apiVersion: metering.openshift.io/v1
kind: MeteringConfig
metadata:
name: "operator-metering"
spec:
permissions:
# anyone in the "metering-admins" group can create, update, delete, etc any
# metering.openshift.io resources in the namespace.
# This also grants permissions to get query report results from the reporting REST API.
meteringAdmins:
- kind: Group
name: metering-admins
# Same as above except read only access and for the metering-viewers group.
meteringViewers:
- kind: Group
name: metering-viewers
# the default serviceaccount in the namespace "my-custom-ns" can:
# create, update, delete, etc reports.
# This also gives permissions query the results from the reporting REST API.
reportingAdmins:
- kind: serviceAccount
name: default
namespace: my-custom-ns
# anyone in the group reporting-readers can get, list, watch reports, and
# query report results from the reporting REST API.
reportingViewers:
- kind: Group
name: reporting-readers
# anyone in the group cluster-admins can query report results
# from the reporting REST API. So can the user bob-from-accounting.
reportExporters:
- kind: Group
name: cluster-admins
- kind: User
name: bob-from-accounting
reporting-operator:
spec:
authProxy:
# htpasswd.data can contain htpasswd file contents for allowing auth
# using a static list of usernames and their password hashes.
#
# username is 'testuser' password is 'password123'
# generated htpasswdData using: `htpasswd -nb -s testuser password123`
# htpasswd:
# data: |
# testuser:{SHA}y/2sYAj5yrQIN4TL0YdPdmGNKpc=
#
# change REPLACEME to the output of your htpasswd command
htpasswd:
data: |
REPLACEME