[bitnami/kong] Fix for prometheus permissions (#2734)

* [bitnami/kong] Fix for prometheus permissions Signed-off-by: Mostafa Hussein <mostafa.hussein91@gmail.com>
2026-03-29 16:27:11 +08:00 · 2020-06-08 10:38:00 +02:00
parent bb63ebb107
commit dcb3882402
7 changed files with 59 additions and 8 deletions
--- a/bitnami/kong/Chart.yaml
+++ b/bitnami/kong/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: kong
-version: 1.1.7
+version: 1.2.0
 appVersion: 2.0.4
 description: Kong is a scalable, open source API layer (aka API gateway or API middleware) that runs in front of any RESTful API. Extra functionalities beyond the core platform are extended through plugins. Kong is built on top of reliable technologies like NGINX and provides an easy-to-use RESTful API to operate and configure the system.
 keywords:
--- a/bitnami/kong/README.md
+++ b/bitnami/kong/README.md
@@ -215,6 +215,8 @@ The following tables list the configurable parameters of the kong chart and thei
 | `metrics.service.annotations`                   | Annotations for Prometheus metrics service                                                                                                            | `Check values.yaml file`                                                                                    |
 | `metrics.serviceMonitor.enabled`                | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)                                                | `false`                                                                                                     |
 | `metrics.serviceMonitor.namespace`              | Namespace in which Prometheus is running                                                                                                              | `nil`                                                                                                       |
+| `metrics.serviceMonitor.serviceAccount`         | Service account used by Prometheus                                                                                                                    | `nil`
+| `metrics.serviceMonitor.rbac.create`            | if `true`, creates a Role and Role binding for Prometheus so it can reach kong's namespace                                                            | `true`
 | `metrics.serviceMonitor.interval`               | Interval at which metrics should be scraped.                                                                                                          | `nil` (Prometheus Operator default value)                                                                   |
 | `metrics.serviceMonitor.scrapeTimeout`          | Timeout after which the scrape is ended                                                                                                               | `nil` (Prometheus Operator default value)                                                                   |
 | `metrics.serviceMonitor.selector`               | Prometheus instance selector labels                                                                                                                   | `nil`                                                                                                       |
--- a/bitnami/kong/requirements.lock
+++ b/bitnami/kong/requirements.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: postgresql
  repository: https://charts.bitnami.com/bitnami
-  version: 8.10.3
+  version: 8.10.5
 - name: cassandra
  repository: https://charts.bitnami.com/bitnami
  version: 5.4.2
-digest: sha256:9d31c2c2bc99b65da21a54fd7021815f18a40e6826137e4f99560ccb1a51e7f3
-generated: "2020-05-28T20:57:29.942638015Z"
+digest: sha256:a216bcd6e7c1741a572b54de17691124d87fbf352cee6b9d686557a793dbe814
+generated: "2020-06-08T07:16:15.412331171Z"
--- a/bitnami/kong/templates/kong-prometheus-role.yaml
+++ b/bitnami/kong/templates/kong-prometheus-role.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "kong.fullname" . }}-prometheus
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["endpoints", "services", "pods"]
+  verbs: ["get", "list", "watch"]
+{{- end }}
--- a/bitnami/kong/templates/kong-prometheus-rolebinding.yaml
+++ b/bitnami/kong/templates/kong-prometheus-rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "kong.fullname" . }}-prometheus
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "kong.fullname" . }}-prometheus
+subjects:
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  - namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  - namespace: {{ .Release.Namespace }}
+  {{- end }}        
+  kind: ServiceAccount
+  name: {{ required "A valid .Values.metrics.serviceMonitor.serviceAccount entry required!" .Values.metrics.serviceMonitor.serviceAccount }}
+{{- end }}
--- a/bitnami/kong/values-production.yaml
+++ b/bitnami/kong/values-production.yaml
@@ -14,7 +14,7 @@
 image:
  registry: docker.io
  repository: bitnami/kong
-  tag: 2.0.4-debian-10-r33
+  tag: 2.0.4-debian-10-r43
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -137,7 +137,7 @@ ingressController:
  image:
    registry: docker.io
    repository: bitnami/kong-ingress-controller
-    tag: 0.9.0-debian-10-r1
+    tag: 0.9.0-debian-10-r11
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -441,6 +441,16 @@ metrics:
    ##
    # namespace: monitoring

+    ## Service Account used by Prometheus
+    ##
+    # serviceAccount: prometheus
+
+    # If RBAC enabled on the cluster, Additional resources will be required
+    # so Prometheus can reach kong's namespace
+    rbac:
+      enabled: true
+
+
    ## Interval at which metrics should be scraped.
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##
--- a/bitnami/kong/values.yaml
+++ b/bitnami/kong/values.yaml
@@ -14,7 +14,7 @@
 image:
  registry: docker.io
  repository: bitnami/kong
-  tag: 2.0.4-debian-10-r33
+  tag: 2.0.4-debian-10-r43
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -137,7 +137,7 @@ ingressController:
  image:
    registry: docker.io
    repository: bitnami/kong-ingress-controller
-    tag: 0.9.0-debian-10-r1
+    tag: 0.9.0-debian-10-r11
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -447,6 +447,15 @@ metrics:
    ##
    # namespace: monitoring

+    ## Service Account used by Prometheus
+    ##
+    # serviceAccount: prometheus
+
+    # If RBAC enabled on the cluster, Additional resources will be required
+    # so Prometheus can reach kong's namespace
+    rbac:
+      enabled: true
+
    ## Interval at which metrics should be scraped.
    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
    ##