Closed sfitts closed 3 years ago
Here only is applied serviceaccount call in chart... but the complete serviceaccount creation where is it? Only use a call to serviceaccount in yaml deployment is not sufficient, and documentation chart not include any of that.
I refer to ClusterRole , ClusterRolebinding etc... like this
apiVersion: v1
kind: ServiceAccount
metadata:
name: telegraf-reader
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: telegraf-cluster-reader
labels:
rbac.authorization.k8s.io/aggregate-view-telegraf: "true"
rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
rules:
- nonResourceURLs: ["/stats", "/stats/*"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["persistentvolumes", "nodes", "pods", "deployments", "statefulsets", "nodes/proxy"]
verbs: ["get", "watch", "list"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: telegraf-reader-role
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-view-telegraf: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules: [] # Rules are automatically filled in by the controller manager.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: telegraf-reader-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: telegraf-reader-role
subjects:
- kind: ServiceAccount
name: telegraf-reader
namespace: default
I am using this config with kube_inventory plugin is fine, but with kubernetes input not working... I think is related with rbac definitions or maybe kubernetes plugin problem. I comment this in issues/6959#
An example of role definitions. If were possible to standardize a complete definition on template charts incluying that, for the almost kubernetes plugins.. or indicating in values.yaml how to add rules , verbs to rolebindings, this would complete the installation chart for kubernetes monitoring.
@jmorcar have a look at https://github.com/influxdata/helm-charts/tree/master/charts/telegraf-ds
This repo (tick-charts) is replaced by helm-charts one and we fixed the daemonset deployment
This is the same change from #92 applied to the telegraf-ds chart.
Fixes #105