Merge branch 'twist-prom' into 'master'

twistlock monitoring See merge request platform-one/apps/twistlock!5

Merge branch 'twist-prom' into 'master'
twistlock monitoring See merge request platform-one/apps/twistlock!5
6aa5dcf9 · Brian Miller · 3bf0c0a2 · 434c0b86 · 6aa5dcf9 · 6aa5dcf9
Commit 6aa5dcf9 authored Jul 13, 2020 by Brian Miller
8 changed files
--- a/console/kustomization.yaml
+++ b/console/kustomization.yaml
--- a/console/twistlock_console.yaml
+++ b/console/twistlock_console.yaml
--- a/app/monitoring/prometheus/README.md
+++ b/app/monitoring/prometheus/README.md
+Twistlock Prometheus Monitoring is implemented as per the documentation
+https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/audit/prometheus.html
+1. Create ServiceMonitor for twistlock endpoint
+2. Create Role, RoleBinding for monitoring in twistlock namespace
+3. Create Secrets for metrics point authentication
+4. kubectl apply -k prometheus
--- a/app/monitoring/prometheus/kustomization.yaml
+++ b/app/monitoring/prometheus/kustomization.yaml
+namespace: vault
+resources:
+- twistlockServiceMonitor.yaml
+- role.yaml
+- roleBinding.yaml
+- twistlockSecret.yaml
\ No newline at end of file
--- a/app/monitoring/prometheus/role.yaml
+++ b/app/monitoring/prometheus/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: Role
+  metadata:
+    name: prometheus-k8s
+    namespace: twistlock
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - services
+    - endpoints
+    - pods
+    verbs:
+    - get
+    - list
+    - watch
+kind: RoleList
--- a/app/monitoring/prometheus/roleBinding.yaml
+++ b/app/monitoring/prometheus/roleBinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    name: prometheus-k8s
+    namespace: twistlock
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: prometheus-k8s
+  subjects:
+  - kind: ServiceAccount
+    name: prometheus-k8s
+    namespace: monitoring
+kind: RoleBindingList
--- a/app/monitoring/prometheus/twistlockSecret.yaml
+++ b/app/monitoring/prometheus/twistlockSecret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: twistlock-basic-auth
+  namespace: monitoring
+data:
+  password: UGFzc3cwcmQh
+  user: QWRtaW5pc3RyYXRvcg==
+type: Opaque
--- a/app/monitoring/prometheus/twistlockServiceMonitor.yaml
+++ b/app/monitoring/prometheus/twistlockServiceMonitor.yaml
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    prometheus: k8s
+  name: twistlock
+  namepsace: monitoring
+spec:
+  selector:
+    matchLabels:
+      name: console
+  namespaceSelector:
+    matchNames:
+      - twistlock
+  endpoints:
+    - interval: 30s
+      path: /api/v1/metrics
+      port: mgmt-http
+      scheme: http
+      basicAuth:
+        password:
+          name: twistlock-basic-auth
+          key: password
+        username:
+          name: twistlock-basic-auth
+          key: user
+      jobLabel: twistlock-metrics