From 85d6c48f9869318115ea12b30eff77f29bbe4076 Mon Sep 17 00:00:00 2001 From: prune Date: Thu, 26 Jul 2018 14:58:12 -0400 Subject: [PATCH 1/6] allow creation of role and rolebindings for other namespaces in jsonnet --- docs/monitoring-other-namespaces.md | 28 +++++++++++++++ .../prometheus/prometheus.libsonnet | 36 +++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 docs/monitoring-other-namespaces.md diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md new file mode 100644 index 00000000..c1ee7ae7 --- /dev/null +++ b/docs/monitoring-other-namespaces.md @@ -0,0 +1,28 @@ +# Monitoring other Kubernetes Namespaces +This guide will help you monitor applications in other Namespaces, which is only enabled for the `Default` Namespace during Install. + +# Setup +You have to give the list of the Namespaces that you want to be able to monitor. +This is done in the variable `prometheus.roleSpecificNamespaces`. You usually set this in your `.jsonnet` file when building the manifests. + +Ex to create the needed `Role` and `Rolebindig` for the Namespace `foo` : +``` +local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { + _config+:: { + namespace: 'monitoring', + + prometheus+:: { + roleSpecificNamespaces: ["foo"], + }, + }, +}; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +``` \ No newline at end of file diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index e84986f5..d4010d5b 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -21,6 +21,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; replicas: 2, rules: {}, renderedRules: {}, + roleSpecificNamespaces: [], }, }, @@ -65,6 +66,20 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), + roleBindingSpecificNamespace: + local roleBinding = k.rbac.v1.roleBinding; + + local newSpecificRoleBinding(namespace) = + roleBinding.new() + + roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + + roleBinding.mixin.metadata.withNamespace(namespace) + + roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + + roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + + roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: namespace }]); + + local roleBindigList = k.rbac.v1.roleBindingList; + roleBindigList.new([newSpecificRoleBinding(x) for x in $._config.prometheus.roleSpecificNamespaces]), clusterRole: local clusterRole = k.rbac.v1.clusterRole; local policyRule = clusterRole.rulesType; @@ -163,6 +178,27 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + role.mixin.metadata.withNamespace('default') + role.withRules(coreRule), + roleSpecificNamespace: + local role = k.rbac.v1.role; + local policyRule = role.rulesType; + local coreRule = policyRule.new() + + policyRule.withApiGroups(['']) + + policyRule.withResources([ + 'nodes', + 'services', + 'endpoints', + 'pods', + ]) + + policyRule.withVerbs(['get', 'list', 'watch']); + + local newSpecificRole(namespace) = + role.new() + + role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + + role.mixin.metadata.withNamespace(namespace) + + role.withRules(coreRule); + + local roleList = k.rbac.v1.roleList; + roleList.new([newSpecificRole(x) for x in $._config.prometheus.roleSpecificNamespaces]), roleBindingKubeSystem: local roleBinding = k.rbac.v1.roleBinding; From 88f79258f50632eb5d061470e416474b3cece513 Mon Sep 17 00:00:00 2001 From: prune Date: Fri, 27 Jul 2018 07:05:42 -0400 Subject: [PATCH 2/6] replaced default namespaces rbac rules by a loop --- docs/monitoring-other-namespaces.md | 4 +- .../prometheus/prometheus.libsonnet | 86 +------------------ 2 files changed, 3 insertions(+), 87 deletions(-) diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md index c1ee7ae7..56c72062 100644 --- a/docs/monitoring-other-namespaces.md +++ b/docs/monitoring-other-namespaces.md @@ -1,5 +1,5 @@ # Monitoring other Kubernetes Namespaces -This guide will help you monitor applications in other Namespaces, which is only enabled for the `Default` Namespace during Install. +This guide will help you monitor applications in other Namespaces. By default the RBAC rules are only enabled for the `Default` and `kube-system` Namespace during Install. # Setup You have to give the list of the Namespaces that you want to be able to monitor. @@ -12,7 +12,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { namespace: 'monitoring', prometheus+:: { - roleSpecificNamespaces: ["foo"], + namespaces: ["default", "kube-system","foo"], }, }, }; diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index d4010d5b..375a8b70 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -21,7 +21,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; replicas: 2, rules: {}, renderedRules: {}, - roleSpecificNamespaces: [], + namespaces: ["default", "kube-system",$._config.namespace], }, }, @@ -56,16 +56,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; groups: $._config.prometheus.rules.groups, }, }, - roleBindingDefault: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.metadata.withNamespace('default') + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), roleBindingSpecificNamespace: local roleBinding = k.rbac.v1.roleBinding; @@ -123,16 +113,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name + '-config') + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleBindingNamespace: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.metadata.withNamespace($._config.namespace) + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), clusterRoleBinding: local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; @@ -142,42 +122,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; clusterRoleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleKubeSystem: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'nodes', - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - role.mixin.metadata.withNamespace('kube-system') + - role.withRules(coreRule), - roleDefault: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'nodes', - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - role.mixin.metadata.withNamespace('default') + - role.withRules(coreRule), roleSpecificNamespace: local role = k.rbac.v1.role; local policyRule = role.rulesType; @@ -199,34 +143,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; local roleList = k.rbac.v1.roleList; roleList.new([newSpecificRole(x) for x in $._config.prometheus.roleSpecificNamespaces]), - roleBindingKubeSystem: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.metadata.withNamespace('kube-system') + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleNamespace: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'nodes', - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - role.mixin.metadata.withNamespace($._config.namespace) + - role.withRules(coreRule), prometheus: local container = k.core.v1.pod.mixin.spec.containersType; local resourceRequirements = container.mixin.resourcesType; From 20ec197cd443556cbbae5556668d15dff95fbb26 Mon Sep 17 00:00:00 2001 From: prune Date: Fri, 27 Jul 2018 07:47:03 -0400 Subject: [PATCH 3/6] set right variable name --- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 375a8b70..330a022e 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -69,7 +69,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: namespace }]); local roleBindigList = k.rbac.v1.roleBindingList; - roleBindigList.new([newSpecificRoleBinding(x) for x in $._config.prometheus.roleSpecificNamespaces]), + roleBindigList.new([newSpecificRoleBinding(x) for x in $._config.prometheus.namespaces]), clusterRole: local clusterRole = k.rbac.v1.clusterRole; local policyRule = clusterRole.rulesType; @@ -142,7 +142,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; role.withRules(coreRule); local roleList = k.rbac.v1.roleList; - roleList.new([newSpecificRole(x) for x in $._config.prometheus.roleSpecificNamespaces]), + roleList.new([newSpecificRole(x) for x in $._config.prometheus.namespaces]), prometheus: local container = k.core.v1.pod.mixin.spec.containersType; local resourceRequirements = container.mixin.resourcesType; From fc382e15cd01788d9d5c53c51369aad55750df14 Mon Sep 17 00:00:00 2001 From: prune Date: Fri, 27 Jul 2018 07:48:17 -0400 Subject: [PATCH 4/6] allow creation of role and rolebindings for other namespaces in jsonnet replaced default namespaces rbac rules by a loop set right variable name --- docs/monitoring-other-namespaces.md | 28 ++++++ .../prometheus/prometheus.libsonnet | 94 +++++-------------- 2 files changed, 51 insertions(+), 71 deletions(-) create mode 100644 docs/monitoring-other-namespaces.md diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md new file mode 100644 index 00000000..56c72062 --- /dev/null +++ b/docs/monitoring-other-namespaces.md @@ -0,0 +1,28 @@ +# Monitoring other Kubernetes Namespaces +This guide will help you monitor applications in other Namespaces. By default the RBAC rules are only enabled for the `Default` and `kube-system` Namespace during Install. + +# Setup +You have to give the list of the Namespaces that you want to be able to monitor. +This is done in the variable `prometheus.roleSpecificNamespaces`. You usually set this in your `.jsonnet` file when building the manifests. + +Ex to create the needed `Role` and `Rolebindig` for the Namespace `foo` : +``` +local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { + _config+:: { + namespace: 'monitoring', + + prometheus+:: { + namespaces: ["default", "kube-system","foo"], + }, + }, +}; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +``` \ No newline at end of file diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index e84986f5..330a022e 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -21,6 +21,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; replicas: 2, rules: {}, renderedRules: {}, + namespaces: ["default", "kube-system",$._config.namespace], }, }, @@ -55,16 +56,20 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; groups: $._config.prometheus.rules.groups, }, }, - roleBindingDefault: + roleBindingSpecificNamespace: local roleBinding = k.rbac.v1.roleBinding; - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.metadata.withNamespace('default') + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), + local newSpecificRoleBinding(namespace) = + roleBinding.new() + + roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + + roleBinding.mixin.metadata.withNamespace(namespace) + + roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + + roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + + roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: namespace }]); + + local roleBindigList = k.rbac.v1.roleBindingList; + roleBindigList.new([newSpecificRoleBinding(x) for x in $._config.prometheus.namespaces]), clusterRole: local clusterRole = k.rbac.v1.clusterRole; local policyRule = clusterRole.rulesType; @@ -108,16 +113,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name + '-config') + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleBindingNamespace: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.metadata.withNamespace($._config.namespace) + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), clusterRoleBinding: local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; @@ -127,10 +122,9 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; clusterRoleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleKubeSystem: + roleSpecificNamespace: local role = k.rbac.v1.role; local policyRule = role.rulesType; - local coreRule = policyRule.new() + policyRule.withApiGroups(['']) + policyRule.withResources([ @@ -140,57 +134,15 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; 'pods', ]) + policyRule.withVerbs(['get', 'list', 'watch']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - role.mixin.metadata.withNamespace('kube-system') + - role.withRules(coreRule), - roleDefault: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'nodes', - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - role.mixin.metadata.withNamespace('default') + - role.withRules(coreRule), - roleBindingKubeSystem: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.metadata.withNamespace('kube-system') + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleNamespace: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'nodes', - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + - role.mixin.metadata.withNamespace($._config.namespace) + - role.withRules(coreRule), + + local newSpecificRole(namespace) = + role.new() + + role.mixin.metadata.withName('prometheus-' + $._config.prometheus.name) + + role.mixin.metadata.withNamespace(namespace) + + role.withRules(coreRule); + + local roleList = k.rbac.v1.roleList; + roleList.new([newSpecificRole(x) for x in $._config.prometheus.namespaces]), prometheus: local container = k.core.v1.pod.mixin.spec.containersType; local resourceRequirements = container.mixin.resourcesType; From 64f3e5def945672a63efc338ff7a4cbf74777b2f Mon Sep 17 00:00:00 2001 From: prune Date: Tue, 31 Jul 2018 14:49:13 -0400 Subject: [PATCH 5/6] added newline in doc file --- docs/monitoring-other-namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md index 56c72062..2e5289c4 100644 --- a/docs/monitoring-other-namespaces.md +++ b/docs/monitoring-other-namespaces.md @@ -25,4 +25,4 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } -``` \ No newline at end of file +``` From facf7cc0e1dd4cc52a7dbba1879226c453009b39 Mon Sep 17 00:00:00 2001 From: prune Date: Wed, 1 Aug 2018 07:35:28 -0400 Subject: [PATCH 6/6] minor update as requested in PR --- docs/monitoring-other-namespaces.md | 2 +- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md index 2e5289c4..8327ed02 100644 --- a/docs/monitoring-other-namespaces.md +++ b/docs/monitoring-other-namespaces.md @@ -5,7 +5,7 @@ This guide will help you monitor applications in other Namespaces. By default th You have to give the list of the Namespaces that you want to be able to monitor. This is done in the variable `prometheus.roleSpecificNamespaces`. You usually set this in your `.jsonnet` file when building the manifests. -Ex to create the needed `Role` and `Rolebindig` for the Namespace `foo` : +Example to create the needed `Role` and `Rolebindig` for the Namespace `foo` : ``` local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { _config+:: { diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 330a022e..026acad0 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -56,7 +56,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; groups: $._config.prometheus.rules.groups, }, }, - roleBindingSpecificNamespace: + roleBindingSpecificNamespaces: local roleBinding = k.rbac.v1.roleBinding; local newSpecificRoleBinding(namespace) = @@ -122,7 +122,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; clusterRoleBinding.mixin.roleRef.withName('prometheus-' + $._config.prometheus.name) + clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + $._config.prometheus.name, namespace: $._config.namespace }]), - roleSpecificNamespace: + roleSpecificNamespaces: local role = k.rbac.v1.role; local policyRule = role.rulesType; local coreRule = policyRule.new() +