argocd image updater ServiceMonitor #3815
Description
Describe the bug
I am facing issue with the current ServiceMonitor for the argocd image updater. The argocd image updater service is configured to use port 8443 with HTTPS as the metrics port. The default ServiceMonitor is not aware of this. So Prometheus tries to scrape the service with http which does not work. In the argocd image updater logs I can see the request from Prometheus:
2026/03/28 11:42:06 http: TLS handshake error from 10.42.0.151:40176
I also tested the metrics endpoint with curl:
curl 10.42.8.140:8443/metrics
Client sent an HTTP request to an HTTPS server.
I added the following to the existing ServiceMonitor spec field:
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
path: /metrics
port: metrics
scheme: https
tlsConfig:
insecureSkipVerify: true
This allows Prometheus to scrape the metrics via the HTTP port 8443 without an error. I can create a PR for the helm chart if you are interested.
Related helm chart
argocd-image-updater
Helm chart version
1.1.4
To Reproduce
- install the argocd image updater helm chart with the ServiceMonitor enable
- Wait for Prometheus to scrape the ServiceMonitor
- Observe the target is down in Prometheus
Expected behavior
Prometheus should be able to scrape the Service with the default ServiceMonitor that is created by the helm chart
Screenshots
No response
Additional context
No response