Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix PodMonitor rbac #960

Merged
merged 2 commits into from Sep 27, 2021
Merged

Fix PodMonitor rbac #960

merged 2 commits into from Sep 27, 2021

Conversation

fedepaol
Copy link
Member

When using metallb in combination with the prometheus operator, we need to grant prometheus permission to read the pods.
Here, we fix that by creating the required role / rolebinding.

On top of that, a new prometheus-operator.yaml manifest is created under manifests to allow the same configuration when deploying from manifests.

@fedepaol
Helm Chart: add prometheus permissions for pod monitor
6a40d6a 
In order for prometheus to be able to scrape the metallb endpoints, we
need to provide the right set of permissions.
Here we change the podmonitor template adding the permissions, making
both the prometheus service account and the prometheus namespace
configurable.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
@fedepaol
Add manifests to expose metrics to the prometheus operator
7224325 
In order to allow prometheus to scrape the endpoints of both the speaker
and the controller, we add a manifest containing the two PodMonitor
instances and the permissions needed by the operator to be able to
access those pods.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
@fedepaol
Copy link
Member Author

cc @gclawes

@russellb
Copy link
Collaborator

lgtm, and confirmed with @fedepaol that he was able to test the helm changes

@russellb russellb merged commit 280d4dc into metallb:main Sep 27, 2021
paulfantom
paulfantom reviewed Oct 31, 2021
View reviewed changes
manifests/prometheus-operator.yaml
Comment on lines +1 to +29
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: metallb-controller
spec:
selector:
matchLabels:
component: controller
namespaceSelector:
matchNames:
- metallb-system
podMetricsEndpoints:
- port: monitoring
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: metallb-speaker
spec:
selector:
matchLabels:
component: speaker
namespaceSelector:
matchNames:
- metallb-system
podMetricsEndpoints:
- port: monitoring
path: /metrics
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the following selector allows reducing this to a single PodMonitor object:

  selector:
    matchLabels:
      app: metallb

Full example: https://github.com/thaum-xyz/ankhmorpork/blob/master/base/metallb-system/config/podmonitor.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulfantom paulfantom paulfantom left review comments

@daxmc99 daxmc99 Awaiting requested review from daxmc99

@johananl johananl Awaiting requested review from johananl

@rata rata Awaiting requested review from rata

@russellb russellb Awaiting requested review from russellb russellb is a code owner

@gclawes gclawes Awaiting requested review from gclawes gclawes is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fedepaol @russellb @paulfantom