x/browbeat
Code Issues Proposed changes
browbeat/ansible/install/roles/collectd-rhoso/files/collectd_deploy.yaml
rajeshP524 37c46dcdc9 Add RabbitMQ monitoring for RHOSO controlplane 
Change-Id: I6085017463567589e990c85243c3aca2efa19cae
2024-09-17 14:16:38 +05:30

186 lines
4.6 KiB
YAML
Raw Blame History

apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: collectd-scc
allowHostNetwork: true
allowHostPID: true
allowHostDirVolumePlugin: true
allowPrivilegedContainer: true
allowPrivilegeEscalation: true
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
fsGroup:
type: RunAsAny
supplementalGroups:
type: RunAsAny
volumes:
- hostPath
- configMap
- secret
- persistentVolumeClaim
users:
- system:serviceaccount:ospperf:collectd-sa
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: collectd-sa
namespace: ospperf
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pod-exec
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pod-exec-binding
subjects:
- kind: ServiceAccount
name: collectd-sa
namespace: ospperf
roleRef:
kind: ClusterRole
name: pod-exec
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: osp-controlplane-collectd
namespace: ospperf
labels:
app: ospcp-collectd
spec:
replicas: 3
selector:
matchLabels:
app: ospcp-collectd
template:
metadata:
labels:
app: ospcp-collectd
spec:
serviceAccountName: collectd-sa
hostNetwork: true
hostPID: true
containers:
- name: ospcp-collectd
image: quay.io/masco/collecd-rhoso-ocp
command:
- "/bin/bash"
- "/entrypoint.sh"
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/pki/rabbitmq/tls/certs/rabbitmq.crt
name: rabbitmq-tls
readOnly: true
subPath: tls.crt
- mountPath: /etc/pki/rabbitmq/tls/private/rabbitmq.key
name: rabbitmq-tls
readOnly: true
subPath: tls.key
- mountPath: /etc/pki/rabbitmq/tls/certs/rabbitmqca.crt
name: rabbitmq-tls
readOnly: true
subPath: ca.crt
- mountPath: /etc/pki/ovnsb/tls/certs/ovndb.crt
name: ovsdbserver-sb-tls-certs
readOnly: true
subPath: tls.crt
- mountPath: /etc/pki/ovnsb/tls/private/ovndb.key
name: ovsdbserver-sb-tls-certs
readOnly: true
subPath: tls.key
- mountPath: /etc/pki/ovnsb/tls/certs/ovndbca.crt
name: ovsdbserver-sb-tls-certs
readOnly: true
subPath: ca.crt
- mountPath: /etc/pki/ovnnb/tls/certs/ovndb.crt
name: ovsdbserver-nb-tls-certs
readOnly: true
subPath: tls.crt
- mountPath: /etc/pki/ovnnb/tls/private/ovndb.key
name: ovsdbserver-nb-tls-certs
readOnly: true
subPath: tls.key
- mountPath: /etc/pki/ovnnb/tls/certs/ovndbca.crt
name: ovsdbserver-nb-tls-certs
readOnly: true
subPath: ca.crt
- name: varlogpods
mountPath: "/var/log/pods"
- name: varlogcontainer
mountPath: "/var/log/containers"
- name: config-files
mountPath: "/etc/config"
- name: entrypoint-script
mountPath: "/entrypoint.sh"
subPath: "entrypoint.sh"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
envFrom:
- configMapRef:
name: collectd-env-vars
volumes:
- name: rabbitmq-tls
secret:
defaultMode: 256
secretName: cert-rabbitmq-svc
- name: ovsdbserver-sb-tls-certs
secret:
defaultMode: 256
secretName: cert-ovndbcluster-sb-ovndbs
- name: ovsdbserver-nb-tls-certs
secret:
defaultMode: 256
secretName: cert-ovndbcluster-nb-ovndbs
- name: config-files
configMap:
name: collectd-configs
- name: entrypoint-script
configMap:
name: collectd-entrypoint
- name: varlogcontainer
hostPath:
path: "/var/log/containers"
type: Directory
- name: varlogpods
hostPath:
path: "/var/log/pods"
type: Directory
nodeSelector:
node-role.kubernetes.io/worker: ""
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ospcp-collectd
topologyKey: "kubernetes.io/hostname"
View Git Blame Copy Permalink