| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- {{- if and .Values.rbac.create (empty .Values.server.useExistingClusterRoleName) -}}
- apiVersion: {{ template "rbac.apiVersion" . }}
- kind: ClusterRole
- metadata:
- labels:
- {{- include "prometheus.server.labels" . | nindent 4 }}
- name: {{ include "prometheus.clusterRoleName" . }}
- rules:
- {{- if and .Values.podSecurityPolicy.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
- - apiGroups:
- - extensions
- resources:
- - podsecuritypolicies
- verbs:
- - use
- resourceNames:
- - {{ template "prometheus.server.fullname" . }}
- {{- end }}
- - apiGroups:
- - ""
- resources:
- - nodes
- - nodes/proxy
- - nodes/metrics
- - services
- - endpoints
- - pods
- - ingresses
- - configmaps
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "extensions"
- - "networking.k8s.io"
- resources:
- - ingresses/status
- - ingresses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "discovery.k8s.io"
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
- - nonResourceURLs:
- - "/metrics"
- verbs:
- - get
- {{- end }}
|
