Relocate Rancher roles to overlay/

2020-09-18 17:59:47 -07:00 · 2020-09-18 17:59:47 -07:00 · 2e1ed1b130
parent f53ab23985
commit 2e1ed1b130
2 changed files with 148 additions and 153 deletions
--- a/packages/rancher-monitoring/overlay/templates/rancher-monitoring/clusterrole.yaml
+++ b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/clusterrole.yaml
@ -0,0 +1,148 @@
+{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: monitoring-admin
+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
+  {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  {{- end }}
+rules:
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - alertmanagers
+  - prometheuses
+  - prometheuses/finalizers
+  - alertmanagers/finalizers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - thanosrulers
+  - thanosrulers/finalizers
+  - servicemonitors
+  - podmonitors
+  - prometheusrules
+  - podmonitors
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: monitoring-edit
+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
+  {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  {{- end }}
+rules:
+rules:
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - alertmanagers
+  - prometheuses
+  - prometheuses/finalizers
+  - alertmanagers/finalizers
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - thanosrulers
+  - thanosrulers/finalizers
+  - servicemonitors
+  - podmonitors
+  - prometheusrules
+  - podmonitors
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: monitoring-view
+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
+  {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  {{- end }}
+rules:
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - alertmanagers
+  - prometheuses
+  - prometheuses/finalizers
+  - alertmanagers/finalizers
+  - thanosrulers
+  - thanosrulers/finalizers
+  - servicemonitors
+  - podmonitors
+  - prometheusrules
+  - podmonitors
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+{{- if .Values.grafana.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: grafana-config-edit
+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: grafana-config-view
+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+{{- end }}
+{{- end }}
--- a/packages/rancher-monitoring/rancher-monitoring.patch
+++ b/packages/rancher-monitoring/rancher-monitoring.patch
@ -1734,159 +1734,6 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem
           {{- end }}
           imagePullPolicy: {{ .Values.prometheusOperator.tlsProxy.image.pullPolicy }}
           args:
-diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/rancher-monitoring/clusterrole.yaml packages/rancher-monitoring/charts/templates/rancher-monitoring/clusterrole.yaml
--- packages/rancher-monitoring/charts-original/templates/rancher-monitoring/clusterrole.yaml
-+++ packages/rancher-monitoring/charts/templates/rancher-monitoring/clusterrole.yaml
-@@ -0,0 +1,148 @@
-+{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }}
-+---
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: monitoring-admin
-+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
-+  {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
-+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-+  {{- end }}
-+rules:
-+- apiGroups:
-+  - monitoring.coreos.com
-+  resources:
-+  - alertmanagers
-+  - prometheuses
-+  - prometheuses/finalizers
-+  - alertmanagers/finalizers
-+  verbs:
-+  - 'get'
-+  - 'list'
-+  - 'watch'
-+- apiGroups:
-+  - monitoring.coreos.com
-+  resources:
-+  - thanosrulers
-+  - thanosrulers/finalizers
-+  - servicemonitors
-+  - podmonitors
-+  - prometheusrules
-+  - podmonitors
-+  verbs:
-+  - '*'
-+- apiGroups:
-+  - ""
-+  resources:
-+  - configmaps
-+  - secrets
-+  verbs:
-+  - '*'
-+---
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: monitoring-edit
-+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
-+  {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
-+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-+  {{- end }}
-+rules:
-+rules:
-+- apiGroups:
-+  - monitoring.coreos.com
-+  resources:
-+  - alertmanagers
-+  - prometheuses
-+  - prometheuses/finalizers
-+  - alertmanagers/finalizers
-+  verbs:
-+  - 'get'
-+  - 'list'
-+  - 'watch'
-+- apiGroups:
-+  - monitoring.coreos.com
-+  resources:
-+  - thanosrulers
-+  - thanosrulers/finalizers
-+  - servicemonitors
-+  - podmonitors
-+  - prometheusrules
-+  - podmonitors
-+  verbs:
-+  - '*'
-+- apiGroups:
-+  - ""
-+  resources:
-+  - configmaps
-+  - secrets
-+  verbs:
-+  - '*'
-+---
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: monitoring-view
-+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
-+  {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
-+    rbac.authorization.k8s.io/aggregate-to-view: "true"
-+  {{- end }}
-+rules:
-+- apiGroups:
-+  - monitoring.coreos.com
-+  resources:
-+  - alertmanagers
-+  - prometheuses
-+  - prometheuses/finalizers
-+  - alertmanagers/finalizers
-+  - thanosrulers
-+  - thanosrulers/finalizers
-+  - servicemonitors
-+  - podmonitors
-+  - prometheusrules
-+  - podmonitors
-+  verbs:
-+  - 'get'
-+  - 'list'
-+  - 'watch'
-+- apiGroups:
-+  - ""
-+  resources:
-+  - configmaps
-+  - secrets
-+  verbs:
-+  - 'get'
-+  - 'list'
-+  - 'watch'
-+{{- if .Values.grafana.enabled }}
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: grafana-config-edit
-+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
-+rules:
-+- apiGroups:
-+  - ""
-+  resources:
-+  - configmaps
-+  - secrets
-+  verbs:
-+  - '*'
-+---
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: grafana-config-view
-+  labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
-+rules:
-+- apiGroups:
-+  - ""
-+  resources:
-+  - configmaps
-+  - secrets
-+  verbs:
-+  - 'get'
-+  - 'list'
-+  - 'watch'
-+{{- end }}
-+{{- end }}
-\ No newline at end of file
 diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/values.yaml packages/rancher-monitoring/charts/values.yaml
 --- packages/rancher-monitoring/charts-original/values.yaml
 +++ packages/rancher-monitoring/charts/values.yaml