[Strimzi] prometheus without clusterrole
Jakub Scholz
jakub at scholz.cz
Thu Feb 15 16:49:21 UTC 2018
Hi Marcel,
As you said, the configuration we use is reading the pods to find the
metrics endpoints. That is why it needs the cluster-reader role (which as
long as you are fine with staying in single namespace) doesn't have to be a
cluster role - role would be sufficient. And to bind the role to the
service account you need the admin rights.
The Prometheus deployment is more or less only as an example to play with.
I'm afraid we are not really the right Prometheus experts to suggest the
best configuration of Prometheus it self. So it is possible that it can be
done in a better way. But I have no clue.
Thanks & Regards
Jakub
On Thu, Feb 15, 2018 at 2:05 PM, Marcel Hild <mhild at redhat.com> wrote:
> Hi,
> I'm experimenting with prometheus monitoring kafka.
> In your setup you need admin access to the cluster to read which pods to
> scrape from (I guess)
>
> oc login -u system:admin
> oc create sa prometheus-server
> oc adm policy add-cluster-role-to-user cluster-reader
> system:serviceaccount:${NAMESPACE}:prometheus-server
>
> Is there a way to deploy this in a setting, where I dont have admin access
> to the cluster?
>
> thanks
> marcel
>
> _______________________________________________
> Strimzi mailing list
> Strimzi at redhat.com
> https://www.redhat.com/mailman/listinfo/strimzi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/strimzi/attachments/20180215/c1d74414/attachment.htm>
More information about the Strimzi
mailing list