Merge pull request #9428 from rook/mergify/bp/release-1.8/pr-9388

helm: add optional monitoring RBAC to operator chart (backport #9388)
rook · Dec 14, 2021 · 69178d3 · 69178d3
2 parents df6167d + 5ca0e75
commit 69178d3
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 1 deletion.
diff --git a/Documentation/ceph-upgrade.md b/Documentation/ceph-upgrade.md
@@ -319,6 +319,12 @@ step to upgrade the Prometheus RBAC resources as well.
 kubectl apply -f deploy/examples/monitoring/rbac.yaml
 ```
 
+If you use the `rook-ceph` operator Helm chart, you should also add `monitoring.enabled` to
+your Helm values with two caveats:
+- this is unnecessary if you deploy monitoring RBAC from `deploy/examples/monitoring/rbac.yaml`
+- this is unnecessary if you use `rook-ceph-cluster` charts exclusively outside of the `rook-ceph`
+  operator namespace.
+
 ### **2. Update Ceph CSI versions**
 
 > Automatically updated if you are upgrading via the helm chart

diff --git a/Documentation/helm-operator.md b/Documentation/helm-operator.md
@@ -148,6 +148,7 @@ The following tables lists the configurable parameters of the rook-operator char
 | `admissionController.tolerations`   | Array of tolerations in YAML format which will be added to admission controller deployment.                                 | <none>                                                    |
 | `admissionController.nodeAffinity`  | The node labels for affinity of the admission controller deployment (***)                                                   | <none>                                                    |
 | `allowMultipleFilesystems`          | **(experimental in  Octopus (v15))** Allows multiple filesystems to be deployed to a Ceph cluster.                          | `false`                                                   |
+| `monitoring.enabled`                | Create necessary RBAC rules for Rook to integrate with Prometheus monitoring in the operator namespace. Requires Prometheus to be pre-installed. | `false` |
 
 &ast; &ast; &ast; `nodeAffinity` and `*NodeAffinity` options should have the format `"role=storage,rook; storage=ceph"` or `storage=;role=rook-example` or `storage=;` (_checks only for presence of key_)
 

diff --git a/deploy/charts/library/templates/_cluster-monitoring.tpl b/deploy/charts/library/templates/_cluster-monitoring.tpl
@@ -4,7 +4,6 @@ These should be scoped to the namespace where the CephCluster is located.
 */}}
 
 {{- define "library.cluster.monitoring.roles" -}}
-# ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:

diff --git a/deploy/charts/rook-ceph/templates/cluster-rbac.yaml b/deploy/charts/rook-ceph/templates/cluster-rbac.yaml
@@ -26,8 +26,18 @@ roles
 ---
 {{ include "library.cluster.roles" . }}
 
+{{- if .Values.monitoring.enabled }}
+---
+{{ include "library.cluster.monitoring.roles" . }}
+{{- end }}
+
 {{/*
 rolebindings
 */}}
 ---
 {{ include "library.cluster.rolebindings" . }}
+
+{{- if .Values.monitoring.enabled }}
+---
+{{ include "library.cluster.monitoring.rolebindings" . }}
+{{- end }}
diff --git a/deploy/charts/rook-ceph/values.yaml b/deploy/charts/rook-ceph/values.yaml
@@ -353,3 +353,8 @@ admissionController:
   #      operator: Exists
   #      effect: NoSchedule
   # nodeAffinity: key1=value1,value2; key2=value3
+
+monitoring:
+  # requires Prometheus to be pre-installed
+  # enabling will also create RBAC rules to allow Operator to create ServiceMonitors
+  enabled: false