Files
kube-prometheus/jsonnet/prometheus-operator/prometheus-operator-cluster-role.libsonnet
2018-04-18 12:52:58 +02:00

82 lines
2.1 KiB
Jsonnet

local k = import "ksonnet.beta.3/k.libsonnet";
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local extensionsRule = policyRule.new() +
policyRule.withApiGroups(["extensions"]) +
policyRule.withResources([
"thirdpartyresources",
]) +
policyRule.withVerbs(["*"]);
local apiExtensionsRule = policyRule.new() +
policyRule.withApiGroups(["apiextensions.k8s.io"]) +
policyRule.withResources([
"customresourcedefinitions",
]) +
policyRule.withVerbs(["*"]);
local monitoringRule = policyRule.new() +
policyRule.withApiGroups(["monitoring.coreos.com"]) +
policyRule.withResources([
"alertmanagers",
"prometheuses",
"prometheuses/finalizers",
"alertmanagers/finalizers",
"servicemonitors",
]) +
policyRule.withVerbs(["*"]);
local appsRule = policyRule.new() +
policyRule.withApiGroups(["apps"]) +
policyRule.withResources([
"statefulsets",
]) +
policyRule.withVerbs(["*"]);
local coreRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"configmaps",
"secrets",
]) +
policyRule.withVerbs(["*"]);
local podRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"pods",
]) +
policyRule.withVerbs(["list", "delete"]);
local routingRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"services",
"endpoints",
]) +
policyRule.withVerbs(["get", "create", "update"]);
local nodeRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"nodes",
]) +
policyRule.withVerbs(["list", "watch"]);
local namespaceRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"namespaces",
]) +
policyRule.withVerbs(["list"]);
local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
{
new()::
clusterRole.new() +
clusterRole.mixin.metadata.withName("prometheus-operator") +
clusterRole.withRules(rules)
}