<div dir="ltr">I think its this config in prometheus (see below) that wants to scrape all pods with a certain label. <div>But I'm not really experienced with service discovery in kubernetes. I would like to restrict that discovery to e.g. the current namespace or namespaces that my service account has access to. E.g. I dont want to scrape other users' kafka clusters...<br><div></div><div><br></div><div><table class="inbox-inbox-highlight inbox-inbox-tab-size inbox-inbox-js-file-line-container" style="box-sizing:border-box;border-collapse:collapse;color:rgb(36,41,46);font-family:-apple-system,system-ui,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";font-size:14px"><tbody style="box-sizing:border-box"><tr style="box-sizing:border-box"><td id="inbox-inbox-LC51" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">      scrape_configs:</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L52" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC52" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">        - job_name: 'kafka_job'</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L53" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC53" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">          kubernetes_sd_configs:</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L54" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC54" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">            - role: pod</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L55" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC55" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">          relabel_configs:</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L56" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC56" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">            - source_labels: [__meta_kubernetes_pod_container_port_name]</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L57" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC57" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">              action: keep</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L58" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC58" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">              regex: kafkametrics.*</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L59" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC59" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">            - source_labels: [__meta_kubernetes_pod_name]</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L60" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC60" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">              action: replace</span></td></tr><tr style="box-sizing:border-box"><td id="inbox-inbox-L61" class="inbox-inbox-blob-num inbox-inbox-js-line-number" style="box-sizing:border-box;padding:0px 10px;border-right:1px solid rgb(255,255,255);width:50px;min-width:50px;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;line-height:20px;color:rgba(27,31,35,0.3);text-align:right;white-space:nowrap;vertical-align:top"></td><td id="inbox-inbox-LC61" class="inbox-inbox-blob-code inbox-inbox-blob-code-inner inbox-inbox-js-file-line" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;word-wrap:normal;white-space:pre"><span class="inbox-inbox-pl-s" style="box-sizing:border-box;color:rgb(3,47,98)">              target_label: kubernetes_pod_name</span></td></tr></tbody></table></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Feb 15, 2018 at 2:36 PM Anton Sherkhonov <<a href="mailto:asherkho@redhat.com">asherkho@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I think it's oauth-proxy that actually wants this permission to create tokenreviews.<div><br></div><div># oc policy who-can create <a href="http://tokenreviews.authentication.k8s.io" target="_blank">tokenreviews.authentication.k8s.io</a><br></div><div>^^ will give you list of users who can.</div></div><div class="gmail_extra"><br><div class="gmail_quote"></div></div><div class="gmail_extra"><div class="gmail_quote">On Thu, Feb 15, 2018 at 8:05 AM, Marcel Hild <span dir="ltr"><<a href="mailto:mhild@redhat.com" target="_blank">mhild@redhat.com</a>></span> wrote:<br></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div>I'm experimenting with prometheus monitoring kafka.</div><div>In your setup you need admin access to the cluster to read which pods to scrape from (I guess)</div><div><br></div><div><div>oc login -u system:admin</div><div>oc create sa prometheus-server</div><div>oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:${NAMESPACE}:prometheus-server</div></div><div><br></div><div>Is there a way to deploy this in a setting, where I dont have admin access to the cluster?</div><div><br></div><div>thanks</div><span class="m_-973024378289195933HOEnZb"><font color="#888888"><div>marcel</div></font></span></div>
<br></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
Strimzi mailing list<br>
<a href="mailto:Strimzi@redhat.com" target="_blank">Strimzi@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/strimzi" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/strimzi</a><br>
<br></blockquote></div><br></div>
</blockquote></div>