Move Prometheus-operator to operator package

[demo.git] / vnfs / DAaaS / operator / charts / prometheus-operator / templates / prometheus / clusterrole.yaml

diff --git a/vnfs/DAaaS/operator/charts/prometheus-operator/templates/prometheus/clusterrole.yaml b/vnfs/DAaaS/operator/charts/prometheus-operator/templates/prometheus/clusterrole.yaml
new file mode 100644 (file)
index 0000000..799027d
--- /dev/null
+++ b/vnfs/DAaaS/operator/charts/prometheus-operator/templates/prometheus/clusterrole.yaml
@@ -0,0 +1,35 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "prometheus-operator.fullname" . }}-prometheus
+  labels:
+    app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes/metrics
+  verbs:
+  - get
+  - list
+  - watch
+# This permission are not in the prometheus-operator repo
+# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+{{- end }}
\ No newline at end of file