easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #80 from s-urbaniak/aggregated-metrics-reader

Browse Source 
jsonnet/prometheus-adapter: add metrics to default user-facing roles
This commit is contained in:
Sergiusz Urbaniak
2019-04-23 14:27:29 +02:00
committed by GitHub
parent 7bd745ef78 9ed68df318
commit c61a7f0f9c
4 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet
View File

@@ -184,6 +184,25 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
clusterRole.mixin.metadata.withName('resource-metrics-server-resources') + clusterRole.mixin.metadata.withName('resource-metrics-server-resources') +
clusterRole.withRules(rules), clusterRole.withRules(rules),
clusterRoleAggregatedMetricsReader:
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local rules =
policyRule.new() +
policyRule.withApiGroups(['metrics.k8s.io']) +
policyRule.withResources(['pods']) +
policyRule.withVerbs(['get','list','watch']);
clusterRole.new() +
clusterRole.mixin.metadata.withName('system:aggregated-metrics-reader') +
clusterRole.mixin.metadata.withLabels({
"rbac.authorization.k8s.io/aggregate-to-admin": "true",
"rbac.authorization.k8s.io/aggregate-to-edit": "true",
"rbac.authorization.k8s.io/aggregate-to-view": "true",
}) +
clusterRole.withRules(rules),
roleBindingAuthReader: roleBindingAuthReader:
local roleBinding = k.rbac.v1.roleBinding; local roleBinding = k.rbac.v1.roleBinding;

2
jsonnetfile.lock.json
View File

@@ -8,7 +8,7 @@
"subdir": "jsonnet/kube-prometheus" "subdir": "jsonnet/kube-prometheus"
} }
}, },
"version": "a7bb5d1a1f37152f0e45912550a1a80b29fcd28a" "version": "1fbf75767a59d7fff5a7d716657349fcd884e4d3"
}, },
{ {
"name": "ksonnet", "name": "ksonnet",

1
kustomization.yaml
View File

@@ -40,6 +40,7 @@ resources:
- ./manifests/node-exporter-serviceMonitor.yaml - ./manifests/node-exporter-serviceMonitor.yaml
- ./manifests/prometheus-adapter-apiService.yaml - ./manifests/prometheus-adapter-apiService.yaml
- ./manifests/prometheus-adapter-clusterRole.yaml - ./manifests/prometheus-adapter-clusterRole.yaml
- ./manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml
- ./manifests/prometheus-adapter-clusterRoleBinding.yaml - ./manifests/prometheus-adapter-clusterRoleBinding.yaml
- ./manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml - ./manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml
- ./manifests/prometheus-adapter-clusterRoleServerResources.yaml - ./manifests/prometheus-adapter-clusterRoleServerResources.yaml

17
manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
- watch