ansible: Allow h-p to update scrape-collectd CM
The `scrape-collectd` ConfigMap in the `default` namespace is used by Victoria Metrics to identif the hosts from which it should scrape collectd metrics. When deploying new machines that are _not_ part of the Kubernetes cluster, we need to explicitly add them to this list. The _host-provisioner_ can do this with an Ansible task, but it needs the appropriate permissions to do so.pull/74/head
parent
dbbe23aaa5
commit
e51878fa92
|
|
@ -132,3 +132,38 @@ roleRef:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: host-provisioner
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: victoria-metrics
|
||||
annotations:
|
||||
kubernetes.io/description: >-
|
||||
Allows the host-provisioner to update the scrape-collectd
|
||||
ConfigMap when adding new hosts.
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- patch
|
||||
- get
|
||||
resourceNames:
|
||||
- scrape-collectd
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: host-provisioner
|
||||
namespace: victoria-metrics
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: host-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: host-provisioner
|
||||
|
|
|
|||
Loading…
Reference in New Issue