Open sfitts opened 5 years ago
This issue bit me today, I think the serviceaccount mapping doesnt work as expected. I had to add more perms to a default sa to get going (which is not ideal).
I need to catch up on the code changes, i really love the helm telegraf-ds - and i may just contribute and help to get this to a good state.
hi @sudhishkasabaramesh , can you let us know how to fix this problem with existing default service account ? I tried cluster admin role for default service account , but still i m not able to fix it.
I suggest add the serviceaccount config to the requirements documentation or maybe add yaml definition like this:
apiVersion: v1
kind: ServiceAccount
metadata:
name: telegraf-reader
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: telegraf-cluster-reader
labels:
rbac.authorization.k8s.io/aggregate-view-telegraf: "true"
rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
rules:
- nonResourceURLs: ["/stats", "/stats/*"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["persistentvolumes", "nodes", "pods", "deployments", "statefulsets", "nodes/proxy"]
verbs: ["get", "watch", "list"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: telegraf-reader-role
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-view-telegraf: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules: [] # Rules are automatically filled in by the controller manager.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: telegraf-reader-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: telegraf-reader-role
subjects:
- kind: ServiceAccount
name: telegraf-reader
namespace: default
With this config kube_inventory input plugin works fine, but kubernetes input not working... always displays this error: 2020-04-03T09:09:10Z E! [inputs.kubernetes] Error in plugin: https://kubernetes/stats/summary returned HTTP status 404 Not Found I commented this here: issues/6959#
@jmorcar have a look at https://github.com/influxdata/helm-charts/tree/master/charts/telegraf-ds
This repo (tick-charts) is replaced by helm-charts one and we fixed the daemonset deployment
Related to #77 and #92 (in fact I should have done this at the same time, but...)
This is more targeted than what #77 suggests since different configurations may want different accounts/bindings. However, without the ability to at least set the account in the daemonset, you can't make any progress.