easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #229 from brancz/kube-prometheus-rbac

Browse Source 
kube-prometheus: add RBAC resources
This commit is contained in:
Frederic Branczyk
2017-03-24 16:23:28 +01:00
committed by GitHub
parent 59bcbb70b3 bbd5684b43
commit 2edd30dd6d
14 changed files with 133 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hack/cluster-monitoring/deploy
View File

@@ -14,7 +14,7 @@ kctl() {
kubectl --namespace "$NAMESPACE" "$@"
}
kctl apply -f manifests/prometheus-operator.yaml
kctl apply -f manifests/prometheus-operator
# Wait for TPRs to be ready.
printf "Waiting for Operator to register third party objects..."
@@ -28,6 +28,9 @@ kctl apply -f manifests/grafana
kctl apply -f manifests/prometheus/prometheus-k8s-rules.yaml
kctl apply -f manifests/prometheus/prometheus-k8s-service.yaml
kctl apply -f manifests/prometheus/prometheus-cluster-role-binding.yaml
kctl apply -f manifests/prometheus/prometheus-cluster-role.yaml
kctl apply -f manifests/prometheus/prometheus-k8s-service-account.yaml
kctl apply -f manifests/alertmanager/alertmanager-config.yaml
kctl apply -f manifests/alertmanager/alertmanager-service.yaml

2
hack/cluster-monitoring/teardown
View File

@@ -20,5 +20,5 @@ kctl delete -f manifests/alertmanager
# Hack: wait a bit to let the controller delete the deployed Prometheus server.
sleep 5
kctl delete -f manifests/prometheus-operator.yaml
kctl delete -f manifests/prometheus-operator

12
manifests/exporters/kube-state-metrics-cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: monitoring

17
manifests/exporters/kube-state-metrics-cluster-role.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
name: kube-state-metrics
rules:
- apiGroups: [""]
resources:
- nodes
- pods
- resourcequotas
verbs: ["list", "watch"]
- apiGroups: ["extensions"]
resources:
- daemonsets
- deployments
- replicasets
verbs: ["list", "watch"]

1
manifests/exporters/kube-state-metrics-deployment.yaml
View File

@@ -9,6 +9,7 @@ spec:
labels:
app: kube-state-metrics
spec:
serviceAccountName: kube-state-metrics
containers:
- name: kube-state-metrics
image: gcr.io/google_containers/kube-state-metrics:v0.4.1

4
manifests/exporters/kube-state-metrics-service-account.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-state-metrics

12
manifests/prometheus-operator/prometheus-operator-cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-operator
subjects:
- kind: ServiceAccount
name: prometheus-operator
namespace: default

42
manifests/prometheus-operator/prometheus-operator-cluster-role.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
name: prometheus-operator
rules:
- apiGroups:
- extensions
resources:
- thirdpartyresources
verbs:
- create
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- servicemonitors
verbs:
- "*"
- apiGroups:
- apps
resources:
- statefulsets
verbs: ["*"]
- apiGroups: [""]
resources:
- configmaps
- secrets
verbs: ["*"]
- apiGroups: [""]
resources:
- pods
verbs: ["list", "delete"]
- apiGroups: [""]
resources:
- services
- endpoints
verbs: ["get", "create", "update"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch"]

4
manifests/prometheus-operator/prometheus-operator-service-account.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus-operator

5
manifests/prometheus-operator.yaml → manifests/prometheus-operator/prometheus-operator.yaml
View File

@@ -11,12 +11,13 @@ spec:
labels:
operator: prometheus
spec:
serviceAccountName: prometheus-operator
containers:
- name: prometheus-operator
image: quay.io/coreos/prometheus-operator:v0.7.0
args:
- "--kubelet-object=kube-system/kubelet"
- "--config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1"
- "--kubelet-object=kube-system/kubelet"
- "--config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1"
resources:
requests:
cpu: 100m

12
manifests/prometheus/prometheus-cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus-k8s
namespace: monitoring

16
manifests/prometheus/prometheus-cluster-role.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups: [""]
resources:
- nodes
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["get"]

4
manifests/prometheus/prometheus-k8s-service-account.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus-k8s

1
manifests/prometheus/prometheus-k8s.yaml
View File

@@ -7,6 +7,7 @@ metadata:
spec:
replicas: 2
version: v1.5.2
serviceAccountName: prometheus-k8s
serviceMonitorSelector:
matchExpression:
- {key: k8s-apps, operator: Exists}