# Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: nuvolaris-prometheus-server-cr labels: app.kubernetes.io/component: server app.kubernetes.io/instance: nuvolaris-prometheus app.kubernetes.io/name: prometheus rules: - apiGroups: - "" resources: - nodes - nodes/proxy - nodes/stats - nodes/metrics - services - endpoints - pods - ingresses - configmaps verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status - ingresses verbs: - get - list - watch - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: nuvolaris-prometheus app.kubernetes.io/name: kube-state-metrics name: nuvolaris-prometheus-kube-state-metrics-cr rules: - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests verbs: - list - watch - apiGroups: - "" resources: - configmaps verbs: - list - watch - apiGroups: - batch resources: - cronjobs verbs: - list - watch - apiGroups: - extensions - apps resources: - daemonsets verbs: - list - watch - apiGroups: - extensions - apps resources: - deployments verbs: - list - watch - apiGroups: - "" resources: - endpoints verbs: - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses verbs: - list - watch - apiGroups: - batch resources: - jobs verbs: - list - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - list - watch - apiGroups: - "" resources: - limitranges verbs: - list - watch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations verbs: - list - watch - apiGroups: - "" resources: - namespaces verbs: - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - persistentvolumeclaims verbs: - list - watch - apiGroups: - "" resources: - persistentvolumes verbs: - list - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - list - watch - apiGroups: - "" resources: - pods verbs: - list - watch - apiGroups: - extensions - apps resources: - replicasets verbs: - list - watch - apiGroups: - "" resources: - replicationcontrollers verbs: - list - watch - apiGroups: - "" resources: - resourcequotas verbs: - list - watch - apiGroups: - "" resources: - secrets verbs: - list - watch - apiGroups: - "" resources: - services verbs: - list - watch - apiGroups: - apps resources: - statefulsets verbs: - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - list - watch - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - list - watch - apiGroups: - storage.k8s.io resources: - volumeattachments verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nuvolaris-prometheus-server-cr subjects: - kind: ServiceAccount name: nuvolaris-prometheus-server namespace: nuvolaris --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: nuvolaris-prometheus-kube-state-metrics-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: nuvolaris-prometheus-kube-state-metrics-cr subjects: - kind: ServiceAccount name: nuvolaris-prometheus-kube-state-metrics namespace: nuvolaris