github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml (about) 1 {{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/rbac-crd.md */}} 2 {{- if and .Values.global.rbac.create .Values.global.rbac.createAggregateClusterRoles }} 3 kind: ClusterRole 4 apiVersion: rbac.authorization.k8s.io/v1 5 metadata: 6 name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-view 7 labels: 8 rbac.authorization.k8s.io/aggregate-to-admin: "true" 9 rbac.authorization.k8s.io/aggregate-to-edit: "true" 10 rbac.authorization.k8s.io/aggregate-to-view: "true" 11 app: {{ template "kube-prometheus-stack.name" . }}-operator 12 {{- include "kube-prometheus-stack.labels" . | nindent 4 }} 13 rules: 14 - apiGroups: ["monitoring.coreos.com"] 15 resources: ["alertmanagers", "alertmanagerconfigs", "prometheuses", "prometheusrules", "servicemonitors", "podmonitors", "probes"] 16 verbs: ["get", "list", "watch"] 17 --- 18 kind: ClusterRole 19 apiVersion: rbac.authorization.k8s.io/v1 20 metadata: 21 name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-edit 22 labels: 23 rbac.authorization.k8s.io/aggregate-to-edit: "true" 24 rbac.authorization.k8s.io/aggregate-to-admin: "true" 25 app: {{ template "kube-prometheus-stack.name" . }}-operator 26 {{- include "kube-prometheus-stack.labels" . | nindent 4 }} 27 rules: 28 - apiGroups: ["monitoring.coreos.com"] 29 resources: ["alertmanagers", "alertmanagerconfigs", "prometheuses", "prometheusrules", "servicemonitors", "podmonitors", "probes"] 30 verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 31 {{- end }}