openshift · openshift-merge-robot · Feb 28, 2019 · Feb 28, 2019 · Feb 28, 2019 · s-urbaniak
diff --git a/jsonnet/telemeter/server/kubernetes.libsonnet b/jsonnet/telemeter/server/kubernetes.libsonnet
@@ -1,14 +1,12 @@
 local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
 local secretName = 'telemeter-server';
-local secretMountPath = '/etc/telemeter';
 local secretVolumeName = 'secret-telemeter-server';
 local tlsSecret = 'telemeter-server-shared';
 local tlsVolumeName = 'telemeter-server-tls';
 local tlsMountPath = '/etc/pki/service';
 local externalPort = 8443;
 local internalPort = 8081;
 local clusterPort = 8082;
-local whitelistFileName = 'whitelist';
 
 {
   _config+:: {
@@ -50,9 +48,13 @@ local whitelistFileName = 'whitelist';
       local rhdUsername = containerEnv.fromSecretRef('RHD_USERNAME', secretName, 'rhd.username');
       local rhdPassword = containerEnv.fromSecretRef('RHD_PASSWORD', secretName, 'rhd.password');
       local rhdClientID = containerEnv.fromSecretRef('RHD_CLIENT_ID', secretName, 'rhd.client_id');
-      local secretMount = containerVolumeMount.new(secretVolumeName, secretMountPath);
       local secretVolume = volume.fromSecret(secretVolumeName, secretName);
 
+      local whitelist = std.map(
+        function(rule) "--whitelist='%s'" % std.strReplace(rule, 'ALERTS', 'alerts'),
+        $._config.telemeterServer.whitelist
+      );
+
       local telemeterServer =
         container.new('telemeter-server', $._config.imageRepos.telemeterServer + ':' + $._config.versions.telemeterServer) +
         container.withCommand([
@@ -72,14 +74,13 @@ local whitelistFileName = 'whitelist';
           '--authorize-client-id=$(RHD_CLIENT_ID)',
           '--authorize-username=$(RHD_USERNAME)',
           '--authorize-password=$(RHD_PASSWORD)',
-          '--whitelist-file=%s/%s' % [secretMountPath, whitelistFileName],
-        ]) +
+        ] + whitelist) +
         container.withPorts([
           containerPort.newNamed('external', externalPort),
           containerPort.newNamed('internal', internalPort),
           containerPort.newNamed('cluster', clusterPort),
         ]) +
-        container.withVolumeMounts([secretMount, tlsMount]) +
+        container.withVolumeMounts([tlsMount]) +
         container.withEnv([name, rhdURL, rhdUsername, rhdPassword, rhdClientID]) + {
           livenessProbe: {
             httpGet: {
@@ -112,10 +113,8 @@ local whitelistFileName = 'whitelist';
 
     secret:
       local secret = k.core.v1.secret;
-      local whitelist = std.strReplace(std.join('\n', $._config.telemeterServer.whitelist), 'ALERTS', 'alerts');
 
       secret.new(secretName, {
-        [whitelistFileName]: std.base64(whitelist),
         'rhd.url': std.base64($._config.telemeterServer.rhdURL),
         'rhd.username': std.base64($._config.telemeterServer.rhdUsername),
         'rhd.password': std.base64($._config.telemeterServer.rhdPassword),

diff --git a/manifests/server/list.yaml b/manifests/server/list.yaml
@@ -9,7 +9,6 @@ objects:
     rhd.password: ""
     rhd.url: ""
     rhd.username: ""
-    whitelist: e19fbmFtZV9fPSJ1cCJ9CntfX25hbWVfXz0iY2x1c3Rlcl92ZXJzaW9uIn0Ke19fbmFtZV9fPSJjbHVzdGVyX3ZlcnNpb25fYXZhaWxhYmxlX3VwZGF0ZXMifQp7X19uYW1lX189ImNsdXN0ZXJfb3BlcmF0b3JfdXAifQp7X19uYW1lX189ImNsdXN0ZXJfb3BlcmF0b3JfY29uZGl0aW9ucyJ9CntfX25hbWVfXz0iY2x1c3Rlcl92ZXJzaW9uX3BheWxvYWQifQp7X19uYW1lX189ImNsdXN0ZXJfdmVyc2lvbl9wYXlsb2FkX2Vycm9ycyJ9CntfX25hbWVfXz0ibWFjaGluZV9jcHVfY29yZXMifQp7X19uYW1lX189Im1hY2hpbmVfbWVtb3J5X2J5dGVzIn0Ke19fbmFtZV9fPSJldGNkX29iamVjdF9jb3VudHMifQp7X19uYW1lX189ImFsZXJ0cyIsYWxlcnRzdGF0ZT0iZmlyaW5nIn0=
   kind: Secret
   metadata:
     labels:
@@ -127,7 +126,17 @@ objects:
           - --authorize-client-id=$(RHD_CLIENT_ID)
           - --authorize-username=$(RHD_USERNAME)
           - --authorize-password=$(RHD_PASSWORD)
-          - --whitelist-file=/etc/telemeter/whitelist
+          - --whitelist='{__name__="up"}'
+          - --whitelist='{__name__="cluster_version"}'
+          - --whitelist='{__name__="cluster_version_available_updates"}'
+          - --whitelist='{__name__="cluster_operator_up"}'
+          - --whitelist='{__name__="cluster_operator_conditions"}'
+          - --whitelist='{__name__="cluster_version_payload"}'
+          - --whitelist='{__name__="cluster_version_payload_errors"}'
+          - --whitelist='{__name__="machine_cpu_cores"}'
+          - --whitelist='{__name__="machine_memory_bytes"}'
+          - --whitelist='{__name__="etcd_object_counts"}'
+          - --whitelist='{__name__="alerts",alertstate="firing"}'
           env:
           - name: NAME
             valueFrom:
@@ -173,9 +182,6 @@ objects:
               port: 8443
               scheme: HTTPS
           volumeMounts:
-          - mountPath: /etc/telemeter
-            name: secret-telemeter-server
-            readOnly: false
           - mountPath: /etc/pki/service
             name: telemeter-server-tls
             readOnly: false

diff --git a/manifests/server/secret.yaml b/manifests/server/secret.yaml
@@ -4,7 +4,6 @@ data:
   rhd.password: ""
   rhd.url: ""
   rhd.username: ""
-  whitelist: e19fbmFtZV9fPSJ1cCJ9CntfX25hbWVfXz0iY2x1c3Rlcl92ZXJzaW9uIn0Ke19fbmFtZV9fPSJjbHVzdGVyX3ZlcnNpb25fYXZhaWxhYmxlX3VwZGF0ZXMifQp7X19uYW1lX189ImNsdXN0ZXJfb3BlcmF0b3JfdXAifQp7X19uYW1lX189ImNsdXN0ZXJfb3BlcmF0b3JfY29uZGl0aW9ucyJ9CntfX25hbWVfXz0iY2x1c3Rlcl92ZXJzaW9uX3BheWxvYWQifQp7X19uYW1lX189ImNsdXN0ZXJfdmVyc2lvbl9wYXlsb2FkX2Vycm9ycyJ9CntfX25hbWVfXz0ibWFjaGluZV9jcHVfY29yZXMifQp7X19uYW1lX189Im1hY2hpbmVfbWVtb3J5X2J5dGVzIn0Ke19fbmFtZV9fPSJldGNkX29iamVjdF9jb3VudHMifQp7X19uYW1lX189ImFsZXJ0cyIsYWxlcnRzdGF0ZT0iZmlyaW5nIn0=
 kind: Secret
 metadata:
   labels:

diff --git a/manifests/server/statefulSet.yaml b/manifests/server/statefulSet.yaml
@@ -33,7 +33,17 @@ spec:
         - --authorize-client-id=$(RHD_CLIENT_ID)
         - --authorize-username=$(RHD_USERNAME)
         - --authorize-password=$(RHD_PASSWORD)
-        - --whitelist-file=/etc/telemeter/whitelist
+        - --whitelist='{__name__="up"}'
+        - --whitelist='{__name__="cluster_version"}'
+        - --whitelist='{__name__="cluster_version_available_updates"}'
+        - --whitelist='{__name__="cluster_operator_up"}'
+        - --whitelist='{__name__="cluster_operator_conditions"}'
+        - --whitelist='{__name__="cluster_version_payload"}'
+        - --whitelist='{__name__="cluster_version_payload_errors"}'
+        - --whitelist='{__name__="machine_cpu_cores"}'
+        - --whitelist='{__name__="machine_memory_bytes"}'
+        - --whitelist='{__name__="etcd_object_counts"}'
+        - --whitelist='{__name__="alerts",alertstate="firing"}'
         env:
         - name: NAME
           valueFrom:
@@ -79,9 +89,6 @@ spec:
             port: 8443
             scheme: HTTPS
         volumeMounts:
-        - mountPath: /etc/telemeter
-          name: secret-telemeter-server
-          readOnly: false
         - mountPath: /etc/pki/service
           name: telemeter-server-tls
           readOnly: false