Skip to content

Commit 889e3e6

Browse files
mgirgisfmgirgisf
committed
test rbac-proxy
1 parent 8a30428 commit 889e3e6

File tree

2 files changed

+80
-0
lines changed

2 files changed

+80
-0
lines changed

roles/telemetry_verify_metrics/tasks/main.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,10 @@
2323
condition_type: Ready
2424
tags: precheck
2525

26+
- name: Verify kube-rbac-proxy
27+
ansible.builtin.include_tasks:
28+
file: verify_rbac.yml
29+
2630
- name: Verify RabbitMQ metrics are being exposed and stored
2731
ansible.builtin.include_tasks:
2832
file: verify_rabbitmq_metrics.yml

roles/telemetry_verify_metrics/tasks/verify_rbac.yml

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
- name: Verify the container exist in the prometheus-metric-storage-0
2+
ansible.builtin.shell: |
3+
oc describe pod prometheus-metric-storage-0
4+
register: result
5+
changed_when: false
6+
7+
- name: Verify kube-rbac-proxy is up and running
8+
ansible.builtin.shell: |
9+
oc logs prometheus-metric-storage-0 -c kube-rbac-proxy
10+
register: result
11+
changed_when: false
12+
13+
- name: Create Service Account to Test
14+
ansible.builtin.shell: |
15+
oc apply -f - <<EOF
16+
apiVersion: v1
17+
kind: ServiceAccount
18+
metadata:
19+
name: proxy-test
20+
namespace: openstack
21+
---
22+
apiVersion: rbac.authorization.k8s.io/v1
23+
kind: ClusterRole
24+
metadata:
25+
name: metrics
26+
rules:
27+
- nonResourceURLs:
28+
- /metrics
29+
verbs:
30+
- get
31+
- apiGroups: [""]
32+
resources: ["pods", "pods/metrics"]
33+
verbs: ["get", "list", "watch"]
34+
---
35+
apiVersion: rbac.authorization.k8s.io/v1
36+
kind: ClusterRoleBinding
37+
metadata:
38+
name: metrics
39+
roleRef:
40+
apiGroup: rbac.authorization.k8s.io
41+
kind: ClusterRole
42+
name: metrics
43+
subjects:
44+
- kind: ServiceAccount
45+
name: proxy-test
46+
namespace: openstack
47+
EOF
48+
changed_when: false
49+
50+
- name: Verify metrics through proxy
51+
ansible.builtin.shell: |
52+
oc exec -it openstackclient -- curl -v -k -H "Authorization: Bearer $(oc create token proxy-test)" https://metric-storage-prometheus:8443/metrics
53+
register: result
54+
changed_when: false
55+
56+
57+
- name: Verify clusterrolebinding
58+
ansible.builtin.shell: |
59+
oc get clusterrolebinding telemetry-operator-proxy-rolebinding
60+
register: result
61+
changed_when: false
62+
63+
64+
- name: Verify clusterrole
65+
ansible.builtin.shell: |
66+
oc get clusterrole openstack-operator-proxy-role
67+
register: result
68+
changed_when: false
69+
70+
71+
- name: Verify clusterrole telemetry-operator
72+
ansible.builtin.shell: |
73+
oc get clusterrole telemetry-operator-proxy-role
74+
register: result
75+
changed_when: false
76+

0 commit comments

Comments
 (0)