+++ /dev/null
-{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: {{ template "prometheus-operator.fullname" . }}-prometheus
- labels:
- app: {{ template "prometheus-operator.name" . }}-prometheus
-{{ include "prometheus-operator.labels" . | indent 4 }}
-rules:
-- apiGroups:
- - ""
- resources:
- - nodes/metrics
- verbs:
- - get
- - list
- - watch
-# This permission are not in the prometheus-operator repo
-# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
-- apiGroups: [""]
- resources:
- - nodes
- - nodes/proxy
- - services
- - endpoints
- - pods
- verbs: ["get", "list", "watch"]
-- apiGroups:
- - extensions
- resources:
- - ingresses
- verbs: ["get", "list", "watch"]
-- nonResourceURLs: ["/metrics"]
- verbs: ["get"]
-{{- end }}
\ No newline at end of file