diff --git a/cluster/core/rook-ceph/kustomization.yaml b/cluster/core/rook-ceph/kustomization.yaml index 346ed5776..e200aafda 100644 --- a/cluster/core/rook-ceph/kustomization.yaml +++ b/cluster/core/rook-ceph/kustomization.yaml @@ -5,3 +5,4 @@ resources: - operator - cluster - rook-direct-mount + - monitoring diff --git a/cluster/core/rook-ceph/monitoring/kustomization.yaml b/cluster/core/rook-ceph/monitoring/kustomization.yaml new file mode 100644 index 000000000..bb8f49686 --- /dev/null +++ b/cluster/core/rook-ceph/monitoring/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml + - servicemonitor.yaml diff --git a/cluster/core/rook-ceph/monitoring/rbac.yaml b/cluster/core/rook-ceph/monitoring/rbac.yaml new file mode 100644 index 000000000..d9cf61eee --- /dev/null +++ b/cluster/core/rook-ceph/monitoring/rbac.yaml @@ -0,0 +1,109 @@ +--- +# OLM: BEGIN ROLE +# Aspects for creation of monitoring resources +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-ceph-monitor + namespace: rook-ceph +rules: + - apiGroups: + - monitoring.coreos.com + resources: + - "*" + verbs: + - "*" +# OLM: END ROLE +--- +# OLM: BEGIN ROLE BINDING +# Allow creation of monitoring resources +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-ceph-monitor + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-monitor +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: rook-ceph +# OLM: END ROLE BINDING +--- +# OLM: BEGIN ROLE +# Aspects for metrics collection +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-ceph-metrics + namespace: rook-ceph +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch +# OLM: END ROLE +--- +# OLM: BEGIN ROLE BINDING +# Allow collection of metrics +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-ceph-metrics + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-metrics +subjects: + - kind: ServiceAccount + # change to the serviceaccount and namespace to use for monitoring + name: prometheus-k8s + namespace: rook-ceph +# OLM: END ROLE BINDING +--- +# OLM: BEGIN ROLE +# Allow management of monitoring resources in the mgr +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-ceph-monitor-mgr + namespace: rook-ceph +rules: + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - list + - create + - update +# OLM: END ROLE +--- +# OLM: BEGIN ROLE BINDING +# Allow creation of monitoring resources in the mgr +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-ceph-monitor-mgr + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-monitor-mgr +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: rook-ceph +# OLM: END ROLE BINDING +--- + diff --git a/cluster/core/rook-ceph/monitoring/servicemonitor.yaml b/cluster/core/rook-ceph/monitoring/servicemonitor.yaml new file mode 100644 index 000000000..cb4b8f61d --- /dev/null +++ b/cluster/core/rook-ceph/monitoring/servicemonitor.yaml @@ -0,0 +1,43 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: rook-ceph-mgr + namespace: rook-ceph + labels: + team: rook +spec: + namespaceSelector: + matchNames: + - rook-ceph + selector: + matchLabels: + app: rook-ceph-mgr + rook_cluster: rook-ceph + ceph_daemon_id: a + endpoints: + - port: http-metrics + path: /metrics + interval: 5s +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: csi-metrics + namespace: rook-ceph + labels: + team: rook +spec: + namespaceSelector: + matchNames: + - rook-ceph + selector: + matchLabels: + app: csi-metrics + endpoints: + - port: csi-http-metrics + path: /metrics + interval: 5s + # comment csi-grpc-metrics realated information if csi grpc metrics is not enabled + - port: csi-grpc-metrics + path: /metrics + interval: 5s