Fixed issue of prometheus throwing unauthorized rbac error.
Change-Id: I984bf637bf464803c35bfb32bf09b2974fec9053
Issue-ID: ONAPARC-506
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
{{- if .Values.commonLabels}}
{{ toYaml .Values.commonLabels }}
{{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
+
+
+{{/* Create the name of prometheus service account to use */}}
+{{- define "prometheus.serviceAccountName" -}}
+{{- if .Values.prometheus.serviceAccount.create -}}
+ {{ default (include "prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.prometheus.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
"helm.sh/hook": post-install
"helm.sh/hook-weight": "2"
spec:
+ serviceAccountName: {{ template "prometheus.serviceAccountName" . }}
serviceMonitorSelector:
matchLabels:
app: {{ template "prometheus.name" . }}-prometheus
--- /dev/null
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "prometheus.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
\ No newline at end of file
--- /dev/null
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "prometheus.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "prometheus.fullname" . }}-prometheus
+subjects:
+- kind: ServiceAccount
+ name: {{ template "prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
--- /dev/null
+{{- if .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "prometheus.serviceAccountName" . }}
+ labels:
+ app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{- end }}
## Deploy a Prometheus instance
##
prometheus:
+ serviceAccount:
+ create: true
+ name: ""
additionalServiceMonitors:
- name: service-monitor-collectd
additionalLabels: