31 lines
966 B
YAML
31 lines
966 B
YAML
{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
|
|
labels:
|
|
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
|
|
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
|
rules:
|
|
# This permission are not in the kube-prometheus repo
|
|
# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
|
|
- apiGroups: [""]
|
|
resources:
|
|
- nodes
|
|
- nodes/metrics
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups:
|
|
- "networking.k8s.io"
|
|
resources:
|
|
- ingresses
|
|
verbs: ["get", "list", "watch"]
|
|
- nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
|
|
verbs: ["get"]
|
|
{{- if .Values.prometheus.additionalRulesForClusterRole }}
|
|
{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
|
|
{{- end }}
|
|
{{- end }}
|