docs (k8s): Add Prometheus ServiceMonitor section for Console on K8s

[david-yu]

Summary

• Adds a new Prometheus ServiceMonitor subsection under the existing Monitoring section of the Console Kubernetes deploy page
• Documents the monitoring.enabled, monitoring.scrapeInterval, and monitoring.labels Helm values introduced in Add ServiceMonitor for admin metrics in console chart redpanda-operator#1280
• Covers standalone Console chart and Redpanda subchart usage, plus TLS behavior

Relates to redpanda-data/redpanda-operator#1056

Test plan

• Verify the new section renders correctly on the docs site
• Confirm Helm value names and defaults match the operator PR

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for redpanda-docs-preview ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	4b05f0e
🔍 Latest deploy log	https://app.netlify.com/projects/redpanda-docs-preview/deploys/69bdd8e45360e00008a521e0
😎 Deploy Preview	https://deploy-preview-1628--redpanda-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation was added to the Kubernetes deployment guide specifying how to configure Prometheus Operator ServiceMonitor for Redpanda Console. The update documents Helm configuration values under monitoring (enabled, scrapeInterval, labels) with defaults, covers both standalone and subchart deployment scenarios, and describes TLS configuration when config.server.tls.enabled is enabled.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is missing required template sections: JIRA ticket link, review deadline, page previews, and proper checkbox format. Only partial content is provided.	Add the missing required sections from the template: Resolves link with JIRA ticket, review deadline, page previews with the Netlify preview URL, and properly formatted checkboxes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding documentation for Prometheus ServiceMonitor configuration for Console on Kubernetes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

modules/deploy/pages/console/kubernetes/deploy.adoc (1)

430-437: Clarify subchart configuration for all monitoring keys

This example only shows console.monitoring.enabled, which can read as if scrapeInterval and labels are unavailable for subchart usage. Please include a full nested example to avoid misconfiguration.

✏️ Suggested doc tweak

 console:
   monitoring:
     enabled: true
+    scrapeInterval: "30s"
+    labels:
+      release: kube-prometheus-stack

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/deploy/pages/console/kubernetes/deploy.adoc` around lines 430 - 437,
The snippet only shows console.monitoring.enabled and may imply other keys
aren't available; update the documentation example for the `console` subchart to
show the full nested monitoring block including `enabled`, `scrapeInterval`, and
`labels` (and any other monitoring-related keys used by Console), e.g., expand
the YAML under `console.monitoring` to include `scrapeInterval: "30s"` and a
`labels:` map with typical prometheus labels so readers can copy a complete
subchart configuration; edit the example around the `console` key and ensure you
reference `console.monitoring.enabled`, `console.monitoring.scrapeInterval`, and
`console.monitoring.labels` to make all supported options explicit.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/deploy/pages/console/kubernetes/deploy.adoc`:
- Line 439: The doc line incorrectly claims the ServiceMonitor includes TLS
certificate and key file paths; update the sentence about ServiceMonitor/TLS to
say that when config.server.tls.enabled: true and monitoring is enabled, the
ServiceMonitor uses HTTPS and its tlsConfig only contains server-validation
fields (insecureSkipVerify, caFile, ca, serverName) for CA/server validation—not
client certificate/key paths—so remove any mention of client cert/key and
explicitly call out that this is server-side validation only.

---

Nitpick comments:
In `@modules/deploy/pages/console/kubernetes/deploy.adoc`:
- Around line 430-437: The snippet only shows console.monitoring.enabled and may
imply other keys aren't available; update the documentation example for the
`console` subchart to show the full nested monitoring block including `enabled`,
`scrapeInterval`, and `labels` (and any other monitoring-related keys used by
Console), e.g., expand the YAML under `console.monitoring` to include
`scrapeInterval: "30s"` and a `labels:` map with typical prometheus labels so
readers can copy a complete subchart configuration; edit the example around the
`console` key and ensure you reference `console.monitoring.enabled`,
`console.monitoring.scrapeInterval`, and `console.monitoring.labels` to make all
supported options explicit.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0f18d634-a4bc-42a9-99dc-e883f336510b

📥 Commits

Reviewing files that changed from the base of the PR and between 4230c3f and 4b05f0e.

📒 Files selected for processing (1)

• modules/deploy/pages/console/kubernetes/deploy.adoc

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In the redpanda-data/redpanda-operator Console chart (including PR #1280), when config.server.tls.enabled=trueandmonitoring.enabled=true, what exact ServiceMonitor.spec.endpoints[].tlsConfigfields are rendered? Does it includecertFileandkeyFile, or only HTTPS scheme / CA-related fields?

💡 Result:

In the redpanda-data/redpanda-operator Console chart (charts/console), when config.server.tls.enabled=true and monitoring.enabled=true, the ServiceMonitor.spec.endpoints[].tlsConfig includes only HTTPS scheme and CA-related fields (insecureSkipVerify, caFile, ca, serverName), not certFile and keyFile (client certificate authentication fields). PR #1280 likely added or enhanced this TLS support for the Console ServiceMonitor, similar to PR #750 in the main redpanda chart which explicitly added tlsConfig with scheme: https when TLS is enabled, enableHttp2, and CA config.

Citations:

• 1: https://docs.redpanda.com/current/reference/k-console-helm-spec/
• 2: [redpanda] Add tlsConfig for ServiceMonitor helm-charts#750
• 3: https://github.com/redpanda-data/redpanda-operator
• 4: https://pkg.go.dev/github.com/redpanda-data/redpanda-operator/charts/redpanda/v5

---

Correct the TLS scrape configuration description

The statement is inaccurate. When config.server.tls.enabled: true and monitoring is enabled, the ServiceMonitor's tlsConfig includes only HTTPS scheme and CA-related fields (insecureSkipVerify, caFile, ca, serverName)—not client certificate and key file paths. Update the documentation to reflect that TLS configuration covers server-side validation, not client certificate authentication.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/deploy/pages/console/kubernetes/deploy.adoc` at line 439, The doc
line incorrectly claims the ServiceMonitor includes TLS certificate and key file
paths; update the sentence about ServiceMonitor/TLS to say that when
config.server.tls.enabled: true and monitoring is enabled, the ServiceMonitor
uses HTTPS and its tlsConfig only contains server-validation fields
(insecureSkipVerify, caFile, ca, serverName) for CA/server validation—not client
certificate/key paths—so remove any mention of client cert/key and explicitly
call out that this is server-side validation only.