easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8692794a9a4233d21ae88a9114294a84ac5fe1c
kube-prometheus/jsonnet/prometheus-operator/prometheus-operator-cluster-role.libsonnet
Frederic Branczyk d8692794a9 kube-prometheus: Convert to jsonnet
2018-04-11 18:51:35 +02:00

81 lines
2.1 KiB
Jsonnet
Raw Blame History

local k = import "ksonnet.beta.3/k.libsonnet";
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local extensionsRule = policyRule.new() +
policyRule.withApiGroups(["extensions"]) +
policyRule.withResources([
"thirdpartyresources",
]) +
policyRule.withVerbs(["*"]);
local apiExtensionsRule = policyRule.new() +
policyRule.withApiGroups(["apiextensions.k8s.io"]) +
policyRule.withResources([
"customresourcedefinitions",
]) +
policyRule.withVerbs(["*"]);
local monitoringRule = policyRule.new() +
policyRule.withApiGroups(["monitoring.coreos.com"]) +
policyRule.withResources([
"alertmanagers",
"prometheuses",
"prometheuses/finalizers",
"alertmanagers/finalizers",
"servicemonitors",
]) +
policyRule.withVerbs(["*"]);
local appsRule = policyRule.new() +
policyRule.withApiGroups(["apps"]) +
policyRule.withResources([
"statefulsets",
]) +
policyRule.withVerbs(["*"]);
local coreRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"configmaps",
"secrets",
]) +
policyRule.withVerbs(["*"]);
local podRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"pods",
]) +
policyRule.withVerbs(["list", "delete"]);
local routingRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"services",
]) +
policyRule.withVerbs(["get", "create", "update"]);
local nodeRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"nodes",
]) +
policyRule.withVerbs(["list", "watch"]);
local namespaceRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"namespaces",
]) +
policyRule.withVerbs(["list"]);
local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
{
new()::
clusterRole.new() +
clusterRole.mixin.metadata.withName("prometheus-operator") +
clusterRole.withRules(rules)
}
Reference in New Issue View Git Blame Copy Permalink