diff --git a/Documentation/ceph-upgrade.md b/Documentation/ceph-upgrade.md index be39a37a4d04..cb903ea20568 100644 --- a/Documentation/ceph-upgrade.md +++ b/Documentation/ceph-upgrade.md @@ -319,6 +319,12 @@ step to upgrade the Prometheus RBAC resources as well. kubectl apply -f deploy/examples/monitoring/rbac.yaml ``` +If you use the `rook-ceph` operator Helm chart, you should also add `monitoring.enabled` to +your Helm values with two caveats: +- this is unnecessary if you deploy monitoring RBAC from `deploy/examples/monitoring/rbac.yaml` +- this is unnecessary if you use `rook-ceph-cluster` charts exclusively outside of the `rook-ceph` + operator namespace. + ### **2. Update Ceph CSI versions** > Automatically updated if you are upgrading via the helm chart diff --git a/Documentation/helm-operator.md b/Documentation/helm-operator.md index 5e69ab793db5..644e327dee59 100644 --- a/Documentation/helm-operator.md +++ b/Documentation/helm-operator.md @@ -148,6 +148,7 @@ The following tables lists the configurable parameters of the rook-operator char | `admissionController.tolerations` | Array of tolerations in YAML format which will be added to admission controller deployment. | | | `admissionController.nodeAffinity` | The node labels for affinity of the admission controller deployment (***) | | | `allowMultipleFilesystems` | **(experimental in Octopus (v15))** Allows multiple filesystems to be deployed to a Ceph cluster. | `false` | +| `monitoring.enabled` | Create necessary RBAC rules for Rook to integrate with Prometheus monitoring in the operator namespace. Requires Prometheus to be pre-installed. | `false` | * * * `nodeAffinity` and `*NodeAffinity` options should have the format `"role=storage,rook; storage=ceph"` or `storage=;role=rook-example` or `storage=;` (_checks only for presence of key_) diff --git a/deploy/charts/library/templates/_cluster-monitoring.tpl b/deploy/charts/library/templates/_cluster-monitoring.tpl index fe7ceeb5ab04..d421bce1bbd1 100644 --- a/deploy/charts/library/templates/_cluster-monitoring.tpl +++ b/deploy/charts/library/templates/_cluster-monitoring.tpl @@ -4,7 +4,6 @@ These should be scoped to the namespace where the CephCluster is located. */}} {{- define "library.cluster.monitoring.roles" -}} -# --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/deploy/charts/rook-ceph/templates/cluster-rbac.yaml b/deploy/charts/rook-ceph/templates/cluster-rbac.yaml index 1662fb121b15..38a21a3512f2 100644 --- a/deploy/charts/rook-ceph/templates/cluster-rbac.yaml +++ b/deploy/charts/rook-ceph/templates/cluster-rbac.yaml @@ -26,8 +26,18 @@ roles --- {{ include "library.cluster.roles" . }} +{{- if .Values.monitoring.enabled }} +--- +{{ include "library.cluster.monitoring.roles" . }} +{{- end }} + {{/* rolebindings */}} --- {{ include "library.cluster.rolebindings" . }} + +{{- if .Values.monitoring.enabled }} +--- +{{ include "library.cluster.monitoring.rolebindings" . }} +{{- end }} diff --git a/deploy/charts/rook-ceph/values.yaml b/deploy/charts/rook-ceph/values.yaml index bca7cfdec08b..80d42d088409 100644 --- a/deploy/charts/rook-ceph/values.yaml +++ b/deploy/charts/rook-ceph/values.yaml @@ -353,3 +353,8 @@ admissionController: # operator: Exists # effect: NoSchedule # nodeAffinity: key1=value1,value2; key2=value3 + +monitoring: + # requires Prometheus to be pre-installed + # enabling will also create RBAC rules to allow Operator to create ServiceMonitors + enabled: false