Skip to content

Commit 4cb110d

Browse files
solssonsolsson
authored
Merge pull request #5 from Yolean/rbac-prometheus
Additional RBAC for Prometheus
2 parents 4d008af + 4f165fc commit 4cb110d

File tree

5 files changed

+49
-36
lines changed

5 files changed

+49
-36
lines changed

custom-prometheus/prometheus-cluster-role-binding.yaml

Lines changed: 0 additions & 13 deletions
This file was deleted.

custom-prometheus/prometheus-cluster-role.yaml

Lines changed: 0 additions & 18 deletions
This file was deleted.

custom-prometheus/prometheus-service-account.yaml

Lines changed: 0 additions & 4 deletions
This file was deleted.

custom-prometheus/prometheus.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ metadata:
88
spec:
99
replicas: 1
1010
version: v2.0.0-rc.3
11-
serviceAccountName: prometheus
11+
serviceAccountName: prometheus-custom
1212
serviceMonitorSelector:
1313
alerting:
1414
alertmanagers:

custom-prometheus/rbac.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
---
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: prometheus-custom
6+
namespace: monitoring
7+
annotations:
8+
manifest-origin: github.com/Yolean/kubernetes-monitoring
9+
---
10+
apiVersion: rbac.authorization.k8s.io/v1beta1
11+
kind: ClusterRole
12+
metadata:
13+
name: monitoring-by-prometheus-annotations
14+
annotations:
15+
manifest-origin: github.com/Yolean/kubernetes-monitoring
16+
rules:
17+
- apiGroups: [""]
18+
resources:
19+
- nodes
20+
- services
21+
- endpoints
22+
- pods
23+
verbs: ["get", "list", "watch"]
24+
- apiGroups: [""]
25+
resources:
26+
- configmaps
27+
verbs: ["get"]
28+
- apiGroups: ["extensions"]
29+
resources:
30+
- ingresses
31+
verbs: ["get", "list", "watch"]
32+
- nonResourceURLs: ["/metrics"]
33+
verbs: ["get"]
34+
---
35+
apiVersion: rbac.authorization.k8s.io/v1beta1
36+
kind: ClusterRoleBinding
37+
metadata:
38+
name: monitoring-by-prometheus-annotations
39+
annotations:
40+
manifest-origin: github.com/Yolean/kubernetes-monitoring
41+
roleRef:
42+
apiGroup: rbac.authorization.k8s.io
43+
kind: ClusterRole
44+
name: monitoring-by-prometheus-annotations
45+
subjects:
46+
- kind: ServiceAccount
47+
name: prometheus-custom
48+
namespace: monitoring

0 commit comments

Comments
 (0)