Marcel-Wefers
/
ansible-kubernetes-hetzner
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-kubernetes-hetzner/templates/k8s_cluster/storage/rook/monitoring/rbac.yaml

114 lines
2.3 KiB
YAML
Raw Blame History

---
# OLM: BEGIN ROLE
# Aspects for creation of monitoring resources
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitor
namespace: rook-ceph
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- list
- watch
- create
- update
- delete
# OLM: END ROLE
---
# OLM: BEGIN ROLE BINDING
# Allow creation of monitoring resources
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitor
namespace: rook-ceph
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rook-ceph-monitor
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph
# OLM: END ROLE BINDING
---
# OLM: BEGIN ROLE
# Aspects for metrics collection
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-metrics
namespace: rook-ceph
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- pods
verbs:
- get
- list
- watch
# OLM: END ROLE
---
# OLM: BEGIN ROLE BINDING
# Allow collection of metrics
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-metrics
namespace: rook-ceph
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rook-ceph-metrics
subjects:
- kind: ServiceAccount
# change to the serviceaccount and namespace to use for monitoring
name: prometheus-k8s
namespace: rook-ceph
# OLM: END ROLE BINDING
---
# OLM: BEGIN ROLE
# Allow management of monitoring resources in the mgr
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitor-mgr
namespace: rook-ceph
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- list
- create
- update
# OLM: END ROLE
---
# OLM: BEGIN ROLE BINDING
# Allow creation of monitoring resources in the mgr
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitor-mgr
namespace: rook-ceph
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rook-ceph-monitor-mgr
subjects:
- kind: ServiceAccount
name: rook-ceph-mgr
namespace: rook-ceph
# OLM: END ROLE BINDING
---
Reference in New Issue View Git Blame Copy Permalink