diff options
author | Scott Dodson <sdodson@redhat.com> | 2017-07-26 10:29:11 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-26 10:29:11 -0400 |
commit | 7e7998b8b9c10e334f5afb2e8e752e0efbd3e9ea (patch) | |
tree | 201ceaf4593548f8aa10ad470d2006eb7ab9b321 /roles | |
parent | 0c350dcc7d06d62be5ba3a8e468dff85cdd96dd7 (diff) | |
parent | 50178243765a15416263ffcd10d711293231dc02 (diff) | |
download | openshift-7e7998b8b9c10e334f5afb2e8e752e0efbd3e9ea.tar.gz openshift-7e7998b8b9c10e334f5afb2e8e752e0efbd3e9ea.tar.bz2 openshift-7e7998b8b9c10e334f5afb2e8e752e0efbd3e9ea.tar.xz openshift-7e7998b8b9c10e334f5afb2e8e752e0efbd3e9ea.zip |
Merge pull request #4855 from mwringe/hawkular-namespace-listener-update
Metrics: grant hawkular namespace listener role
Diffstat (limited to 'roles')
3 files changed, 41 insertions, 1 deletions
diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml index e050c8eb2..1304ab8b5 100644 --- a/roles/openshift_metrics/tasks/generate_rolebindings.yaml +++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml @@ -13,3 +13,27 @@ - kind: ServiceAccount name: hawkular changed_when: no + +- name: generate hawkular-metrics cluster role binding for the hawkular service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-rolebinding.yaml" + vars: + cluster: True + obj_name: hawkular-namespace-watcher + labels: + metrics-infra: hawkular + roleRef: + kind: ClusterRole + name: hawkular-metrics + subjects: + - kind: ServiceAccount + name: hawkular + namespace: "{{openshift_metrics_project}}" + changed_when: no + +- name: generate the hawkular cluster role + template: + src: hawkular_metrics_role.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml" + changed_when: no diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml index 9a5d52eb6..403b1252c 100644 --- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -6,7 +6,7 @@ command: > {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found --selector=metrics-infra - all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings + all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings,clusterrole register: delete_metrics changed_when: delete_metrics.stdout != 'No resources found' @@ -16,4 +16,5 @@ delete --ignore-not-found rolebinding/hawkular-view clusterrolebinding/heapster-cluster-reader + clusterrolebinding/hawkular-metrics changed_when: delete_metrics.stdout != 'No resources found' diff --git a/roles/openshift_metrics/templates/hawkular_metrics_role.j2 b/roles/openshift_metrics/templates/hawkular_metrics_role.j2 new file mode 100644 index 000000000..6c9dbf5d6 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_metrics_role.j2 @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ClusterRole +metadata: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - get + - watch |