{"id":43989764,"url":"https://github.com/openmcp-project/metrics-operator","last_synced_at":"2026-04-02T11:58:01.596Z","repository":{"id":299641263,"uuid":"884905988","full_name":"openmcp-project/metrics-operator","owner":"openmcp-project","description":"Kubernetes operator for multi-cluster metrics collection and analysis","archived":false,"fork":false,"pushed_at":"2026-03-19T21:24:43.000Z","size":27808,"stargazers_count":10,"open_issues_count":21,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-03-20T02:49:17.178Z","etag":null,"topics":["crossplane","krm","kubebuilder","kubernetes","kubernetes-operator","metrics","observability","otlp"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openmcp-project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-07T15:46:18.000Z","updated_at":"2026-03-19T15:13:07.000Z","dependencies_parsed_at":"2025-06-17T15:36:47.210Z","dependency_job_id":"cb866802-95ae-4db4-98ea-31cc71f33abc","html_url":"https://github.com/openmcp-project/metrics-operator","commit_stats":null,"previous_names":["openmcp-project/metrics-operator"],"tags_count":11,"template":false,"template_full_name":"SAP/repository-template","purl":"pkg:github/openmcp-project/metrics-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openmcp-project%2Fmetrics-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openmcp-project%2Fmetrics-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openmcp-project%2Fmetrics-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openmcp-project%2Fmetrics-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openmcp-project","download_url":"https://codeload.github.com/openmcp-project/metrics-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openmcp-project%2Fmetrics-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31305968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T09:48:21.550Z","status":"ssl_error","status_checked_at":"2026-04-02T09:48:19.196Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crossplane","krm","kubebuilder","kubernetes","kubernetes-operator","metrics","observability","otlp"],"created_at":"2026-02-07T10:33:01.432Z","updated_at":"2026-04-02T11:58:01.590Z","avatar_url":"https://github.com/openmcp-project.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![REUSE status](https://api.reuse.software/badge/github.com/openmcp-project/metrics-operator)](https://api.reuse.software/info/github.com/openmcp-project/metrics-operator)\n\n# Metrics Operator\n\nThe Metrics Operator is a powerful tool designed to monitor and provide insights into the state, usage, patterns, and trends of distributed systems and their associated components.\n\n## Table of Contents\n\n- [Metrics Operator](#metrics-operator)\n  - [Table of Contents](#table-of-contents)\n  - [Key Features](#key-features)\n  - [Architecture Overview](#architecture-overview)\n    - [Metric Resource Flow](#metric-resource-flow)\n    - [ManagedMetric Resource Flow](#managedmetric-resource-flow)\n    - [FederatedMetric Resource Flow](#federatedmetric-resource-flow)\n    - [FederatedManagedMetric Resource Flow](#federatedmanagedmetric-resource-flow)\n  - [Resource Type Descriptions:](#resource-type-descriptions)\n  - [Installation](#installation)\n    - [Prerequisites](#prerequisites)\n    - [Deployment](#deployment)\n  - [Getting Started](#getting-started)\n    - [Quickstart](#quickstart)\n    - [Common Development Tasks](#common-development-tasks)\n  - [Usage](#usage)\n    - [Metric](#metric)\n    - [Managed Metric](#managed-metric)\n    - [Federated Metric](#federated-metric)\n    - [Federated Managed Metric](#federated-managed-metric)\n  - [Remote Cluster Access](#remote-cluster-access)\n    - [Remote Cluster Access](#remote-cluster-access-1)\n    - [Federated Cluster Access](#federated-cluster-access)\n  - [RBAC Configuration](#rbac-configuration)\n  - [DataSink Configuration](#datasink-configuration)\n    - [Creating a DataSink](#creating-a-datasink)\n    - [DataSink Specification](#datasink-specification)\n      - [Connection](#connection)\n      - [Authentication](#authentication)\n    - [Using DataSink in Metrics](#using-datasink-in-metrics)\n    - [Default Behavior](#default-behavior)\n    - [Supported Metric Types](#supported-metric-types)\n    - [Examples and Detailed Documentation](#examples-and-detailed-documentation)\n    - [Migration from Legacy Configuration](#migration-from-legacy-configuration)\n  - [Data Sink Integration](#data-sink-integration)\n  - [Support, Feedback, Contributing](#support-feedback-contributing)\n  - [Security / Disclosure](#security--disclosure)\n  - [Code of Conduct](#code-of-conduct)\n  - [Licensing](#licensing)\n\n## Key Features\n\n- **Comprehensive Resource Tracking**: Quantifies and catalogs various resource types, providing a holistic view of resource distribution and utilization.\n- **Multi-dimensional Analysis**: Examines specific attributes and dimensions of resources, generating nuanced metrics for deeper understanding of system behavior.\n- **Comparative Analytics**: Enables side-by-side analysis of different resource configurations, highlighting patterns and potential imbalances in resource allocation.\n- **Custom Component Focus**: Tailored to monitor and analyze complex, custom-defined resources across your infrastructure.\n- **Predictive Insights**: Aggregates data over time to identify emerging trends, supporting data-driven decision making for future system enhancements.\n- **Strategic Decision Support**: Offers data-backed insights to guide product evolution.\n- **Customizable Alerting System**: Allows defining alerts based on specific metric thresholds, enabling proactive response to potential issues or significant changes in system state.\n- **Standardized**: Exports all metrics using the [OpenTelemetry](https://opentelemetry.io) protocol for seamless observability and interoperability.\n\n## Architecture Overview\n\nThe Metrics Operator provides four main resource types for monitoring Kubernetes objects. Each type serves different use cases:\n\n### Metric Resource Flow\n\n```mermaid\ngraph LR\n    M[Metric] --\u003e|targets via GroupVersionKind| K8S[Kubernetes Objects\u003cbr/\u003ePods, Services, etc.]\n    M -.-\u003e|optional| RCA[RemoteClusterAccess]\n    RCA --\u003e|accesses remote cluster| K8S\n    M --\u003e|sends data to| DS[Data Sink\u003cbr/\u003eDynatrace, etc.]\n\n    classDef metricType fill:#e1f5fe,stroke:#01579b,stroke-width:2px\n    classDef accessType fill:#f3e5f5,stroke:#4a148c,stroke-width:2px\n    classDef targetType fill:#e8f5e8,stroke:#1b5e20,stroke-width:2px\n    classDef dataType fill:#fff3e0,stroke:#e65100,stroke-width:2px\n\n    class M metricType\n    class RCA accessType\n    class K8S targetType\n    class DS dataType\n```\n\n### ManagedMetric Resource Flow\n\n```mermaid\ngraph LR\n    MM[ManagedMetric] --\u003e|targets managed resources| MR[Managed Resources\u003cbr/\u003ewith 'crossplane' \u0026 'managed' categories]\n    MM -.-\u003e|optional| RCA[RemoteClusterAccess]\n    RCA --\u003e|accesses remote cluster| MR\n    MM --\u003e|sends data to| DS[Data Sink\u003cbr/\u003eDynatrace, etc.]\n\n    classDef metricType fill:#e1f5fe,stroke:#01579b,stroke-width:2px\n    classDef accessType fill:#f3e5f5,stroke:#4a148c,stroke-width:2px\n    classDef targetType fill:#e8f5e8,stroke:#1b5e20,stroke-width:2px\n    classDef dataType fill:#fff3e0,stroke:#e65100,stroke-width:2px\n\n    class MM metricType\n    class RCA accessType\n    class MR targetType\n    class DS dataType\n```\n\n### FederatedMetric Resource Flow\n\n```mermaid\ngraph LR\n    FM[FederatedMetric] --\u003e|requires| FCA[FederatedClusterAccess]\n    FCA --\u003e|discovers clusters via| CP[ControlPlane Resources]\n    FCA --\u003e|provides access to| MC[Multiple Clusters]\n    FM --\u003e|targets across clusters| K8S[Kubernetes Objects\u003cbr/\u003eacross federated clusters]\n    FM --\u003e|aggregates \u0026 sends to| DS[Data Sink\u003cbr/\u003eDynatrace, etc.]\n\n    classDef metricType fill:#e1f5fe,stroke:#01579b,stroke-width:2px\n    classDef accessType fill:#f3e5f5,stroke:#4a148c,stroke-width:2px\n    classDef targetType fill:#e8f5e8,stroke:#1b5e20,stroke-width:2px\n    classDef dataType fill:#fff3e0,stroke:#e65100,stroke-width:2px\n\n    class FM metricType\n    class FCA accessType\n    class CP,MC,K8S targetType\n    class DS dataType\n```\n\n### FederatedManagedMetric Resource Flow\n\n```mermaid\ngraph LR\n    FMM[FederatedManagedMetric] --\u003e|requires| FCA[FederatedClusterAccess]\n    FCA --\u003e|discovers clusters via| CP[ControlPlane Resources]\n    FCA --\u003e|provides access to| MC[Multiple Clusters]\n    FMM --\u003e|targets managed resources\u003cbr/\u003eacross clusters| MR[Managed Resources\u003cbr/\u003ewith 'crossplane' \u0026 'managed' categories]\n    FMM --\u003e|aggregates \u0026 sends to| DS[Data Sink\u003cbr/\u003eDynatrace, etc.]\n\n    classDef metricType fill:#e1f5fe,stroke:#01579b,stroke-width:2px\n    classDef accessType fill:#f3e5f5,stroke:#4a148c,stroke-width:2px\n    classDef targetType fill:#e8f5e8,stroke:#1b5e20,stroke-width:2px\n    classDef dataType fill:#fff3e0,stroke:#e65100,stroke-width:2px\n\n    class FMM metricType\n    class FCA accessType\n    class CP,MC,MR targetType\n    class DS dataType\n```\n\n## Resource Type Descriptions:\n\n- [**Metric**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_metrics.yaml): Monitors specific Kubernetes resources in the local or remote clusters using GroupVersionKind targeting\n- [**ManagedMetric**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_managedmetrics.yaml): Specialized for monitoring Crossplane managed resources (resources with \"crossplane\" and \"managed\" categories)\n- [**FederatedMetric**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_federatedmetrics.yaml): Monitors resources across multiple clusters, aggregating data from federated sources\n- [**FederatedManagedMetric**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_federatedmanagedmetrics.yaml): Monitors Crossplane managed resources across multiple clusters\n- [**RemoteClusterAccess**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_remoteclusteraccesses.yaml): Provides access configuration for monitoring resources in remote clusters\n- [**FederatedClusterAccess**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_federatedclusteraccesses.yaml): Discovers and provides access to multiple clusters for federated monitoring\n- [**DataSink**](cmd/metrics-operator/embedded/crds/metrics.openmcp.cloud_datasinks.yaml): Defines where and how metrics data should be sent, supporting various destinations like Dynatrace\n\n## Installation\n\n### Prerequisites\n\n1. Create a namespace for the Metrics Operator.\n2. Create a DataSink resource and associated authentication secret for your metrics destination.\n\n### Deployment\n\nDeploy the Metrics Operator using the Helm chart:\n\n```bash\nhelm upgrade --install metrics-operator oci://ghcr.io/openmcp-project/charts/metrics-operator \\\n  --namespace \u003coperator-namespace\u003e \\\n  --create-namespace \\\n  --version=\u003cversion\u003e\n```\n\nReplace `\u003coperator-namespace\u003e` and `\u003cversion\u003e` with appropriate values.\n\nAfter deployment, create your DataSink configuration as described in the [DataSink Configuration](#datasink-configuration) section.\n\n## Getting Started\nYou’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.\n**Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows).\n\n### Quickstart\n\nThis project uses [Taskfile](https://taskfile.dev/) to streamline development activities. Most of the common targets are shared among other OpenMCP components using a shared [build](https://github.com/openmcp-project/build/) repository. The build repository is included as a git submodule.\n\nThis will ensure the submodule is pulled and updated to latest included revision. Some of the common tasks supported are:\n1. Clone the repository and install prerequisites (Go, Docker, kind, kubectl, task).\n2. Ensure the build submodule is initialized and updated:\n```bash\ngit submodule update --init\n```\n3. Configure your data sink by copying the configuration in [`examples/datasink/basic-datasink.yaml`](examples/datasink/basic-datasink.yaml) and modifying it to suit your environment.\n   - For example, if using Dynatrace, create a Kubernetes Secret with your API token and update the DataSink resource accordingly.\n   - The file should be placed and named like this: `examples/datasink/dynatrace-prod-setup.yaml`. (automatically excluded in [.gitignore](.gitignore))\n4. Run `task dev:local:all` to set up a local development environment.\n5. Run `task run` to start the Metrics Operator locally.\n6. Check your data sink for incoming metrics.\n\n### Common Development Tasks\nTo get a full list of the supported tasks, you can run the `task` command with no arguments. However, the most commonly used tasks are:\n\n- `task dev:local:all` – Set up a local kind cluster with all CRDs, Crossplane, and sample resources.\n- `task run` – Run the operator locally for development.\n- `task dev:clean` – Delete the local kind cluster.\n- `task test` – Run all Go tests.\n- `task generate` – Regenerate CRDs and deepcopy code after API changes.\n- `task validate:lint` – Run golangci-lint on the codebase.\n\n## Usage\n\n### Metric\n\nMetrics have additional capabilities, such as dimensions. Dimensions allow you to extract additional data from the target resource, such as fields, labels, or annotations.\nSee the [dimensions documentation](docs/dimensions-configuration.md) for a comprehensive usage overview.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: Metric\nmetadata:\n  name: metric-pod-count\nspec:\n  name: metric-pod-count\n  description: Pods\n  target:\n    kind: Pod\n    group: \"\"\n    version: v1\n  interval: \"1m\"\n  projections:\n    - name: pod-namespace\n      fieldPath: \"metadata.namespace\"\n---\n```\n\n### Managed Metric\n\nManaged metrics are used to monitor Crossplane managed resources. They automatically track resources that have the \"crossplane\" and \"managed\" categories in their CRDs. By default, they export dimensions based on `status.conditions`. Custom Dimensions are also supported. See the [dimensions documentation](docs/dimensions-configuration.md) for a comprehensive usage overview.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: ManagedMetric\nmetadata:\n  name: managed-metric\nspec:\n  name: managed-metric\n  description: Status metric created by an Operator\n  target:\n    kind: Release\n    group: helm.crossplane.io\n    version: v1beta1\n  interval: \"1m\"\n---\n```\n\n### Federated Metric\nFederated metrics deal with resources that are spread across multiple clusters. To monitor these resources, you need to define a `FederatedMetric` resource.\nThey offer capabilities to aggregate data as well as filtering down to a specific cluster or field using projections.\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: FederatedMetric\nmetadata:\n  name: xfed-prov\nspec:\n  name: xfed-prov\n  description: crossplane providers\n  target:\n    kind: Provider\n    group: pkg.crossplane.io\n    version: v1\n  interval: \"1m\"\n  projections:\n    - name: package\n      fieldPath: \"spec.package\"\n  federateClusterAccessRef:\n    name: federate-ca-sample\n    namespace: default\n---\n\n```\n\n### Federated Managed Metric\nThis is a special use case metric, it is looking at all the crossplane managed resource across all clusters.\nThe pre-condition here is that if a resource comes from a crossplane provider, its CRD should have categories \"crossplane\" and \"managed\".\n\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: FederatedManagedMetric\nmetadata:\n  name: xfed-managed\nspec:\n  name: xfed-managed\n  description: crossplane managed resources\n  interval: \"1m\"\n  federateClusterAccessRef:\n    name: federate-ca-sample\n    namespace: default\n---\n```\n\n### Default Values\n\nProjections are supporting default values. This means that if the field specified in the `fieldPath` is not present in the target resource, the projection will use the provided `default` instead. \nThis ensures that your metrics can still be generated even if some resources are missing certain fields.\nThe type of the `default` must match the type of the field specified in the `fieldPath`.\nAttention, if `fieldType` is not specified, the default type is `primitive` and the `defaultValue` will be treated as a string. \nThis can lead to issues if the field specified in the `fieldPath` is of a different type (map or slice). Therefore, it is recommended to always specify the `fieldType` when using default values.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: Metric\nmetadata:\n  name: metric-condition-healthy\nspec:\n  name: metric-condition-healthy\n  description: Healthy Kustomizations\n  target:\n    kind: TypeWithConditions\n    group: example.group\n    version: v1\n  interval: \"1m\"\n  projections:\n    - name: pod-namespace\n      fieldPath: \"status.conditions[?(@.type=='Healthy')].status\"\n      fieldType: \"primitive\"\n      default: \"unknown\"\n---\n```\n\n## Remote Cluster Access\n\n\n### Remote Cluster Access\n\nThe Metrics Operator can monitor both the cluster it's deployed in and remote clusters. To monitor a remote cluster, define a `RemoteClusterAccess` resource:\n\nThis remote cluster access resource can be used by `Metric` and `ManagedMetric` resources to monitor resources in the remote cluster.\n\nYou can configure access to a remote cluster in one of two ways:\n\n1. Access via Service Account Token (recommended for in-cluster or service mesh setups)\n\nUse this method if you want the operator to assume a service account in the remote cluster using projected tokens and cluster credentials. This allows for dynamic access for clusters using an OIDC provider.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: RemoteClusterAccess\nmetadata:\n  name: remote-cluster\n  namespace: \u003cmonitoring-namespace\u003e\nspec:\n  remoteClusterConfig:\n    clusterSecretRef:\n      name: remote-cluster-secret\n      namespace: \u003csecret-namespace\u003e\n    serviceAccountName: \u003cservice-account-name\u003e\n    serviceAccountNamespace: \u003cservice-account-namespace\u003e\n```\n`clusterSecretRef` must point to a Kubernetes Secret on the same cluster running `the metrics-operator` and contains:\n- `host`: API server endpoint of the remote cluster \n- `caData`: CA bundle of the remote cluster API (base64-encoded) \n- `audience`: Token audience to use when projecting the service account token\n\nYou will also need to setup the required [RBAC configuration](#rbac-configuration) for the service account on the remote clusters. The RBAC configuration should allow the service account to monitor the resources defined in your `Metric` resources and use the proper service account name for remote access.\n\n2. Access via Kubeconfig Secret\nUse this method if you already have a kubeconfig for the remote cluster and want to provide it directly.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: RemoteClusterAccess\nmetadata:\n  name: remote-cluster\n  namespace: \u003cmonitoring-namespace\u003e\nspec:\n  kubeConfigSecretRef:\n    name: remote-kubeconfig-secret\n    namespace: \u003csecret-namespace\u003e\n    key: kubeconfig\n```\n`kubeConfigSecretRef` points to a Kubernetes Secret that includes a valid kubeconfig under the specified `key`.\n\n### Federated Cluster Access\n\nTo monitor resources across multiple clusters, define a `FederatedClusterAccess` resource.\nThe `target` field specifies the type of resource used to discover clusters.\nThe `kubeConfigPath` field indicates where to find the kubeconfig for each cluster, relative to the discovered resource.\nThe type of field that is selected with `kubeConfigPath` can be a string or object.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: FederatedClusterAccess\nmetadata:\n  name: federate-ca-sample\n  namespace: default\nspec:\n  target:\n    kind: ControlPlane\n    group: core.orchestrate.cloud.sap\n    version: v1beta1\n  kubeConfigPath: spec.target.kubeconfig\n```\n\nInstead of `kubeConfigPath`, you can also use `kubeConfigSecretPath` to specify the path to a secret reference that contains the kubeconfig.\nThe type of field that is selected with `kubeConfigSecretPath` must be an object of type `SecretReference` that contains the name and namespace of the secret as well as the name the key of the kubeconfig.\nIf the `namespace` field is omitted, it defaults to the namespace of the discovered resource.\nIf the `key` field is omitted, it defaults to `kubeconfig`.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: FederatedClusterAccess\nmetadata:\n  name: federate-ar-sample\n  namespace: default\nspec:\n  target:\n    kind: AccessRequest\n    group: clusters.openmcp.cloud\n    version: v1alpha1\n  secretRefPath: status.secretRef\n---\napiVersion: clusters.openmcp.cloud/v1alpha1\nkind: AccessRequest\nmetadata:\n  name: example-access-request\n  namespace: default\nspec: {}\nstatus:\n  secretRef:\n    name: example-access-request.kubeconfig\n```\n\nThe targets in the `FederatedClusterAccess` resource can be further filtered using label selectors and field selectors as well as namespace scoping.\nNamespace scoping can only be applied if the target resource is namespaced.\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: FederatedClusterAccess\nmetadata:\n    name: federate-ca-filtered\n    namespace: default\nspec:\n    target:\n      kind: ControlPlane\n      group: core.orchestrate.cloud.sap\n      version: v1beta1\n    namespace: co-system\n    labelSelector: \"environment=production\"\n    fieldSelector: \"spec.region=us-west\"\n    kubeConfigPath: spec.target.kubeconfig\n```\n\n## RBAC Configuration\n\nThe Metrics Operator requires appropriate permissions to monitor the resources you specify. You need to configure RBAC (Role-Based Access Control) to grant these permissions. Here's an example of how to create a ClusterRole and ClusterRoleBinding for the Metrics Operator:\n\n```yaml\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: metrics-operator-role\nrules:\n- apiGroups:\n  - \"example.group\"\n  resources:\n  - \"exampleresources\"\n  verbs:\n  - get\n  - list\n  - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: metrics-operator-rolebinding\nsubjects:\n- kind: ServiceAccount\n  name: metrics-operator-sa\n  namespace: \u003coperator-namespace\u003e\nroleRef:\n  kind: ClusterRole\n  name: metrics-operator-role\n  apiGroup: rbac.authorization.k8s.io\n```\n\nReplace `\u003coperator-namespace\u003e` with the namespace where the Metrics Operator is deployed. Adjust the `apiGroups` and `resources` fields to match the resources you want to monitor.\n\nApply the RBAC configuration:\n\n```bash\nkubectl apply -f rbac-config.yaml\n```\n\nRemember to update this RBAC configuration whenever you add new resource types to monitor.\n\n\n## DataSink Configuration\n\nThe Metrics Operator uses DataSink custom resources to define where and how metrics data should be sent. This provides a flexible and secure way to configure data destinations.\n\n### Creating a DataSink\n\nDefine a DataSink resource to specify the connection details and authentication for your metrics destination:\nDataSink currently supports HTTP(s) and gRPC(s) endpoints.\nThe supported protocols are:\n\n* `http://` and `https://` for HTTP(S) endpoints\n* `grpc://` and `grpcs://` for gRPC(S) endpoints\n\n#### API Key Authentication\n\nDataSink supports API key authentication using Kubernetes Secrets. Below is an example of a DataSink configuration for sending metrics to Dynatrace:\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: DataSink\nmetadata:\n  name: default\n  namespace: metrics-operator-system\nspec:\n  connection:\n    endpoint: \"https://your-tenant.live.dynatrace.com/api/v2/otlp/v1/metrics\"\n  authentication:\n    apiKey:\n      secretKeyRef:\n        name: dynatrace-credentials\n        key: api-token\n```\n\n#### mTLS Certificate Authentication\n\nDataSink also supports mTLS certificate authentication using Kubernetes Secrets. Below is an example of a DataSink configuration for sending metrics to a gRPC endpoint with mTLS:\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: DataSink\nmetadata:\n  name: mtls-datasink\n  namespace: metrics-operator-system\nspec:\n  connection:\n    endpoint: \"grpcs://your-secure-endpoint.com:443\"\n  authentication:\n    certificate:\n      clientCertSecretKeyRef:\n        name: opensearch-tls-creds\n        key: client-cert\n      clientKeySecretKeyRef:\n        name: opensearch-tls-creds\n        key: client-key\n      caCertSecretKeyRef:\n        name: opensearch-tls-creds\n        key: ca-cert\n```\n\n### DataSink Specification\n\nThe `DataSinkSpec` contains the following fields:\n\n#### Connection\n- **endpoint**: The target endpoint URL where metrics will be sent\n\n#### Authentication\n- **apiKey**: API key authentication configuration\n  - **secretKeyRef**: Reference to a Kubernetes Secret containing the API key\n    - **name**: Name of the Secret\n    - **key**: Key within the Secret containing the API token\n- **certificate**: mTLS certificate authentication configuration\n  - **clientCertSecretKeyRef**: Reference to a Kubernetes Secret containing the client certificate\n    - **name**: Name of the Secret\n    - **key**: Key within the Secret containing the client certificate\n  - **clientKeySecretKeyRef**: Reference to a Kubernetes Secret containing the client private key\n    - **name**: Name of the Secret\n    - **key**: Key within the Secret containing the client private key\n  - **caCertSecretKeyRef**: Reference to a Kubernetes Secret containing the CA certificate\n    - **name**: Name of the Secret\n    - **key**: Key within the Secret containing the CA certificate\n\n### Using DataSink in Metrics\n\nAll metric types support the `dataSinkRef` field to specify which DataSink to use:\n\n```yaml\napiVersion: metrics.openmcp.cloud/v1alpha1\nkind: Metric\nmetadata:\n  name: pod-count\nspec:\n  name: \"pods.count\"\n  target:\n    kind: Pod\n    group: \"\"\n    version: v1\n  dataSinkRef:\n    name: default  # References the DataSink named \"default\"\n```\n\n### Default Behavior\n\nIf no `dataSinkRef` is specified in a metric resource, the operator will automatically use a DataSink named \"default\" in the operator's namespace. This provides backward compatibility and simplifies configuration for single data sink deployments.\n\n### Supported Metric Types\n\nThe `dataSinkRef` field is available in all metric resource types:\n\n- [`Metric`](#metric): Basic metrics for Kubernetes resources\n- [`ManagedMetric`](#managed-metric): Metrics for Crossplane managed resources\n- [`FederatedMetric`](#federated-metric): Metrics across multiple clusters\n- [`FederatedManagedMetric`](#federated-managed-metric): Managed resource metrics across multiple clusters\n\n### Examples and Detailed Documentation\n\nFor complete examples and more detailed configuration options:\n\n- See the [`examples/datasink/`](examples/datasink/) directory for practical examples\n- Read the comprehensive [DataSink Configuration Guide](docs/datasink-configuration.md) for detailed documentation\n\nThe examples directory contains:\n- Basic DataSink configuration examples\n- Examples showing DataSink usage with different metric types\n- Migration guidance from legacy configurations\n\nThe detailed guide covers:\n- Complete specification reference\n- Multiple DataSink scenarios\n- Advanced configuration options\n- Troubleshooting and best practices\n\n### Migration from Legacy Configuration\n\n**Important**: The old method of using hardcoded secret names (such as `dynatrace-credentials`) has been deprecated and removed. You must now use DataSink resources to configure your metrics destinations.\n\nTo migrate:\n1. Create a DataSink resource pointing to your existing authentication secret\n2. Update your metric resources to reference the DataSink using `dataSinkRef`\n3. Remove any hardcoded secret references from your configuration\n\n## Data Sink Integration\n\nThe Metrics Operator sends collected data to configured data sinks for storage and analysis. Data sinks (e.g., Dynatrace) provide tools for data aggregation, filtering, and visualization.\n\nTo make the most of your metrics:\n\n1. Configure your DataSink resources according to your data sink's documentation.\n2. Use the data sink's query language or UI to create custom views of your metrics.\n3. Set up alerts based on metric thresholds or patterns.\n4. Leverage the data sink's analysis tools to gain insights into your system's behavior and performance.\n\nFor specific instructions on using your data sink's features, refer to its documentation. For example, if using Dynatrace, consult the Dynatrace documentation for information on creating custom charts, setting up alerts, and performing advanced analytics on your metric data.\n\n\n## Support, Feedback, Contributing\n\nThis project is open to feature requests/suggestions, bug reports etc. via [GitHub issues](https://github.com/openmcp-project/metrics-operator/issues). Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](CONTRIBUTING.md).\n\n## Security / Disclosure\nIf you find any bug that may be a security problem, please follow our instructions at [in our security policy](https://github.com/openmcp-project/metrics-operator/security/policy) on how to report it. Please do not create GitHub issues for security-related doubts or problems.\n\n## Code of Conduct\n\nWe as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its [Code of Conduct](https://github.com/openmcp-project/.github/blob/main/CODE_OF_CONDUCT.md) at all times.\n\n## Licensing\n\nCopyright 2025 SAP SE or an SAP affiliate company and metrics-operator contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/openmcp-project/metrics-operator).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenmcp-project%2Fmetrics-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenmcp-project%2Fmetrics-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenmcp-project%2Fmetrics-operator/lists"}