summaryrefslogtreecommitdiffstats
path: root/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml')
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml35
1 files changed, 35 insertions, 0 deletions
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
new file mode 100644
index 00000000..799027d9
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
@@ -0,0 +1,35 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes/metrics
+ verbs:
+ - get
+ - list
+ - watch
+# This permission are not in the prometheus-operator repo
+# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
+- apiGroups: [""]
+ resources:
+ - nodes
+ - nodes/proxy
+ - services
+ - endpoints
+ - pods
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+ verbs: ["get"]
+{{- end }} \ No newline at end of file