diff options
author | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2019-06-13 00:26:10 -0700 |
---|---|---|
committer | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2019-06-13 00:26:10 -0700 |
commit | e7cf41ad23960f23c03a553f62f5d710054ede23 (patch) | |
tree | cdc6c1d6b0a5079f7c166a69ad03d68d229228f3 | |
parent | 9610eedd1351ede91d417412740b2560525a1fab (diff) |
Add RBAC for prometheus instance
Fixed issue of prometheus throwing unauthorized rbac error.
Change-Id: I984bf637bf464803c35bfb32bf09b2974fec9053
Issue-ID: ONAPARC-506
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
6 files changed, 64 insertions, 1 deletions
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl index 1ac77dd8..17b7e7bd 100644 --- a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl +++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl @@ -44,4 +44,14 @@ heritage: {{ .Release.Service | quote }} {{- if .Values.commonLabels}} {{ toYaml .Values.commonLabels }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} + + +{{/* Create the name of prometheus service account to use */}} +{{- define "prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml index 9c3d84c2..27c97d10 100644 --- a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml +++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml @@ -7,6 +7,7 @@ metadata: "helm.sh/hook": post-install "helm.sh/hook-weight": "2" spec: + serviceAccountName: {{ template "prometheus.serviceAccountName" . }} serviceMonitorSelector: matchLabels: app: {{ template "prometheus.name" . }}-prometheus diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml new file mode 100644 index 00000000..dfb932d8 --- /dev/null +++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "prometheus.fullname" . }}-prometheus + labels: + app: {{ template "prometheus.name" . }}-prometheus +{{ include "prometheus.labels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + - services + - endpoints + - pods + verbs: + - get + - list + - watch
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml new file mode 100644 index 00000000..04932ee1 --- /dev/null +++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "prometheus.fullname" . }}-prometheus + labels: + app: {{ template "prometheus.name" . }}-prometheus +{{ include "prometheus.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "prometheus.fullname" . }}-prometheus +subjects: +- kind: ServiceAccount + name: {{ template "prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml new file mode 100644 index 00000000..82437523 --- /dev/null +++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "prometheus.serviceAccountName" . }} + labels: + app: {{ template "prometheus.name" . }}-prometheus +{{ include "prometheus.labels" . | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml index 4398f52f..f0c11921 100644 --- a/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml +++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml @@ -1,6 +1,9 @@ ## Deploy a Prometheus instance ## prometheus: + serviceAccount: + create: true + name: "" additionalServiceMonitors: - name: service-monitor-collectd additionalLabels: |