This article shows how to create a read-only monitoring service account for the Opslogix Kubernetes Management Pack in an OpenShift or OKD environment.
Open your OpenShift console and click the "+" button at the top of the page and paste the yaml below into the Import YAML field and click the Create button.
# =====================================================
# Create an opslogix read only account
# Works on Openshift 4.0 or higher
# =====================================================
# This service account can be used for the monitoring
# It has readonly permissions on all resources
# =====================================================
# Create Project / Namespace
kind: Project
apiVersion: project.openshift.io/v1
metadata:
name: opslogix-monitoring-project
---
# Create a Secret
apiVersion: v1
kind: Secret
metadata:
name: opslogix-secret
namespace: opslogix-monitoring-project
annotations:
kubernetes.io/service-account.name: "opslogix-monitoring-serviceaccount"
type: kubernetes.io/service-account-token
---
# Create Service Account
kind: ServiceAccount
apiVersion: v1
metadata:
name: opslogix-monitoring-serviceaccount
namespace: opslogix-monitoring-project
secrets:
- name: opslogix-secret
---
# Create readonly cluster wide Role
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: opslogix-monitoring-clusterrole
namespace: opslogix-monitoring-project
rules:
- verbs:
- get
- watch
- list
apiGroups:
- '*'
resources:
- '*'
---
# Create Cluster Role Binding for the ServiceAccount
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: opslogix-monitoring-clusterrolebinding
namespace: opslogix-monitoring-project
subjects:
- kind: ServiceAccount
name: opslogix-monitoring-serviceaccount
namespace: opslogix-monitoring-project
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: opslogix-monitoring-clusterrole
If all went well, the resource is successfully created.
Select the Administrator section on the page.
Navigate to User Management -> ServiceAccounts. Then select opslogix-monitoring from the Project drop down. Then next to opslogix-monitoring click the three dots and select Download kubeconfig file.
The downloaded file can be used in the Kubernetes Management Pack configuration console to connect to the Kubernetes cluster.