57 lines
1.2 KiB
YAML
57 lines
1.2 KiB
YAML
{{- if and .Values.rbac.create (empty .Values.server.useExistingClusterRoleName) -}}
|
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
{{- include "prometheus.server.labels" . | nindent 4 }}
|
|
name: {{ include "prometheus.clusterRoleName" . }}
|
|
rules:
|
|
{{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
|
|
- apiGroups:
|
|
- extensions
|
|
resources:
|
|
- podsecuritypolicies
|
|
verbs:
|
|
- use
|
|
resourceNames:
|
|
- {{ template "prometheus.server.fullname" . }}
|
|
{{- end }}
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
- nodes/proxy
|
|
- nodes/metrics
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
- ingresses
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "extensions"
|
|
- "networking.k8s.io"
|
|
resources:
|
|
- ingresses/status
|
|
- ingresses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "discovery.k8s.io"
|
|
resources:
|
|
- endpointslices
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- nonResourceURLs:
|
|
- "/metrics"
|
|
verbs:
|
|
- get
|
|
{{- end }}
|