Add RBAC for prometheus instance

author Dileep Ranganathan <dileep.ranganathan@intel.com>

Thu, 13 Jun 2019 07:26:10 +0000 (00:26 -0700)

committer Dileep Ranganathan <dileep.ranganathan@intel.com>

Thu, 13 Jun 2019 07:26:10 +0000 (00:26 -0700)
author Dileep Ranganathan <dileep.ranganathan@intel.com>
Thu, 13 Jun 2019 07:26:10 +0000 (00:26 -0700)
committer Dileep Ranganathan <dileep.ranganathan@intel.com>
Thu, 13 Jun 2019 07:26:10 +0000 (00:26 -0700)
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl

index 1ac77dd..17b7e7b 100644 (file)
--- a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl
@@ -44,4 +44,14 @@ heritage: {{ .Release.Service | quote }}
  {{- if .Values.commonLabels}}
  {{ toYaml .Values.commonLabels }}
  {{- end }}
-{{- end }}
-\ No newline at end of file
+{{- end }}
+
+
+{{/* Create the name of prometheus service account to use */}}
+{{- define "prometheus.serviceAccountName" -}}
+{{- if .Values.prometheus.serviceAccount.create -}}
+    {{ default (include "prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.prometheus.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+\ No newline at end of file
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml

index 9c3d84c..27c97d1 100644 (file)
--- a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml
@@ -7,6 +7,7 @@ metadata:
    "helm.sh/hook": post-install
    "helm.sh/hook-weight": "2"
  spec:
+  serviceAccountName: {{ template "prometheus.serviceAccountName" . }}
    serviceMonitorSelector:
      matchLabels:
        app: {{ template "prometheus.name" . }}-prometheus
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml

new file mode 100644 (file)

index 0000000..dfb932d
--- /dev/null
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "prometheus.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+\ No newline at end of file
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml

new file mode 100644 (file)

index 0000000..04932ee
--- /dev/null
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "prometheus.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "prometheus.fullname" . }}-prometheus
+subjects:
+- kind: ServiceAccount
+  name: {{ template "prometheus.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+\ No newline at end of file
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml

new file mode 100644 (file)

index 0000000..8243752
--- /dev/null
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "prometheus.serviceAccountName" . }}
+  labels:
+    app: {{ template "prometheus.name" . }}-prometheus
+{{ include "prometheus.labels" . | indent 4 }}
+imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{- end }}
diff --git a/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml b/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml

index 4398f52..f0c1192 100644 (file)
--- a/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml
+++ b/vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml
@@ -1,6 +1,9 @@
  ## Deploy a Prometheus instance
  ##
  prometheus:
+  serviceAccount:
+    create: true
+    name: ""
    additionalServiceMonitors:
      - name: service-monitor-collectd
        additionalLabels:
author	Dileep Ranganathan <dileep.ranganathan@intel.com>
	Thu, 13 Jun 2019 07:26:10 +0000 (00:26 -0700)
committer	Dileep Ranganathan <dileep.ranganathan@intel.com>
	Thu, 13 Jun 2019 07:26:10 +0000 (00:26 -0700)
vnfs/DAaaS/deploy/collection/charts/prometheus/templates/_helpers.tpl		patch \| blob \| history
vnfs/DAaaS/deploy/collection/charts/prometheus/templates/prometheus.yaml		patch \| blob \| history
vnfs/DAaaS/deploy/collection/charts/prometheus/templates/role.yaml	[new file with mode: 0644]	patch \| blob
vnfs/DAaaS/deploy/collection/charts/prometheus/templates/rolebinding.yaml	[new file with mode: 0644]	patch \| blob
vnfs/DAaaS/deploy/collection/charts/prometheus/templates/serviceaccount.yaml	[new file with mode: 0644]	patch \| blob
vnfs/DAaaS/deploy/collection/charts/prometheus/values.yaml		patch \| blob \| history