summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDileep Ranganathan <dileep.ranganathan@intel.com>2019-06-13 00:26:10 -0700
committerDileep Ranganathan <dileep.ranganathan@intel.com>2019-06-13 00:26:10 -0700
commite7cf41ad23960f23c03a553f62f5d710054ede23 (patch)
treecdc6c1d6b0a5079f7c166a69ad03d68d229228f3
parent9610eedd1351ede91d417412740b2560525a1fab (diff)
Add RBAC for prometheus instance
Fixed issue of prometheus throwing unauthorized rbac error. Change-Id: I984bf637bf464803c35bfb32bf09b2974fec9053 Issue-ID: ONAPARC-506 Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
-rw-r--r--vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl12
-rw-r--r--vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml1
-rw-r--r--vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml21
-rw-r--r--vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml17
-rw-r--r--vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml11
-rw-r--r--vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml3
6 files changed, 64 insertions, 1 deletions
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl
index 1ac77dd8..17b7e7bd 100644
--- a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl
@@ -44,4 +44,14 @@ heritage: {{ .Release.Service | quote }}
{{- if .Values.commonLabels}}
{{ toYaml .Values.commonLabels }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
+
+
+{{/* Create the name of prometheus service account to use */}}
+{{- define "prometheus.serviceAccountName" -}}
+{{- if .Values.prometheus.serviceAccount.create -}}
+ {{ default (include "prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.prometheus.serviceAccount.name }}
+{{- end -}}
+{{- end -}} \ No newline at end of file
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml
index 9c3d84c2..27c97d10 100644
--- a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml
@@ -7,6 +7,7 @@ metadata:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "2"
spec:
+ serviceAccountName: {{ template "prometheus.serviceAccountName" . }}
serviceMonitorSelector:
matchLabels:
app: {{ template "prometheus.name" . }}-prometheus
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml
new file mode 100644
index 00000000..dfb932d8
--- /dev/null
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "prometheus.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - list
+ - watch \ No newline at end of file
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml
new file mode 100644
index 00000000..04932ee1
--- /dev/null
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "prometheus.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "prometheus.fullname" . }}-prometheus
+subjects:
+- kind: ServiceAccount
+ name: {{ template "prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }} \ No newline at end of file
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml
new file mode 100644
index 00000000..82437523
--- /dev/null
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "prometheus.serviceAccountName" . }}
+ labels:
+ app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{- end }}
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml
index 4398f52f..f0c11921 100644
--- a/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml
@@ -1,6 +1,9 @@
## Deploy a Prometheus instance
##
prometheus:
+ serviceAccount:
+ create: true
+ name: ""
additionalServiceMonitors:
- name: service-monitor-collectd
additionalLabels: