Skip to content
This repository has been archived by the owner on Jan 5, 2022. It is now read-only.

Allow setting of service account for telegraf-ds #105

Open
sfitts opened this issue Jul 2, 2019 · 4 comments
Open

Allow setting of service account for telegraf-ds #105

sfitts opened this issue Jul 2, 2019 · 4 comments

Comments

@sfitts
Copy link
Contributor

sfitts commented Jul 2, 2019

Related to #77 and #92 (in fact I should have done this at the same time, but...)

This is more targeted than what #77 suggests since different configurations may want different accounts/bindings. However, without the ability to at least set the account in the daemonset, you can't make any progress.
sfitts added a commit to Vantiq/tick-charts that referenced this issue Jul 2, 2019
@sfitts
Allow service account to be set for Telegraf-DS
c05f35c 
Fixes influxdata#105
@sfitts sfitts mentioned this issue Jul 2, 2019
Closed
Open
@skrsfix
Copy link

skrsfix commented Dec 31, 2019

This issue bit me today, I think the serviceaccount mapping doesnt work as expected. I had to add more perms to a default sa to get going (which is not ideal).

I need to catch up on the code changes, i really love the helm telegraf-ds - and i may just contribute and help to get this to a good state.

@KannappanSomu
Copy link

hi @sudhishkasabaramesh , can you let us know how to fix this problem with existing default service account ? I tried cluster admin role for default service account , but still i m not able to fix it.

@jmorcar
Copy link

jmorcar commented Apr 3, 2020
edited
Loading

I suggest add the serviceaccount config to the requirements documentation or maybe add yaml definition like this:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: telegraf-reader
  namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: telegraf-cluster-reader
  labels:
    rbac.authorization.k8s.io/aggregate-view-telegraf: "true"
    rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
rules:
  - nonResourceURLs: ["/stats", "/stats/*"]
    verbs: ["get", "watch", "list"]
  - apiGroups: [""]
    resources: ["persistentvolumes", "nodes", "pods", "deployments", "statefulsets", "nodes/proxy"]
    verbs: ["get", "watch", "list"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: telegraf-reader-role
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
    - matchLabels:
        rbac.authorization.k8s.io/aggregate-view-telegraf: "true"
    - matchLabels:
        rbac.authorization.k8s.io/aggregate-to-view: "true"
rules: [] # Rules are automatically filled in by the controller manager.
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: telegraf-reader-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: telegraf-reader-role
subjects:
  - kind: ServiceAccount
    name: telegraf-reader
    namespace: default

With this config kube_inventory input plugin works fine, but kubernetes input not working... always displays this error:
2020-04-03T09:09:10Z E! [inputs.kubernetes] Error in plugin: https://kubernetes/stats/summary returned HTTP status 404 Not Found
I commented this here: issues/6959#

@nsteinmetz
Copy link

@jmorcar have a look at https://github.com/influxdata/helm-charts/tree/master/charts/telegraf-ds

This repo (tick-charts) is replaced by helm-charts one and we fixed the daemonset deployment

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow service account to be set for Telegraf-DS Vantiq/tick-charts
5 participants
@nsteinmetz @sfitts @jmorcar @skrsfix @KannappanSomu