github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-state-metrics/templates/role.yaml (about) 1 {{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} 2 {{- range (ternary (join "," .Values.namespaces | split "," ) (list "") (eq $.Values.rbac.useClusterRole false)) }} 3 --- 4 apiVersion: rbac.authorization.k8s.io/v1 5 {{- if eq $.Values.rbac.useClusterRole false }} 6 kind: Role 7 {{- else }} 8 kind: ClusterRole 9 {{- end }} 10 metadata: 11 labels: 12 {{- include "kube-state-metrics.labels" $ | indent 4 }} 13 name: {{ template "kube-state-metrics.fullname" $ }} 14 {{- if eq $.Values.rbac.useClusterRole false }} 15 namespace: {{ . }} 16 {{- end }} 17 rules: 18 {{ if has "certificatesigningrequests" $.Values.collectors }} 19 - apiGroups: ["certificates.k8s.io"] 20 resources: 21 - certificatesigningrequests 22 verbs: ["list", "watch"] 23 {{ end -}} 24 {{ if has "configmaps" $.Values.collectors }} 25 - apiGroups: [""] 26 resources: 27 - configmaps 28 verbs: ["list", "watch"] 29 {{ end -}} 30 {{ if has "cronjobs" $.Values.collectors }} 31 - apiGroups: ["batch"] 32 resources: 33 - cronjobs 34 verbs: ["list", "watch"] 35 {{ end -}} 36 {{ if has "daemonsets" $.Values.collectors }} 37 - apiGroups: ["extensions", "apps"] 38 resources: 39 - daemonsets 40 verbs: ["list", "watch"] 41 {{ end -}} 42 {{ if has "deployments" $.Values.collectors }} 43 - apiGroups: ["extensions", "apps"] 44 resources: 45 - deployments 46 verbs: ["list", "watch"] 47 {{ end -}} 48 {{ if has "endpoints" $.Values.collectors }} 49 - apiGroups: [""] 50 resources: 51 - endpoints 52 verbs: ["list", "watch"] 53 {{ end -}} 54 {{ if has "endpointslices" $.Values.collectors }} 55 - apiGroups: ["discovery.k8s.io"] 56 resources: 57 - endpointslices 58 verbs: ["list", "watch"] 59 {{ end -}} 60 {{ if has "horizontalpodautoscalers" $.Values.collectors }} 61 - apiGroups: ["autoscaling"] 62 resources: 63 - horizontalpodautoscalers 64 verbs: ["list", "watch"] 65 {{ end -}} 66 {{ if has "ingresses" $.Values.collectors }} 67 - apiGroups: ["extensions", "networking.k8s.io"] 68 resources: 69 - ingresses 70 verbs: ["list", "watch"] 71 {{ end -}} 72 {{ if has "jobs" $.Values.collectors }} 73 - apiGroups: ["batch"] 74 resources: 75 - jobs 76 verbs: ["list", "watch"] 77 {{ end -}} 78 {{ if has "leases" $.Values.collectors }} 79 - apiGroups: ["coordination.k8s.io"] 80 resources: 81 - leases 82 verbs: ["list", "watch"] 83 {{ end -}} 84 {{ if has "limitranges" $.Values.collectors }} 85 - apiGroups: [""] 86 resources: 87 - limitranges 88 verbs: ["list", "watch"] 89 {{ end -}} 90 {{ if has "mutatingwebhookconfigurations" $.Values.collectors }} 91 - apiGroups: ["admissionregistration.k8s.io"] 92 resources: 93 - mutatingwebhookconfigurations 94 verbs: ["list", "watch"] 95 {{ end -}} 96 {{ if has "namespaces" $.Values.collectors }} 97 - apiGroups: [""] 98 resources: 99 - namespaces 100 verbs: ["list", "watch"] 101 {{ end -}} 102 {{ if has "networkpolicies" $.Values.collectors }} 103 - apiGroups: ["networking.k8s.io"] 104 resources: 105 - networkpolicies 106 verbs: ["list", "watch"] 107 {{ end -}} 108 {{ if has "nodes" $.Values.collectors }} 109 - apiGroups: [""] 110 resources: 111 - nodes 112 verbs: ["list", "watch"] 113 {{ end -}} 114 {{ if has "persistentvolumeclaims" $.Values.collectors }} 115 - apiGroups: [""] 116 resources: 117 - persistentvolumeclaims 118 verbs: ["list", "watch"] 119 {{ end -}} 120 {{ if has "persistentvolumes" $.Values.collectors }} 121 - apiGroups: [""] 122 resources: 123 - persistentvolumes 124 verbs: ["list", "watch"] 125 {{ end -}} 126 {{ if has "poddisruptionbudgets" $.Values.collectors }} 127 - apiGroups: ["policy"] 128 resources: 129 - poddisruptionbudgets 130 verbs: ["list", "watch"] 131 {{ end -}} 132 {{ if has "pods" $.Values.collectors }} 133 - apiGroups: [""] 134 resources: 135 - pods 136 verbs: ["list", "watch"] 137 {{ end -}} 138 {{ if has "replicasets" $.Values.collectors }} 139 - apiGroups: ["extensions", "apps"] 140 resources: 141 - replicasets 142 verbs: ["list", "watch"] 143 {{ end -}} 144 {{ if has "replicationcontrollers" $.Values.collectors }} 145 - apiGroups: [""] 146 resources: 147 - replicationcontrollers 148 verbs: ["list", "watch"] 149 {{ end -}} 150 {{ if has "resourcequotas" $.Values.collectors }} 151 - apiGroups: [""] 152 resources: 153 - resourcequotas 154 verbs: ["list", "watch"] 155 {{ end -}} 156 {{ if has "secrets" $.Values.collectors }} 157 - apiGroups: [""] 158 resources: 159 - secrets 160 verbs: ["list", "watch"] 161 {{ end -}} 162 {{ if has "services" $.Values.collectors }} 163 - apiGroups: [""] 164 resources: 165 - services 166 verbs: ["list", "watch"] 167 {{ end -}} 168 {{ if has "statefulsets" $.Values.collectors }} 169 - apiGroups: ["apps"] 170 resources: 171 - statefulsets 172 verbs: ["list", "watch"] 173 {{ end -}} 174 {{ if has "storageclasses" $.Values.collectors }} 175 - apiGroups: ["storage.k8s.io"] 176 resources: 177 - storageclasses 178 verbs: ["list", "watch"] 179 {{ end -}} 180 {{ if has "validatingwebhookconfigurations" $.Values.collectors }} 181 - apiGroups: ["admissionregistration.k8s.io"] 182 resources: 183 - validatingwebhookconfigurations 184 verbs: ["list", "watch"] 185 {{ end -}} 186 {{ if has "volumeattachments" $.Values.collectors }} 187 - apiGroups: ["storage.k8s.io"] 188 resources: 189 - volumeattachments 190 verbs: ["list", "watch"] 191 {{ end -}} 192 {{- if $.Values.kubeRBACProxy.enabled }} 193 - apiGroups: ["authentication.k8s.io"] 194 resources: 195 - tokenreviews 196 verbs: ["create"] 197 - apiGroups: ["authorization.k8s.io"] 198 resources: 199 - subjectaccessreviews 200 verbs: ["create"] 201 {{- end }} 202 {{- if $.Values.customResourceState.enabled }} 203 - apiGroups: ["apiextensions.k8s.io"] 204 resources: 205 - customresourcedefinitions 206 verbs: ["list", "watch"] 207 {{- end }} 208 {{ if $.Values.rbac.extraRules }} 209 {{ toYaml $.Values.rbac.extraRules }} 210 {{ end }} 211 {{- end -}} 212 {{- end -}}