You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/big-data-cluster/kubernetes-rbac.md
+3-38Lines changed: 3 additions & 38 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -76,47 +76,12 @@ subjects:
76
76
EOF
77
77
```
78
78
79
-
The service account, cluster role and the cluster role binding can be created either before or post BDC deployment. Kubernetes automatically updates the permission for the Telegraf service account. If these are created as a pod deployment, you will see a few minutes delay in the pod and node metrics being collected.
80
-
81
-
```console
82
-
export CLUSTER_NAME=mssql-cluster
83
-
kubectl create -f - <<EOF
84
-
---
85
-
apiVersion: rbac.authorization.k8s.io/v1
86
-
kind: ClusterRole
87
-
metadata:
88
-
name: ${CLUSTER_NAME}:cr-mssql-metricsdc-reader
89
-
rules:
90
-
- apiGroups:
91
-
- '*'
92
-
resources:
93
-
- pods
94
-
- nodes/stats
95
-
verbs:
96
-
- get
97
-
---
98
-
apiVersion: rbac.authorization.k8s.io/v1
99
-
kind: ClusterRoleBinding
100
-
metadata:
101
-
name: ${CLUSTER_NAME}:crb-mssql-metricsdc-reader
102
-
roleRef:
103
-
apiGroup: rbac.authorization.k8s.io
104
-
kind: ClusterRole
105
-
name: ${CLUSTER_NAME}:cr-mssql-metricsdc-reader
106
-
subjects:
107
-
- kind: ServiceAccount
108
-
name: sa-mssql-metricsdc-reader
109
-
namespace: ${CLUSTER_NAME}
110
-
EOF
111
-
```
112
-
113
-
> [!NOTE]
114
-
> The service account, cluster role and the cluster role binding can be created either before or post BDC deployment. Kubernetes will automatically update the permission for the Telegraf service account. If these are created pod deployment, you will see a few minutes delay in the pod and node metrics being collected.
79
+
The service account, cluster role and the cluster role binding can be created either before or post BDC deployment. Kubernetes automatically updates the permission for the Telegraf service account. If these are created as a pod deployment, you will see a few minutes' delay in the pod and node metrics being collected.
115
80
116
81
> [!NOTE]
117
82
> SQL Server 2019 CU5 introduces two feature switches to control the collection of pod and node metrics. By default these parameters are set to true in all environment targets, except OpenShift where the default is overridden.
118
83
119
-
You can customize the these settings in the security section in the `control.json` deployment configuration file:
84
+
You can customize these settings in the security section in the `control.json` deployment configuration file:
120
85
121
86
```json
122
87
"security": {
@@ -126,4 +91,4 @@ You can customize the these settings in the security section in the `control.js
126
91
}
127
92
```
128
93
129
-
If these settings are set to `false`, BDC deployemnt workflow will not attempt to create the service account, cluster role, and the binding for Telegraf.
94
+
If these settings are set to `false`, BDC deployment workflow will not attempt to create the service account, cluster role, and the binding for Telegraf.
0 commit comments