Add an option to enable Prometheus with real certificates

While the install scripts do not enable Prometheus integration by default, solutions running upstream may want to use and enable it with Prometheus. This addition offers a way for upstream users to understand how to properly configure Prometheus using real certificates.

At the very least, it serves as documentation and provides an option for those installing from source who want to implement secure Prometheus integration.

Author: camilamacedo86

config/base/prometheus/kustomization.yaml

@@ -1,2 +1,11 @@
 resources:
 - monitor.yaml
+
+# [PROMETHEUS WITH CERTMANAGER] The following patch configures the ServiceMonitor in ../prometheus
+# to securely reference certificates created and managed by cert-manager.
+# Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml
+# to mount the "metrics-server-cert" secret in the Manager Deployment.
+patches:
+  - path: patches/monitor_tls_patch.yaml
+    target:
+      kind: ServiceMonitor

config/base/prometheus/paches/monitor_tls_patch.yaml

@@ -0,0 +1,22 @@
+# Patch for Prometheus ServiceMonitor to enable secure TLS configuration
+# using certificates managed by cert-manager
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - tlsConfig:
+        insecureSkipVerify: false
+        ca:
+          secret:
+            name: olmv1-ca
+            key: ca.crt
+        cert:
+          secret:
+            name: olmv1-ca
+            key: olm-ca.crt
+        keySecret:
+          name: olmv1-ca
+          key: ca.crt