RealTheory runs as a service account in your Kubernetes cluster. By default, RealTheory does not have sufficient RBAC permissions to enumerate Custom Resources (CRs) derived from Custom Resource Definitions (CRDs). Before RealTheory can aggregate and rollup costs, alerts, and other interesting data from CRs you must augment the RBAC permissions within the RealTheory Collector deployment manifest for each cluster that contains CRDs and CRs.
To augment the RBAC permissions within the RealTheory Collector deployment manifest for each cluster that contains CRDs and CRs, you must add a ClusterRole to the ClusterRole section of the RealTheory deployment manifest.
1# The cluster role grants read only access to key API groups.2apiVersion: rbac.authorization.k8s.io/v1
1- apiGroups: ["my.custom.group"]2 resources: ["*"]3 verbs: [get, watch, list]
Where my.custom.group is the API group that contains the resources you want RealTheory to be able to access.
kubectl apply -f <filename.yaml> on the cluster you want to manage.filename.yaml is the name of the RealTheory Collector deployment manifest file.To give RealTheory the appropriate RBAC permissions to aggregate data from Agones CRDs and CRs, you might update the ClusterRole section of the RealTheory deployment manifest as follows:
1# The cluster role grants read only access to key API groups.2apiVersion: rbac.authorization.k8s.io/v13kind: ClusterRole4metadata:5 name: object-reader6rules:7- apiGroups: [""]8 resources: ["*"]9 verbs: [get, watch, list]10- apiGroups: [apps]11 resources: ["*"]12 verbs: [get, watch, list]13- apiGroups: [metrics.k8s.io]14 resources: ["*"]15 verbs: [get, watch, list]16- apiGroups: [storage.k8s.io]17 resources: ["*"]18 verbs: [get, watch, list]19- apiGroups: [apiextensions.k8s.io]20 resources: ["*"]21 verbs: [get, watch, list]22- apiGroups: ["agones.dev"]23 resources: ["*"]24 verbs: [get, watch, list]
On This Page
Search for a command to run...