153 lines
2.8 KiB
YAML
153 lines
2.8 KiB
YAML
{{- $kubeRes := .Values.clusterAgent.collection.kubernetesResources }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ include "stackstate-k8s-agent.fullname" . }}
|
|
labels:
|
|
{{ include "stackstate-k8s-agent.labels" . | indent 4 }}
|
|
{{ include "stackstate-k8s-agent.global.extraLabels" . | indent 4 }}
|
|
app.kubernetes.io/component: cluster-agent
|
|
annotations:
|
|
{{ include "stackstate-k8s-agent.global.extraAnnotations" . | indent 4 }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
- nodes
|
|
- pods
|
|
- services
|
|
{{- if $kubeRes.namespaces }}
|
|
- namespaces
|
|
{{- end }}
|
|
{{- if .Values.clusterAgent.collection.kubernetesMetrics }}
|
|
- componentstatuses
|
|
{{- end }}
|
|
{{- if $kubeRes.configmaps }}
|
|
- configmaps
|
|
{{- end }}
|
|
{{- if $kubeRes.endpoints }}
|
|
- endpoints
|
|
{{- end }}
|
|
{{- if $kubeRes.persistentvolumeclaims }}
|
|
- persistentvolumeclaims
|
|
{{- end }}
|
|
{{- if $kubeRes.persistentvolumes }}
|
|
- persistentvolumes
|
|
{{- end }}
|
|
{{- if $kubeRes.secrets }}
|
|
- secrets
|
|
{{- end }}
|
|
{{- if $kubeRes.resourcequotas }}
|
|
- resourcequotas
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- if or $kubeRes.daemonsets $kubeRes.deployments $kubeRes.replicasets $kubeRes.statefulsets }}
|
|
- apiGroups:
|
|
- "apps"
|
|
resources:
|
|
{{- if $kubeRes.daemonsets }}
|
|
- daemonsets
|
|
{{- end }}
|
|
{{- if $kubeRes.deployments }}
|
|
- deployments
|
|
{{- end }}
|
|
{{- if $kubeRes.replicasets }}
|
|
- replicasets
|
|
{{- end }}
|
|
{{- if $kubeRes.statefulsets }}
|
|
- statefulsets
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- end}}
|
|
{{- if $kubeRes.ingresses }}
|
|
- apiGroups:
|
|
- "extensions"
|
|
- "networking.k8s.io"
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- end}}
|
|
{{- if or $kubeRes.cronjobs $kubeRes.jobs }}
|
|
- apiGroups:
|
|
- "batch"
|
|
resources:
|
|
{{- if $kubeRes.cronjobs }}
|
|
- cronjobs
|
|
{{- end }}
|
|
{{- if $kubeRes.jobs }}
|
|
- jobs
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
{{- end}}
|
|
- nonResourceURLs:
|
|
- "/healthz"
|
|
- "/version"
|
|
verbs:
|
|
- get
|
|
- apiGroups:
|
|
- "storage.k8s.io"
|
|
resources:
|
|
{{- if $kubeRes.volumeattachments }}
|
|
- volumeattachments
|
|
{{- end }}
|
|
{{- if $kubeRes.storageclasses }}
|
|
- storageclasses
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "policy"
|
|
resources:
|
|
{{- if $kubeRes.poddisruptionbudgets }}
|
|
- poddisruptionbudgets
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
{{- if $kubeRes.replicationcontrollers }}
|
|
- replicationcontrollers
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "autoscaling"
|
|
resources:
|
|
{{- if $kubeRes.horizontalpodautoscalers }}
|
|
- horizontalpodautoscalers
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
{{- if $kubeRes.limitranges }}
|
|
- limitranges
|
|
{{- end }}
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|