andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-charts/charts/rancher-monitoring/100.1.1+up19.0.3/templates/rancher-monitoring/clusterrole.yaml

131 lines
3.3 KiB
YAML
Raw Blame History

{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: monitoring-admin
labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
{{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }}
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- prometheuses/finalizers
- alertmanagers/finalizers
verbs:
- 'get'
- 'list'
- 'watch'
- apiGroups:
- monitoring.coreos.com
resources:
- thanosrulers
- thanosrulers/finalizers
- servicemonitors
- podmonitors
- prometheusrules
- podmonitors
- probes
- probes/finalizers
- alertmanagerconfigs
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: monitoring-edit
labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
{{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- end }}
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- prometheuses/finalizers
- alertmanagers/finalizers
verbs:
- 'get'
- 'list'
- 'watch'
- apiGroups:
- monitoring.coreos.com
resources:
- thanosrulers
- thanosrulers/finalizers
- servicemonitors
- podmonitors
- prometheusrules
- podmonitors
- probes
- alertmanagerconfigs
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: monitoring-view
labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
{{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- end }}
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- prometheuses/finalizers
- alertmanagers/finalizers
- thanosrulers
- thanosrulers/finalizers
- servicemonitors
- podmonitors
- prometheusrules
- podmonitors
- probes
- probes/finalizers
- alertmanagerconfigs
verbs:
- 'get'
- 'list'
- 'watch'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: monitoring-ui-view
labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- services/proxy
resourceNames:
- "http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}"
- "https:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}"
- "http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}"
- "https:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}"
- "http:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}"
- "https:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}"
verbs:
- 'get'
- apiGroups:
- ""
resourceNames:
- {{ template "kube-prometheus-stack.fullname" . }}-prometheus
- {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
- {{ include "call-nested" (list . "grafana" "grafana.fullname") }}
resources:
- endpoints
verbs:
- list
{{- end }}
Reference in New Issue View Git Blame Copy Permalink