{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "stackstate-k8s-agent.fullname" . }} labels: {{ include "stackstate-k8s-agent.labels" . | indent 4 }} {{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }} app.kubernetes.io/component: cluster-agent annotations: {{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }} rules: - apiGroups: - "" resources: - events - nodes - pods - services {{- if $kubeRes.namespaces }} - namespaces {{- end }} {{- if .Values.clusterAgent.collection.kubernetesMetrics }} - componentstatuses {{- end }} {{- if $kubeRes.configmaps }} - configmaps {{- end }} {{- if $kubeRes.endpoints }} - endpoints {{- end }} {{- if $kubeRes.persistentvolumeclaims }} - persistentvolumeclaims {{- end }} {{- if $kubeRes.persistentvolumes }} - persistentvolumes {{- end }} {{- if $kubeRes.secrets }} - secrets {{- end }} {{- if $kubeRes.resourcequotas }} - resourcequotas {{- end }} verbs: - get - list - watch {{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }} - apiGroups: - "apps" resources: {{- if $kubeRes.daemonsets }} - daemonsets {{- end }} {{- if $kubeRes.deployments }} - deployments {{- end }} {{- if $kubeRes.replicasets }} - replicasets {{- end }} {{- if $kubeRes.statefulsets }} - statefulsets {{- end }} verbs: - get - list - watch {{- end}} {{- if $kubeRes.ingresses }} - apiGroups: - "extensions" - "networking.k8s.io" resources: - ingresses verbs: - get - list - watch {{- end}} {{- if or $kubeRes.cronjobs $kubeRes.jobs }} - apiGroups: - "batch" resources: {{- if $kubeRes.cronjobs }} - cronjobs {{- end }} {{- if $kubeRes.jobs }} - jobs {{- end }} verbs: - get - list - watch {{- end}} - nonResourceURLs: - "/healthz" - "/version" verbs: - get - apiGroups: - "storage.k8s.io" resources: {{- if $kubeRes.volumeattachments }} - volumeattachments {{- end }} {{- if $kubeRes.storageclasses }} - storageclasses {{- end }} verbs: - get - list - watch - apiGroups: - "policy" resources: {{- if $kubeRes.poddisruptionbudgets }} - poddisruptionbudgets {{- end }} verbs: - get - list - watch - apiGroups: - "" resources: {{- if $kubeRes.replicationcontrollers }} - replicationcontrollers {{- end }} verbs: - get - list - watch - apiGroups: - "autoscaling" resources: {{- if $kubeRes.horizontalpodautoscalers }} - horizontalpodautoscalers {{- end }} verbs: - get - list - watch - apiGroups: - "" resources: {{- if $kubeRes.limitranges }} - limitranges {{- end }} verbs: - get - list - watch