github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus/clusterrole.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus/clusterrole.yaml (about)

     1  {{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  kind: ClusterRole
     4  metadata:
     5    name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
     6    labels:
     7      app: {{ template "kube-prometheus-stack.name" . }}-prometheus
     8  {{ include "kube-prometheus-stack.labels" . | indent 4 }}
     9  rules:
    10  # This permission are not in the kube-prometheus repo
    11  # they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
    12  - apiGroups: [""]
    13    resources:
    14    - nodes
    15    - nodes/metrics
    16    - services
    17    - endpoints
    18    - pods
    19    verbs: ["get", "list", "watch"]
    20  - apiGroups:
    21    - "networking.k8s.io"
    22    resources:
    23    - ingresses
    24    verbs: ["get", "list", "watch"]
    25  - nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
    26    verbs: ["get"]
    27  {{- if .Values.prometheus.additionalRulesForClusterRole }}
    28  {{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
    29  {{- end }}
    30  {{- end }}