Prometheus scrape config secret not updated when enabling TLS

[pschichtel]

Expected Behavior

When enabling TLS (in my case using requestAutoCert), then the operator should update scrape target in the scrape config to use the correct scheme (http -> https) and correct port (80 -> 443).

Current Behavior

The config is not being updated if it exists. Deleting the config will eventually resolve the issue as the operator recreates the secret with the correct contents.

Possible Solution

operator/pkg/controller/prometheus.go

Lines 105 to 132 in ea9299f

	} else {
	var scrapeConfigs []configmaps.ScrapeConfig
	err := yaml.Unmarshal(secret.Data[miniov2.PrometheusAddlScrapeConfigKey], &scrapeConfigs)
	if err != nil {
	return err
	}
	// Check if the scrape config is already present
	hasScrapeConfig := false
	for _, sc := range scrapeConfigs {
	if sc.JobName == tenant.PrometheusOperatorAddlConfigJobName() {
	hasScrapeConfig = true
	break
	}
	}
	if !hasScrapeConfig {
	klog.Infof("Adding MinIO tenant Prometheus scrape config")
	scrapeConfigs = append(scrapeConfigs, promCfg.ScrapeConfigs...)
	scrapeCfgYaml, err := yaml.Marshal(scrapeConfigs)
	if err != nil {
	return err
	}
	secret.Data[miniov2.PrometheusAddlScrapeConfigKey] = scrapeCfgYaml
	_, err = c.kubeClientSet.CoreV1().Secrets(ns).Update(ctx, secret, metav1.UpdateOptions{})
	if err != nil {
	return err
	}
	}
	}

seems to check that the secret exists and that it contains a scrape config, but it doesn't seem to compare the config contents with what is expected.

Steps to Reproduce (for bugs)

1. Setup a new tenant without TLS and with promtheusOperator enabled
2. Enable TLS

Context

I enabled TLS, requestAutoCert specifically, while setting up KES, which made that a lot simpler. My ingress controller does TLS termination, that's why I previously didn't need TLS internally.

[pschichtel]

The same happens when changing the admin password