github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml (about) 1 {{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} 2 apiVersion: rbac.authorization.k8s.io/v1 3 kind: ClusterRole 4 metadata: 5 name: {{ template "kube-prometheus-stack.fullname" . }}-operator 6 labels: 7 app: {{ template "kube-prometheus-stack.name" . }}-operator 8 {{ include "kube-prometheus-stack.labels" . | indent 4 }} 9 rules: 10 - apiGroups: 11 - monitoring.coreos.com 12 resources: 13 - alertmanagers 14 - alertmanagers/status 15 - alertmanagers/finalizers 16 - alertmanagerconfigs 17 - prometheuses 18 - prometheuses/status 19 - prometheuses/finalizers 20 - thanosrulers 21 - thanosrulers/finalizers 22 - servicemonitors 23 - podmonitors 24 - probes 25 - prometheusrules 26 verbs: 27 - '*' 28 - apiGroups: 29 - apps 30 resources: 31 - statefulsets 32 verbs: 33 - '*' 34 - apiGroups: 35 - "" 36 resources: 37 - configmaps 38 - secrets 39 verbs: 40 - '*' 41 - apiGroups: 42 - "" 43 resources: 44 - pods 45 verbs: 46 - list 47 - delete 48 - apiGroups: 49 - "" 50 resources: 51 - services 52 - services/finalizers 53 - endpoints 54 verbs: 55 - get 56 - create 57 - update 58 - delete 59 - apiGroups: 60 - "" 61 resources: 62 - nodes 63 verbs: 64 - list 65 - watch 66 - apiGroups: 67 - "" 68 resources: 69 - namespaces 70 verbs: 71 - get 72 - list 73 - watch 74 - apiGroups: 75 - networking.k8s.io 76 resources: 77 - ingresses 78 verbs: 79 - get 80 - list 81 - watch 82 {{- if .Capabilities.APIVersions.Has "discovery.k8s.io/v1/EndpointSlice" }} 83 - apiGroups: 84 - discovery.k8s.io 85 resources: 86 - endpointslices 87 verbs: 88 - get 89 - list 90 - watch 91 {{- end }} 92 {{- end }}