Do not use cluster-monitoring, when running in Openshift #179
Description
The documentation recommends to use cluster-monitoring when run in Openshift:
If you are running on OpenShift just add the label openshift.io/cluster-monitoring="true" to the namespace containing the operator.
This is however against OCP rules:
The following modifications are explicitly not supported:
Adding the openshift.io/cluster-monitoring: "true" label to namespaces. This label is reserved only for the namespaces with core OpenShift Container Platform components and Red Hat certified components.
When the label is not used, the ServiceMonitor is rejected by the User Workload Monitoring due to security reasons:
ServiceMonitor cert-utils-operator-controller-manager-metrics-monitor was rejected due to invalid configuration: it accesses file system via bearer token file which Prometheus specification prohibits
See https://access.redhat.com/solutions/7086043
As such when running in Openshift, it is recommended to use bearerTokenSecret to supply the credentials. Not sure how to implement that, can anyone have a look please?