New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding RBAC support in kubernetes config (V2) #694
Merged
Merged
Changes from 15 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
349cf70
Adding RBAC support in kubernetes config
2f0c2a5
Enable metric test in k8s
simon-mo 18ebf02
Pass namespace to yaml templates, update API call
simon-mo d3fea27
Use RbacAuthorizationV1beta1Api
simon-mo 964d522
Merge branch 'develop' into k8s/prom-rbac
simon-mo 0f89976
Fix python k8s api
simon-mo 11b2394
Pass in svc account to deployment
simon-mo 50dbf75
Use latest minikube
simon-mo a29ae25
Revert "Use latest minikube"
simon-mo 8b213ad
Merge branch 'develop' into k8s/prom-rbac
3be80de
Merge branch 'develop' into k8s/prom-rbac
simon-mo c0d1c8b
use default service account for prom
rkooo567 6c98955
Merge branch 'develop' into k8s/prom-rbac
rkooo567 b50a88e
clean up
rkooo567 36d1740
Deleting cluster role instead of namespaced role
rkooo567 fd27d40
removed service_account_name from start_prom
rkooo567 b7d675a
Merge branch 'develop' into k8s/prom-rbac
rkooo567 File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletions
23
clipper_admin/clipper_admin/kubernetes/rbac_cluster_role.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRole | ||
metadata: | ||
labels: | ||
ai.clipper.container.label: {{ cluster_name }} | ||
ai.clipper.name: prom-cluster-role | ||
name: {{cluster_name}}-prometheus | ||
rules: | ||
- apiGroups: [""] | ||
resources: | ||
- nodes | ||
- nodes/proxy | ||
- services | ||
- endpoints | ||
- pods | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: | ||
- extensions | ||
resources: | ||
- ingresses | ||
verbs: ["get", "list", "watch"] | ||
- nonResourceURLs: ["/metrics"] | ||
verbs: ["get"] |
15 changes: 15 additions & 0 deletions
15
clipper_admin/clipper_admin/kubernetes/rbac_cluster_role_binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
labels: | ||
ai.clipper.container.label: {{ cluster_name }} | ||
ai.clipper.name: prom-cluster-role-binding | ||
name: {{cluster_name}}-prometheus | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{cluster_name}}-prometheus | ||
subjects: | ||
- kind: ServiceAccount | ||
name: default | ||
namespace: {{ namespace }} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't find
service_account_name
in prom_deployment.yaml.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, I decided to use
default
as prom_deployment service account becauseI will delete this line.