Merge pull request #93311 from logicalhan/monitoring-role

Add bootstrap policy for monitoring endpoints
2025-09-17 07:03:31 +00:00 · 2020-08-28 06:36:52 -07:00
parent 8466b5b4a7 f57611970c
commit a9d1482710
5 changed files with 61 additions and 2 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -699,6 +699,9 @@ function create-master-auth {
    append_or_replace_prefixed_line "${known_tokens_csv}" "${KONNECTIVITY_SERVER_TOKEN},"     "system:konnectivity-server,uid:system:konnectivity-server"
    create-kubeconfig "konnectivity-server" "${KONNECTIVITY_SERVER_TOKEN}"
  fi
+  if [[ -n "${MONITORING_TOKEN:-}" ]]; then
+    append_or_replace_prefixed_line "${known_tokens_csv}" "${MONITORING_TOKEN},"     "system:monitoring,uid:system:monitoring,system:monitoring"
+  fi

  if [[ -n "${EXTRA_STATIC_AUTH_COMPONENTS:-}" ]]; then
    # Create a static Bearer token and kubeconfig for extra, comma-separated components.
@@ -2936,7 +2939,9 @@ function main() {
  if [[ "${ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE:-false}" == "true" ]]; then
    KONNECTIVITY_SERVER_TOKEN="$(secure_random 32)"
  fi
-
+  if [[ "${ENABLE_MONITORING_TOKEN:-false}" == "true" ]]; then
+    MONITORING_TOKEN="$(secure_random 32)"
+  fi

  setup-os-params
  config-ip-firewall