What role does telegraf needs to monitor one project in openshift?

1/8/2019

I'm trying to retrieve metrics from Spring Boot application in Openshift and I chose telegraf because it offers to transform metrics from Prometheus format to OpenTSDB which I need. The problem is I'm stuck at using a sidecar container of telegraf in each POD which is not the best stable solution. I need to create one POD of telegraf that would discover other services and other pods in order to retrieve metrics from them.

I added the role 'view' and 'hawkular-metrics' to default service account but it logs that it can't watch all the pods of the cluster and in fact, I'm trying to watch only the pods of one project and not all the projects of the cluster.

This is my template to deploy telegraf :

---
kind: Template
apiVersion: v1
metadata:
  name: telegraf-testapp-template
  annotations:
    description: Template to deploy an application with telegraf
labels:
  app: telegraf
  createdBy: telegraf-testapp-template
parameters:
  - description: Application name
    name: APPLICATION_NAME
    value: 'telegraf'
    required: true
  - description: OpenTSDB service
    name: OPENTSDB_HOST
    value: 'proxytsdb.project.svc'
  - description: OpenTSDB port
    name: OPENTSDB_PORT
    value: '4242'
  - description: Default data collection interval for telegraf (seconds)
    name: TELEGRAF_INTERVAL
    value: '1s'
  - description: Prefix for metrics keys
    name: PREFIX_KEYS
    value: 'app.'
  - description: Run telegraf with debug log messages (true/false)
    name: TELEGRAF_DEBUG
    value: 'false'
  - description: Cluster
    name: CLUSTER
    value: 'pmp'
  - description: Project name
    name: PROJECT
    value: 'unknown'
objects:
  - kind: DeploymentConfig
    apiVersion: v1
    metadata:
      name: ${APPLICATION_NAME}
      labels:
        deploymentConfig: ${APPLICATION_NAME}
        app: telegraf
    spec:
      replicas: 1
      selector:
        deploymentConfig: ${APPLICATION_NAME}
      strategy:
        type: Rolling
      template:
        metadata:
          labels:
            deploymentConfig: ${APPLICATION_NAME}
            app: telegraf
          name: ${APPLICATION_NAME}
        spec:
          containers:
            - env:
                - name: INTERVAL
                  value: ${TELEGRAF_INTERVAL}
                - name: PREFIX_KEYS
                  value: 'app.'
                - name: OPENTSDB_HOST
                  value: ${OPENTSDB_HOST}
                - name: OPENTSDB_PORT
                  value: ${OPENTSDB_PORT}
                - name: DEBUG
                  value: ${TELEGRAF_DEBUG}
                - name: CLUSTER
                  value: ${CLUSTER}
                - name: PROJECT
                  value: ${PROJECT}
                - name: SERVICE
                  value: ${APPLICATION_NAME}
              image: >-
                sandbox/awl-openshift-telegraf:1.9.1
              imagePullPolicy: Always
              name: telegraf
              resources: {}
              securityContext: {}
              terminationMessagePath: /dev/termination-log
        restartPolicy: Always
        dnsPolicy: ClusterFirst
      triggers:
        - type: ConfigChange

After deploying this template with the service account default, I expect that it would discover the pods and services of the project but it shows :

unable to watch resources: kubernetes api: Failure 403 User "system:serviceaccount:project:default" cannot watch all pods in the cluster
-- Simo Elmou
java
kubernetes
prometheus
spring-boot
telegraf

0 Answers