I have this repo terraform1#prometheus-operator, got it working previously with normal prometheus (without operator), now testing for prometheus-operator so if pod scaled horizontally, it would still can scrape correctly all metrics for all pods, not just from 1 pod.
This article step by step how to run the minikube and terraform.
After deployed, it shows properly:
k get pods -n pf1ns -w 1 ↵
NAME READY STATUS RESTARTS AGE
keda-admission-webhooks-76cd6c4b59-6b59r 1/1 Running 0 20h
keda-operator-5bb494667b-bb2bl 1/1 Running 0 20h
keda-operator-metrics-apiserver-68d9f78869-d65vj 1/1 Running 0 20h
prometheus-pf1prom-0 2/2 Running 0 3m9s
promfiberdeploy-868697d555-2jfgv 1/1 Running 0 20h
but there’s error on prometheus-pf1prom-0:
ts=2023-07-04T17:23:40.085Z caller=klog.go:116 level=error component=k8s_client_runtime func=ErrorDepth msg="pkg/mod/k8s.io/client-go@v0.26.2/tools/cache/reflector.go:169: Failed to watch *v1.Pod: failed to list *v1.Pod: pods is forbidden: User \"system:serviceaccount:pf1ns:pf1promsvcacc\" cannot list resource \"pods\" in API group \"\" in the namespace \"pf1ns\""
What roles required to list pods?
there’s already pod permission:
rule {
api_groups = [""]
resources = ["services", "endpoints", "pods"]
verbs = ["get", "list", "watch"]
}
>Solution :
Make sure you attach the created Role to the ServiceAccount using a RoleBinding.