936622aa3e
Add a missing 'prometheuses/finalizers' resource to the operator cluster role. Without this role, the operator will fail to create a default secret for a Prometheus instance in the absence of any service monitors. The fix seems to already be present in the `examples` version of the role; this patch brings the contrib version in line with the example.
54 lines
876 B
YAML
54 lines
876 B
YAML
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: prometheus-operator
|
|
rules:
|
|
- apiGroups:
|
|
- extensions
|
|
resources:
|
|
- thirdpartyresources
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- apiextensions.k8s.io
|
|
resources:
|
|
- customresourcedefinitions
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- monitoring.coreos.com
|
|
resources:
|
|
- alertmanagers
|
|
- prometheuses
|
|
- prometheuses/finalizers
|
|
- servicemonitors
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- statefulsets
|
|
verbs: ["*"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- configmaps
|
|
- secrets
|
|
verbs: ["*"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods
|
|
verbs: ["list", "delete"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- services
|
|
- endpoints
|
|
verbs: ["get", "create", "update"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- nodes
|
|
verbs: ["list", "watch"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- namespaces
|
|
verbs: ["list"]
|