andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/kubecost/cost-analyzer/2.5.2/templates/cost-analyzer-cluster-role-...

57 lines
2.1 KiB
YAML
Raw Blame History

{{- if .Values.reporting }}
{{- if .Values.reporting.logCollection }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "cost-analyzer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cost-analyzer.commonLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "cost-analyzer.serviceAccountName" . }}
subjects:
- kind: ServiceAccount
name: {{ template "cost-analyzer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
{{- end }}
{{- end }}
{{- if (not .Values.kubecostModel.etlReadOnlyMode) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cost-analyzer.serviceAccountName" . }}
labels:
{{- include "cost-analyzer.commonLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "cost-analyzer.serviceAccountName" . }}
subjects:
- kind: ServiceAccount
name: {{ template "cost-analyzer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
{{- end }}
{{- if and .Values.global.platforms.openshift.enabled .Values.global.platforms.openshift.createMonitoringClusterRoleBinding }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cost-analyzer.serviceAccountName" . }}-openshift-monitoring
labels:
{{ include "cost-analyzer.commonLabels" . | nindent 4 }}
roleRef:
# Grant the kubecost service account the cluster-monitoring-view role to enable it to query OpenShift Prometheus.
# This is necessary for Kubecost to get access and query the in-cluster Prometheus instance using its service account token.
# https://docs.redhat.com/en/documentation/openshift_container_platform/4.2/html/monitoring/cluster-monitoring#monitoring-accessing-prometheus-alerting-ui-grafana-using-the-web-console_accessing-prometheus
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-monitoring-view
subjects:
- kind: ServiceAccount
name: {{ template "cost-analyzer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink