Fix: Updated deployment files with correct Prometheus URL and RBAC permissions

app/core/config.py

@@ -15,7 +15,7 @@ class Settings(BaseSettings):
     token: Optional[str] = None
     
     # Prometheus settings
-    prometheus_url: str = "http://prometheus.openshift-monitoring.svc.cluster.local:9090"
+    prometheus_url: str = "http://prometheus-k8s.openshift-monitoring.svc.cluster.local:9091"
     
     # Validation settings
     cpu_limit_ratio: float = 3.0  # Default limit:request ratio for CPU

app/core/kubernetes_client.py

@@ -30,7 +30,27 @@ class K8sClient:
                 config.load_kube_config(config_file=settings.kubeconfig_path)
             else:
                 # Use in-cluster configuration
-                config.load_incluster_config()
+                try:
+                    config.load_incluster_config()
+                except config.ConfigException:
+                    # If in-cluster config fails, try to use service account token
+                    try:
+                        with open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r') as f:
+                            token = f.read().strip()
+                        
+                        with open('/var/run/secrets/kubernetes.io/serviceaccount/namespace', 'r') as f:
+                            namespace = f.read().strip()
+                        
+                        # Create configuration with token
+                        configuration = client.Configuration()
+                        configuration.host = f"https://kubernetes.default.svc"
+                        configuration.ssl_ca_cert = '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+                        configuration.api_key = {"authorization": f"Bearer {token}"}
+                        client.Configuration.set_default(configuration)
+                        
+                    except FileNotFoundError:
+                        # Fallback to default configuration
+                        config.load_kube_config()
             
             # Initialize API clients
             self.v1 = client.CoreV1Api()

app/core/prometheus_client.py

@@ -22,7 +22,23 @@ class PrometheusClient:
     async def initialize(self):
         """Initialize Prometheus client"""
         try:
-            self.session = aiohttp.ClientSession()
+            # Create session with SSL verification disabled for self-signed certificates
+            connector = aiohttp.TCPConnector(ssl=False)
+            
+            # Get service account token for authentication
+            token = None
+            try:
+                with open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r') as f:
+                    token = f.read().strip()
+            except FileNotFoundError:
+                logger.warning("Service account token not found, proceeding without authentication")
+            
+            # Create headers with token if available
+            headers = {}
+            if token:
+                headers['Authorization'] = f'Bearer {token}'
+            
+            self.session = aiohttp.ClientSession(connector=connector, headers=headers)
             
             # Test connection
             async with self.session.get(f"{self.base_url}/api/v1/query?query=up") as response: