How To
      Back to home
      1. Knowledge Base | OpsLogix
      2. Kubernetes Management Pack
      3. How To

      Creating a OpenShift or OKD Monitoring Service Account

      This article shows how to create a read-only monitoring service account for the Opslogix Kubernetes Management Pack in an OpenShift or OKD environment.

      Open your OpenShift console and click the "+" button at the top of the page and paste the yaml below into the Import YAML field and click the Create button.

      # =====================================================
      # Create an opslogix read only account
      # Works on Openshift 4.0 or higher
      # =====================================================
      # This service account can be used for the monitoring
      # It has readonly permissions on all resources
      # =====================================================

      # Create Project / Namespace
      kind: Project
      apiVersion: project.openshift.io/v1
      metadata:
        name: opslogix-monitoring-project
        
      ---
      # Create a Secret
      apiVersion: v1
      kind: Secret
      metadata:
        name: opslogix-secret
        namespace: opslogix-monitoring-project
        annotations:
          kubernetes.io/service-account.name: "opslogix-monitoring-serviceaccount" 
      type: kubernetes.io/service-account-token 


      ---
      # Create Service Account
      kind: ServiceAccount
      apiVersion: v1
      metadata:
        name: opslogix-monitoring-serviceaccount
        namespace: opslogix-monitoring-project
      secrets:
        - name: opslogix-secret

      ---

      # Create readonly cluster wide Role
      kind: ClusterRole
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: opslogix-monitoring-clusterrole
        namespace: opslogix-monitoring-project
      rules:
        - verbs:
            - get
            - watch
            - list
          apiGroups:
            - '*'
          resources:
            - '*'

      ---
      # Create Cluster Role Binding for the ServiceAccount
      kind: ClusterRoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: opslogix-monitoring-clusterrolebinding
        namespace: opslogix-monitoring-project
      subjects:
        - kind: ServiceAccount
          name: opslogix-monitoring-serviceaccount
          namespace: opslogix-monitoring-project
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: opslogix-monitoring-clusterrole

       

      If all went well, the resource is successfully created.

       

      Select the Administrator section on the page.

       

      Navigate to User Management -> ServiceAccounts. Then select opslogix-monitoring from the Project drop down. Then next to opslogix-monitoring click the three dots and select Download kubeconfig file.

       

      The downloaded file can be used in the Kubernetes Management Pack configuration console to connect to the Kubernetes cluster.