUER_URL}
        only-public-clusters: ${ONLY_PUBLIC_CLUSTERS}
        dynatrace-enabled: ${DYNATRACE_ENABLED}
    # Label the RMO namespace so the RHOBS MonitoringStack discovers
    # ServiceMonitors in it and scrapes RMO metrics for the HCP tenant.
    - apiVersion: v1
      kind: Namespace
      metadata:
        name: ${NAMESPACE}
        labels:
          hypershift.openshift.io/monitoring: "true"
    # Service exposing the controller-manager metrics endpoint (port 8080).
    # Required because OLM does not create one for this operator.
    - apiVersion: v1
      kind: Service
      metadata:
        name: route-monitor-operator-metrics
        namespace: ${NAMESPACE}
        labels:
          app.kubernetes.io/component: route-monitor-operator
      spec:
        selector:
          control-plane: controller-manager
        ports:
        - name: metrics
          port: 8080
          targetPort: 8080
          protocol: TCP
    # ServiceMonitor for the RHOBS MonitoringStack (monitoring.rhobs API group).
    # Enables RMO metrics to be scraped and remote-written to the HCP tenant.
    - apiVersion: monitoring.rhobs/v1
      kind: ServiceMonitor
      metadata:
        name: route-monitor-operator-rhobs
        namespace: ${NAMESPACE}
        labels:
          app.kubernetes.io/component: route-monitor-operator
      spec:
        selector:
          matchLabels:
            app.kubernetes.io/component: route-monitor-operator
        endpoints:
        - port: metrics
          path: /metrics
          interval: 60s