summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormwringe <mwringe@redhat.com>2017-07-24 17:32:20 -0400
committermwringe <mwringe@redhat.com>2017-07-24 17:32:20 -0400
commit50178243765a15416263ffcd10d711293231dc02 (patch)
tree24381a8124d0fcdf638da2db49fb247b993da69d
parente0c91bffc7a7b918a1ee81ec54f0b25c2e6c9590 (diff)
downloadopenshift-50178243765a15416263ffcd10d711293231dc02.tar.gz
openshift-50178243765a15416263ffcd10d711293231dc02.tar.bz2
openshift-50178243765a15416263ffcd10d711293231dc02.tar.xz
openshift-50178243765a15416263ffcd10d711293231dc02.zip
Metrics: grant hawkular namespace listener role
-rw-r--r--roles/openshift_metrics/tasks/generate_rolebindings.yaml24
-rw-r--r--roles/openshift_metrics/tasks/uninstall_metrics.yaml3
-rw-r--r--roles/openshift_metrics/templates/hawkular_metrics_role.j215
3 files changed, 41 insertions, 1 deletions
diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml
index e050c8eb2..1304ab8b5 100644
--- a/roles/openshift_metrics/tasks/generate_rolebindings.yaml
+++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml
@@ -13,3 +13,27 @@
- kind: ServiceAccount
name: hawkular
changed_when: no
+
+- name: generate hawkular-metrics cluster role binding for the hawkular service account
+ template:
+ src: rolebinding.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-rolebinding.yaml"
+ vars:
+ cluster: True
+ obj_name: hawkular-namespace-watcher
+ labels:
+ metrics-infra: hawkular
+ roleRef:
+ kind: ClusterRole
+ name: hawkular-metrics
+ subjects:
+ - kind: ServiceAccount
+ name: hawkular
+ namespace: "{{openshift_metrics_project}}"
+ changed_when: no
+
+- name: generate the hawkular cluster role
+ template:
+ src: hawkular_metrics_role.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml"
+ changed_when: no
diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml
index 9a5d52eb6..403b1252c 100644
--- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml
+++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml
@@ -6,7 +6,7 @@
command: >
{{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
delete --ignore-not-found --selector=metrics-infra
- all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings
+ all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings,clusterrole
register: delete_metrics
changed_when: delete_metrics.stdout != 'No resources found'
@@ -16,4 +16,5 @@
delete --ignore-not-found
rolebinding/hawkular-view
clusterrolebinding/heapster-cluster-reader
+ clusterrolebinding/hawkular-metrics
changed_when: delete_metrics.stdout != 'No resources found'
diff --git a/roles/openshift_metrics/templates/hawkular_metrics_role.j2 b/roles/openshift_metrics/templates/hawkular_metrics_role.j2
new file mode 100644
index 000000000..6c9dbf5d6
--- /dev/null
+++ b/roles/openshift_metrics/templates/hawkular_metrics_role.j2
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ClusterRole
+metadata:
+ name: hawkular-metrics
+ labels:
+ metrics-infra: hawkular-metrics
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - list
+ - get
+ - watch