Update docs

Sohamdg081992 · web-flow · commit ec3b2a1db36d · 2024-06-12T18:07:14.000-07:00
diff --git a/articles/azure-monitor/containers/prometheus-metrics-scrape-configuration.md b/articles/azure-monitor/containers/prometheus-metrics-scrape-configuration.md
@@ -466,12 +466,9 @@ metric_relabel_configs:
 
 If you are using `basic_auth` setting in your prometheus configuration, please follow the steps -
 
-Below is an example of creating a secret.
-
-1. Create a secret object in the **kube-system** namespace named **ama-metrics-mtls-secret**. Inside the secret object , you can specify as many number of secret values under data section and name them how ever you want.
-   Each secret name-value pair specified in the data section of the secret object will be mounted as a seperate file in this /etc/prometheus/certs  location with filename(s) same as key(s) specified in the data section.
-   The secret values should be base64 encoded before putting them under the data section.
+1. Create a secret in the **kube-system** namespace named **ama-metrics-mtls-secret**
 
+The value for password1 is **base64encoded**
 The key *password1* can be anything, but just needs to match your scrapeconfig *password_file* filepath.
 
 ```yaml
@@ -500,26 +497,17 @@ Scraping targets using basic auth is currently not supported using pod/service m
 
 ---
 
+If you are using both basic auth and tls auth, please refer to the [section](#create-secret-using-yaml-for-both-basic-and-tls-auth) below.
+For more details, refer to the [note section](#note-section).
+
+
 ### TLS based scraping
 
 If you have a Prometheus instance served with TLS and you want to scrape metrics from it, you need to set scheme to `https` and set the TLS settings in your configmap or respective CRD. 
 Please follow the below steps.
 
-1. Create a secret object using the TLS certificate in the **kube-system** namespace named **ama-metrics-mtls-secret**. Inside the secret object , you can specify as many number of secret values under data section and name them how ever you want.
-   Each secret name-value pair specified in the data section of the secret object will be mounted as a seperate file in this /etc/prometheus/certs  location with filename(s) same as key(s) specified in the data section.
-   The secret values should be base64 encoded before putting them under the data section, in case of creating secret with YAML as shown below.
-
-   ### [Create secret with command for CRD based scraping](#tab/CommandSecretCRD)
-   Below is an example command for creating a secret using the TLS self-signed certificate, in case of CRD based scraping. Please make sure that the secret object is created using the file naming format exactly as in the example below, in case of a CRD based scraping.
-     ```console
-    kubectl create secret generic ama-metrics-mtls-secret --from-file=secret_kube-system_ama-metrics-mtls-secret_<certfile>=secret_kube-system_ama-metrics-mtls-secret_<certfile> --from-file=secret_kube-system_ama-metrics-mtls-secret_<keyfile>=secret_kube-system_ama-metrics-mtls-secret_<keyfile> -n kube-system
-    ```
-   ### [Create secret with command for Configmap based scraping](#tab/CommandSecretConfigmap)
-   Below is an example command for creating a secret using the TLS self-signed certificate, in case of config map based scraping. 
-     ```console
-    kubectl create secret generic ama-metrics-mtls-secret --from-file=<certfile>=<certfile> --from-file=<keyfile>=<keyfile> -n kube-system
-    ```   
-   ### [Create secret using YAML](#tab/YAMLSecret) 
+1. Create a secret in the kube-system namespace named ama-metrics-mtls-secret. Each key-value pair specified in the data section of the secret object will be mounted as a seperate file in this /etc/prometheus/certs location with filename(s) same as key(s) specified in the data section. The secret values should be base64 encoded before putting them under the    data section, like below.
+
    Below is an example of creating secret through YAML. 
 
    ```yaml
@@ -534,24 +522,6 @@ Please follow the below steps.
      <keyfile>: base64_key_content 
    ```
    
-   ### [Create secret using YAML for both basic and Tls auth](#tab/YAMLSecretBasicTls) 
-
-   If you want to use both basic and Tls authentication settings in your configmap/CRD, just make sure that the secret **ama-metrics-mtls-secret** includes all the files(keys) under the data section with their corresponding base 64 encoded values, as shown below.
-   
-   ```yaml
-   apiVersion: v1
-   kind: Secret
-   metadata:
-     name: ama-metrics-mtls-secret
-     namespace: kube-system
-   type: Opaque
-   data:
-     certfile: base64_cert_content    # used for Tls
-     keyfile: base64_key_content      # used for Tls
-     password1: base64-encoded-string # used for basic auth
-     password2: base64-encoded-string # used for basic auth
-   ```yaml
-   
 ---
       
    The **ama-metrics-mtls-secret** secret is mounted on to the ama-metrics containers at path - **/etc/prometheus/certs/**  and is made available to the process that is scraping prometheus metrics. The key( ex - certfile) in the above example will be the file name and the value is base64 decoded and added to the contents of the file within the container and    the prometheus scraper uses the contents of this file to get the value that is used as the password used to scrape the endpoint.
@@ -570,27 +540,51 @@ Please follow the below steps.
        key_file: /etc/prometheus/certs/<keyfile>
        insecure_skip_verify: false
    ```
+
 ### [Scrape Config using CRD(Pod/Service Monitor)](#tab/CRDScrapeConfigTLSAuth)
 
    - To provide the TLS config setting in a CRD(Pod/Service Monitor), please follow the below example.
    
    ```yaml
-   tlsConfig:
-       ca:
-           secret:
-           key: "<certfile>" # since it is self-signed
-           name: "ama-metrics-mtls-secret"
-       cert:
-           secret:
-           key: "<certfile>"
-           name: "ama-metrics-mtls-secret"
-       keySecret:
-           key: "<keyfile>"
-           name: "ama-metrics-mtls-secret"
-       insecureSkipVerify: false
+    tlsConfig:
+      ca:
+        secret:
+          key: "<certfile>" # since it is self-signed
+          name: "ama-metrics-mtls-secret"
+      cert:
+        secret:
+          key: "<certfile>"
+          name: "ama-metrics-mtls-secret"
+      keySecret:
+          key: "<keyfile>"
+          name: "ama-metrics-mtls-secret"
+      insecureSkipVerify: false
    ```
 
 ---
+
+   
+### Create secret using YAML for both basic and Tls auth
+
+   If you want to use both basic and Tls authentication settings in your configmap/CRD, just make sure that the secret **ama-metrics-mtls-secret** includes all the files(keys) under the data section with their corresponding base 64 encoded values, as shown below.
+   
+   ```yaml
+
+   apiVersion: v1
+   kind: Secret
+   metadata:
+     name: ama-metrics-mtls-secret
+     namespace: kube-system
+   type: Opaque
+   data:
+     certfile: base64_cert_content    # used for Tls
+     keyfile: base64_key_content      # used for Tls
+     password1: base64-encoded-string # used for basic auth
+     password2: base64-encoded-string # used for basic auth
+
+   ```yaml
+
+<a name="note-section"></a>
 > [!NOTE]
 > 
 > The **/etc/prometheus/certs/** path is mandatory, but *password1* can be any string and needs to match the key for the data in the secret created above. This is because the secret **ama-metrics-mtls-secret** is mounted in the path **/etc/prometheus/certs/** within the container.
