kube-prometheus: Convert to jsonnet

2018-04-08 14:53:30 +02:00
parent 0d142fe9da
commit d8692794a9
54 changed files with 1249 additions and 0 deletions
--- a/jsonnet/prometheus-operator/prometheus-operator-cluster-role.libsonnet
+++ b/jsonnet/prometheus-operator/prometheus-operator-cluster-role.libsonnet
@@ -0,0 +1,80 @@
+local k = import "ksonnet.beta.3/k.libsonnet";
+local clusterRole = k.rbac.v1.clusterRole;
+local policyRule = clusterRole.rulesType;
+
+local extensionsRule = policyRule.new() +
+  policyRule.withApiGroups(["extensions"]) +
+  policyRule.withResources([
+    "thirdpartyresources",
+  ]) +
+  policyRule.withVerbs(["*"]);
+
+local apiExtensionsRule = policyRule.new() +
+  policyRule.withApiGroups(["apiextensions.k8s.io"]) +
+  policyRule.withResources([
+    "customresourcedefinitions",
+  ]) +
+  policyRule.withVerbs(["*"]);
+
+local monitoringRule = policyRule.new() +
+  policyRule.withApiGroups(["monitoring.coreos.com"]) +
+  policyRule.withResources([
+    "alertmanagers",
+    "prometheuses",
+    "prometheuses/finalizers",
+    "alertmanagers/finalizers",
+    "servicemonitors",
+  ]) +
+  policyRule.withVerbs(["*"]);
+
+local appsRule = policyRule.new() +
+  policyRule.withApiGroups(["apps"]) +
+  policyRule.withResources([
+    "statefulsets",
+  ]) +
+  policyRule.withVerbs(["*"]);
+
+local coreRule = policyRule.new() +
+  policyRule.withApiGroups([""]) +
+  policyRule.withResources([
+    "configmaps",
+    "secrets",
+  ]) +
+  policyRule.withVerbs(["*"]);
+
+local podRule = policyRule.new() +
+  policyRule.withApiGroups([""]) +
+  policyRule.withResources([
+    "pods",
+  ]) +
+  policyRule.withVerbs(["list", "delete"]);
+
+local routingRule = policyRule.new() +
+  policyRule.withApiGroups([""]) +
+  policyRule.withResources([
+    "services",
+  ]) +
+  policyRule.withVerbs(["get", "create", "update"]);
+
+local nodeRule = policyRule.new() +
+  policyRule.withApiGroups([""]) +
+  policyRule.withResources([
+    "nodes",
+  ]) +
+  policyRule.withVerbs(["list", "watch"]);
+
+local namespaceRule = policyRule.new() +
+  policyRule.withApiGroups([""]) +
+  policyRule.withResources([
+    "namespaces",
+  ]) +
+  policyRule.withVerbs(["list"]);
+
+local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
+
+{
+    new()::
+        clusterRole.new() +
+          clusterRole.mixin.metadata.withName("prometheus-operator") +
+          clusterRole.withRules(rules)
+}