github.com/verrazzano/verrazzano-monitoring-operator@v0.0.30/k8s/manifests/verrazzano-monitoring-operator.yaml (about) 1 # Copyright (C) 2020, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 apiVersion: v1 4 kind: Secret 5 type: Opaque 6 metadata: 7 name: vmo-oci-config 8 namespace: default 9 --- 10 apiVersion: v1 11 kind: ServiceAccount 12 metadata: 13 name: verrazzano-monitoring-operator 14 namespace: default 15 labels: 16 k8s-app: verrazzano-monitoring-operator 17 --- 18 apiVersion: rbac.authorization.k8s.io/v1 19 kind: ClusterRole 20 metadata: 21 labels: 22 k8s-app: verrazzano-monitoring-operator 23 name: verrazzano-monitoring-operator-cluster-role-default 24 rules: 25 - apiGroups: 26 - "" 27 resources: 28 - nodes 29 - nodes/proxy 30 - persistentvolumeclaims 31 - services 32 - configmaps 33 - secrets 34 - namespaces 35 - endpoints 36 - pods 37 verbs: 38 - get 39 - list 40 - watch 41 - update 42 - create 43 - delete 44 - apiGroups: 45 - "" 46 resources: 47 - events 48 verbs: 49 - get 50 - list 51 - watch 52 - create 53 - patch 54 # Following rule required to allow operator to grant Cirith "create" verb on "pods/exec" 55 - apiGroups: 56 - "" 57 resources: 58 - pods/exec 59 verbs: 60 - create 61 # Following rule required to allow operator to grant Cirith "get" verb on "pods/log" 62 - apiGroups: 63 - "" 64 resources: 65 - pods/log 66 verbs: 67 - get 68 - apiGroups: 69 - apiextensions.k8s.io 70 resources: 71 - customresourcedefinitions 72 verbs: 73 - get 74 - list 75 - watch 76 - apiGroups: 77 - apps 78 resources: 79 - deployments 80 - statefulsets 81 verbs: 82 - get 83 - list 84 - watch 85 - create 86 - update 87 - delete 88 - apiGroups: 89 - rbac.authorization.k8s.io 90 resources: 91 - rolebindings 92 verbs: 93 - get 94 - list 95 - watch 96 - update 97 - create 98 - delete 99 - apiGroups: 100 - rbac.authorization.k8s.io 101 resources: 102 - clusterroles 103 - roles 104 verbs: 105 - get 106 - list 107 - watch 108 - apiGroups: 109 - extensions 110 resources: 111 - ingresses 112 verbs: 113 - get 114 - list 115 - watch 116 - create 117 - update 118 - delete 119 - apiGroups: 120 - extensions 121 resources: 122 - jobs 123 verbs: 124 - get 125 - list 126 - watch 127 - create 128 - update 129 - delete 130 - apiGroups: 131 - batch 132 resources: 133 - jobs 134 - cronjobs 135 verbs: 136 - create 137 - get 138 - patch 139 - update 140 - delete 141 - list 142 - watch 143 - apiGroups: 144 - storage.k8s.io 145 resources: 146 - storageclasses 147 verbs: 148 - get 149 - list 150 - watch 151 - apiGroups: 152 - verrazzano.io 153 resources: 154 - verrazzanomonitoringinstances 155 verbs: 156 - get 157 - list 158 - watch 159 - update 160 - nonResourceURLs: ["/metrics"] 161 verbs: ["get"] 162 --- 163 apiVersion: rbac.authorization.k8s.io/v1 164 kind: ClusterRoleBinding 165 metadata: 166 labels: 167 k8s-app: verrazzano-monitoring-operator 168 name: verrazzano-monitoring-operator-cluster-role-binding-default 169 roleRef: 170 apiGroup: rbac.authorization.k8s.io 171 kind: ClusterRole 172 name: verrazzano-monitoring-operator-cluster-role-default 173 subjects: 174 - kind: ServiceAccount 175 name: verrazzano-monitoring-operator 176 namespace: default 177 --- 178 apiVersion: rbac.authorization.k8s.io/v1 179 kind: ClusterRoleBinding 180 metadata: 181 labels: 182 k8s-app: verrazzano-monitoring-operator 183 name: verrazzano-monitoring-operator-cluster-role-default-binding-default 184 roleRef: 185 apiGroup: rbac.authorization.k8s.io 186 kind: ClusterRole 187 name: verrazzano-monitoring-operator-cluster-role-default 188 subjects: 189 - kind: ServiceAccount 190 name: default 191 namespace: default 192 --- 193 apiVersion: rbac.authorization.k8s.io/v1 194 kind: ClusterRole 195 metadata: 196 name: vmi-cluster-role-default 197 rules: 198 - apiGroups: 199 - "" 200 resources: 201 - configmaps 202 - secrets 203 verbs: 204 - get 205 - list 206 - watch 207 - update 208 - create 209 - delete 210 - apiGroups: 211 - "" 212 resources: 213 - pods 214 verbs: 215 - get 216 - list 217 - watch 218 - delete 219 # Following rule required to grant Cirith "create" verb on "pods/exec" 220 - apiGroups: 221 - "" 222 resources: 223 - pods/exec 224 verbs: 225 - create 226 - apiGroups: 227 - "" 228 resources: 229 - pods/log 230 verbs: 231 - get 232 - apiGroups: 233 - "batch" 234 - "extensions" 235 resources: 236 - jobs 237 verbs: 238 - get 239 - list 240 - watch 241 - update 242 - create 243 - delete 244 - apiGroups: 245 - verrazzano.io 246 resources: 247 - verrazzanomonitoringinstances 248 verbs: 249 - get 250 - list 251 - watch 252 - update 253 --- 254 apiVersion: v1 255 kind: ConfigMap 256 metadata: 257 name: verrazzano-monitoring-operator-config 258 namespace: default 259 labels: 260 app: verrazzano-monitoring-operator 261 data: 262 config: | 263 metricsPort: 8090 264 --- 265 apiVersion: apps/v1 266 kind: Deployment 267 metadata: 268 name: verrazzano-monitoring-operator 269 namespace: default 270 labels: 271 k8s-app: verrazzano-monitoring-operator 272 spec: 273 replicas: 1 274 selector: 275 matchLabels: 276 k8s-app: verrazzano-monitoring-operator 277 template: 278 metadata: 279 labels: 280 k8s-app: verrazzano-monitoring-operator 281 spec: 282 containers: 283 - name: verrazzano-monitoring-operator 284 imagePullPolicy: Always 285 image: container-registry.oracle.com/verrazzano/verrazzano-monitoring-operator:latest 286 ports: 287 - containerPort: 8080 288 name: http 289 protocol: TCP 290 - containerPort: 8090 291 name: metrics 292 protocol: TCP 293 livenessProbe: 294 failureThreshold: 5 295 httpGet: 296 path: /health 297 port: 8080 298 scheme: HTTP 299 initialDelaySeconds: 3 300 periodSeconds: 10 301 successThreshold: 1 302 timeoutSeconds: 5 303 args: 304 - --v=4 305 - --namespace=default 306 - --watchNamespace=default 307 - --watchVmi= 308 serviceAccountName: verrazzano-monitoring-operator 309 --- 310 apiVersion: v1 311 kind: Service 312 metadata: 313 name: verrazzano-monitoring-operator 314 namespace: default 315 labels: 316 k8s-app: verrazzano-monitoring-operator 317 spec: 318 type: NodePort 319 ports: 320 - port: 8090 321 targetPort: 8090 322 name: metrics 323 selector: 324 k8s-app: verrazzano-monitoring-operator