UNCLASSIFIED

Commit 6aa5dcf9 authored by Brian Miller's avatar Brian Miller
Browse files

Merge branch 'twist-prom' into 'master'

twistlock monitoring

See merge request platform-one/apps/twistlock!5
parents 3bf0c0a2 434c0b86
Twistlock Prometheus Monitoring is implemented as per the documentation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/audit/prometheus.html
1. Create ServiceMonitor for twistlock endpoint
2. Create Role, RoleBinding for monitoring in twistlock namespace
3. Create Secrets for metrics point authentication
4. kubectl apply -k prometheus
namespace: vault
resources:
- twistlockServiceMonitor.yaml
- role.yaml
- roleBinding.yaml
- twistlockSecret.yaml
\ No newline at end of file
apiVersion: rbac.authorization.k8s.io/v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prometheus-k8s
namespace: twistlock
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
kind: RoleList
apiVersion: rbac.authorization.k8s.io/v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: prometheus-k8s
namespace: twistlock
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prometheus-k8s
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring
kind: RoleBindingList
apiVersion: v1
kind: Secret
metadata:
name: twistlock-basic-auth
namespace: monitoring
data:
password: UGFzc3cwcmQh
user: QWRtaW5pc3RyYXRvcg==
type: Opaque
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
prometheus: k8s
name: twistlock
namepsace: monitoring
spec:
selector:
matchLabels:
name: console
namespaceSelector:
matchNames:
- twistlock
endpoints:
- interval: 30s
path: /api/v1/metrics
port: mgmt-http
scheme: http
basicAuth:
password:
name: twistlock-basic-auth
key: password
username:
name: twistlock-basic-auth
key: user
jobLabel: twistlock-metrics
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment