一. 前言
一. 配置 service account
oc project openshift-infra
创建采集组建所需的 service account 帐号
oc create serviceaccount metrics-deployer
需要读取集群信息的权限,需要为 service account 授权
oadm policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer
oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster
二. 配置证书
为 Hawkular Metrics Heapster Cassandra数据库创建证书
oadm ca create-server-cert --signer-cert=/etc/origin/master/ca.crt --signer-key=/etc/origin/master/ca.key --signer-serial=/etc/origin/master/ca.serial.txt --hostnames='hawkular-metrics.apps.example.com,hawkular-metrics' --cert=/etc/origin/master/metric.crt --key=/etc/origin/master/metric.key
根据生成的证书创建 secret 对象
oc secrets new metrics-deployer hawkular-metrics.pem=<(cat /etc/origin/master/metric.key /etc/origin/master/metric.crt)