kube-prometheus: add RBAC resources
This commit is contained in:
Frederic Branczyk
12
manifests/prometheus/prometheus-cluster-role-binding.yaml
Normal file
12
manifests/prometheus/prometheus-cluster-role-binding.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: prometheus
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: prometheus
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus-k8s
|
||||
namespace: monitoring
|
||||
16
manifests/prometheus/prometheus-cluster-role.yaml
Normal file
16
manifests/prometheus/prometheus-cluster-role.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: prometheus
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- nodes
|
||||
- services
|
||||
- endpoints
|
||||
- pods
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- configmaps
|
||||
verbs: ["get"]
|
||||
4
manifests/prometheus/prometheus-k8s-service-account.yaml
Normal file
4
manifests/prometheus/prometheus-k8s-service-account.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: prometheus-k8s
|
||||
@@ -7,6 +7,7 @@ metadata:
|
||||
spec:
|
||||
replicas: 2
|
||||
version: v1.5.2
|
||||
serviceAccountName: prometheus-k8s
|
||||
serviceMonitorSelector:
|
||||
matchExpression:
|
||||
- {key: k8s-apps, operator: Exists}
|
||||
|
||||
Reference in New Issue
Block a user