From 94bfc956f43bcaec29f2fc9844b9ca4c35d72260 Mon Sep 17 00:00:00 2001
From: Rajamohan Raj <rajamohan.raj@intel.com>
Date: Thu, 18 Jun 2020 14:55:42 -0700
Subject: Integrate collectd, prometheus and grafana.

In this patch, made neccessary changes in collectd and prometheus
helm charts such that prometheus can pull data from collectd.
Prometheus GUI and Grafana GUI are verified as well.

Issue-ID: MULTICLOUD-1082
Signed-off-by: Rajamohan Raj <rajamohan.raj@intel.com>
Change-Id: I39b7e20f46aa789272be671056a76dd926701068
---
 .../prometheus-node-exporter/templates/psp.yaml    | 52 ++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100755 kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/charts/prometheus-node-exporter/templates/psp.yaml

(limited to 'kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/charts/prometheus-node-exporter/templates/psp.yaml')

diff --git a/kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/charts/prometheus-node-exporter/templates/psp.yaml b/kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/charts/prometheus-node-exporter/templates/psp.yaml
new file mode 100755
index 00000000..f00506c9
--- /dev/null
+++ b/kud/tests/vnfs/comp-app/collection/app2/helm/prometheus-operator/charts/prometheus-node-exporter/templates/psp.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.rbac.create }}
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "prometheus-node-exporter.fullname" . }}
+  namespace: {{ template "prometheus-node-exporter.namespace" . }}
+  labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  # allowPrivilegeEscalation: false
+  # This is redundant with non-root + disallow privilege escalation,
+  # but we can provide it for defense in depth.
+  #requiredDropCapabilities:
+  #  - ALL
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    - 'persistentVolumeClaim'
+    - 'hostPath'
+  hostNetwork: true
+  hostIPC: false
+  hostPID: true
+  hostPorts:
+    - min: 0
+      max: 65535
+  runAsUser:
+    # Permits the container to run with root privileges as well.
+    rule: 'RunAsAny'
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 0
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 0
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
-- 
cgit 1.2.3-korg