Merge pull request #8138 from ironcladlou/availability-prom-role

Allow Prometheus scraping of availability namespace

roles/openshift_monitor_availability/files/prometheus-k8s-role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: prometheus-k8s
+  namespace: openshift-monitor-availability
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: prometheus-k8s
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: openshift-monitoring

roles/openshift_monitor_availability/files/prometheus-k8s-role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: prometheus-k8s
+  namespace: openshift-monitor-availability
+rules:
+- apiGroups: [""]
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]

roles/openshift_monitor_availability/tasks/install.yaml

@@ -5,4 +5,34 @@
     name: openshift-monitor-availability
     description: Openshift availability monitoring applications.
 
+- name: Create temp directory for doing work in on target
+  command: mktemp -td openshift-monitor-availability-XXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Copy files to temp directory
+  copy:
+    src: "{{ role_path }}/files/"
+    dest: "{{ mktemp.stdout }}"
+
+- name: Copy admin client config
+  copy:
+    src: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
+    dest: "{{ mktemp.stdout }}/admin.kubeconfig"
+    remote_src: yes
+
+- name: Ensure Prometheus role exists
+  command: >
+    {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f {{ mktemp.stdout }}/prometheus-k8s-role.yaml
+
+- name: Ensure Prometheus role binding exists
+  command: >
+    {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f {{ mktemp.stdout }}/prometheus-k8s-role-binding.yaml
+
 - import_tasks: install_monitor_app_create.yaml
+
+- name: Delete temp directory
+  file:
+    name: "{{ mktemp.stdout }}"
+    state: absent
+  changed_when: False

roles/openshift_monitor_availability/tasks/install_monitor_app_create.yaml

@@ -1,20 +1,4 @@
 ---
-- name: Create temp directory for doing work in on target
-  command: mktemp -td openshift-monitor-app-create-ansible-XXXXXX
-  register: mktemp
-  changed_when: False
-
-- name: Copy files to temp directory
-  copy:
-    src: monitor-app-create.yaml
-    dest: "{{ mktemp.stdout }}/monitor-app-create.yaml"
-
-- name: Copy admin client config
-  copy:
-    src: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
-    dest: "{{ mktemp.stdout }}/admin.kubeconfig"
-    remote_src: yes
-
 - name: Apply the app template
   shell: >
     {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/monitor-app-create.yaml"
@@ -23,9 +7,3 @@
     --param TIMEOUT="{{ openshift_monitor_app_create_timeout }}"
     --param LOG_LEVEL="{{ openshift_monitor_app_create_log_level }}"
     | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -
-
-- name: Delete temp directory
-  file:
-    name: "{{ mktemp.stdout }}"
-    state: absent
-  changed_when: False