easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

set up authorization for blackbox-exporter

Browse Source
This commit is contained in:
PÁLFALVI Tamás
2020-12-26 13:14:40 +01:00
parent 66aca04688
commit dcd99f7d68
5 changed files with 72 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet
View File

@@ -106,6 +106,44 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet';
}, },
}, },
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: 'blackbox-exporter',
},
rules: [
{
apiGroups: ['authentication.k8s.io'],
resources: ['tokenreviews'],
verbs: ['create'],
},
{
apiGroups: ['authorization.k8s.io'],
resources: ['subjectaccessreviews'],
verbs: ['create'],
},
],
},
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
name: 'blackbox-exporter',
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'blackbox-exporter',
},
subjects: [{
kind: 'ServiceAccount',
name: 'blackbox-exporter',
namespace: $._config.namespace,
}],
},
deployment: { deployment: {
apiVersion: 'apps/v1', apiVersion: 'apps/v1',
kind: 'Deployment', kind: 'Deployment',
@@ -206,6 +244,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet';
}, },
spec: { spec: {
endpoints: [{ endpoints: [{
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
interval: '30s', interval: '30s',
path: '/metrics', path: '/metrics',
port: 'http', port: 'http',

2
kustomization.yaml
View File

@@ -6,6 +6,8 @@ resources:
- ./manifests/alertmanager-service.yaml - ./manifests/alertmanager-service.yaml
- ./manifests/alertmanager-serviceAccount.yaml - ./manifests/alertmanager-serviceAccount.yaml
- ./manifests/alertmanager-serviceMonitor.yaml - ./manifests/alertmanager-serviceMonitor.yaml
- ./manifests/blackbox-exporter-clusterRole.yaml
- ./manifests/blackbox-exporter-clusterRoleBinding.yaml
- ./manifests/blackbox-exporter-configuration.yaml - ./manifests/blackbox-exporter-configuration.yaml
- ./manifests/blackbox-exporter-deployment.yaml - ./manifests/blackbox-exporter-deployment.yaml
- ./manifests/blackbox-exporter-service.yaml - ./manifests/blackbox-exporter-service.yaml

17
manifests/blackbox-exporter-clusterRole.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: blackbox-exporter
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

12
manifests/blackbox-exporter-clusterRoleBinding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: blackbox-exporter
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: blackbox-exporter
subjects:
- kind: ServiceAccount
name: blackbox-exporter
namespace: monitoring

3
manifests/blackbox-exporter-serviceMonitor.yaml
View File

@@ -8,7 +8,8 @@ metadata:
namespace: monitoring namespace: monitoring
spec: spec:
endpoints: endpoints:
- interval: 30s - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
path: /metrics path: /metrics
port: http port: http
scheme: https scheme: https