Skip to content

Commit

Permalink
Create our own token for prometheus-stf SA
Browse files Browse the repository at this point in the history
* In OCP 4.16, these are no long created by default
  • Loading branch information
csibbitt committed Jul 24, 2024
1 parent f815e2c commit 97aa182
Showing 1 changed file with 13 additions and 16 deletions.
29 changes: 13 additions & 16 deletions roles/servicetelemetry/tasks/component_scrapeconfig.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
- name: Look up prometheus-stf SA to get auth secret name
k8s_info:
api_version: v1
kind: ServiceAccount
namespace: '{{ ansible_operator_meta.namespace }}'
name: prometheus-stf
register: service_account

- name: Look up auth secret to get token secret name
k8s_info:
api_version: v1
kind: Secret
namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ service_account.resources[0].secrets[0].name }}'
register: auth_secret
- name: Create an access token for prometheus-stf to use in scrapeconfigs
k8s:
state: '{{ "present" if servicetelemetry_vars.backends.metrics.prometheus.enabled else "absent" }}'
definition:
apiVersion: v1
kind: Secret
metadata:
name: prometheus-stf-token
namespace: '{{ ansible_operator_meta.namespace }}'
annotations:
kubernetes.io/service-account.name: prometheus-stf
type: kubernetes.io/service-account-token

- name: Create SG-specific Scrape Config manifest
set_fact:
Expand All @@ -28,7 +25,7 @@
authorization:
type: bearer
credentials:
name: '{{ auth_secret.resources[0].metadata.annotations['openshift.io/token-secret.name'] }}'
name: prometheus-stf-token
key: token
metricRelabelings:
- action: labeldrop
Expand Down

0 comments on commit 97aa182

Please sign in to comment.