|
|
@@ -38,104 +38,92 @@ objects:
|
|
|
metadata: {name: cluster-monitoring-operator}
|
|
|
rules:
|
|
|
- apiGroups: [rbac.authorization.k8s.io]
|
|
|
- resources: [roles, rolebindings, clusterroles, clusterrolebindings]
|
|
|
- verbs: [create, get, list, watch, update, delete]
|
|
|
+ resources: [clusterrolebindings, clusterroles, rolebindings, roles]
|
|
|
+ verbs: [create, delete, get, list, update, watch]
|
|
|
- apiGroups: ['']
|
|
|
- resources: [serviceaccounts]
|
|
|
- verbs: [create, get, list, watch, update, delete]
|
|
|
+ resources: [configmaps, serviceaccounts]
|
|
|
+ verbs: [create, delete, get, list, update, watch]
|
|
|
- apiGroups: [apps]
|
|
|
- resources: [deployments, daemonsets]
|
|
|
- verbs: [create, get, list, watch, update, delete]
|
|
|
+ resources: [daemonsets, deployments]
|
|
|
+ verbs: [create, delete, get, list, update, watch]
|
|
|
- apiGroups: [route.openshift.io]
|
|
|
resources: [routes]
|
|
|
- verbs: [create, get, list, watch, update, delete]
|
|
|
+ verbs: [create, delete, get, list, update, watch]
|
|
|
- apiGroups: [security.openshift.io]
|
|
|
resources: [securitycontextconstraints]
|
|
|
- verbs: [create, get, list, watch, update, delete]
|
|
|
+ verbs: [create, delete, get, list, update, watch]
|
|
|
- apiGroups: [authentication.k8s.io]
|
|
|
resources: [tokenreviews]
|
|
|
verbs: [create]
|
|
|
- apiGroups: [authorization.k8s.io]
|
|
|
resources: [subjectaccessreviews]
|
|
|
verbs: [create]
|
|
|
- - apiGroups: ['']
|
|
|
- resources: [nodes, pods, services, resourcequotas, replicationcontrollers, limitranges, persistentvolumeclaims, persistentvolumes, namespaces, endpoints]
|
|
|
+ - apiGroups: [apps]
|
|
|
+ resources: [daemonsets, deployments, replicasets, statefulsets]
|
|
|
verbs: [list, watch]
|
|
|
- apiGroups: [extensions]
|
|
|
resources: [daemonsets, deployments, replicasets]
|
|
|
verbs: [list, watch]
|
|
|
- - apiGroups: [apps]
|
|
|
- resources: [statefulsets]
|
|
|
+ - apiGroups: [autoscaling]
|
|
|
+ resources: [horizontalpodautoscalers]
|
|
|
verbs: [list, watch]
|
|
|
- apiGroups: [batch]
|
|
|
resources: [cronjobs, jobs]
|
|
|
verbs: [list, watch]
|
|
|
- - apiGroups: [autoscaling]
|
|
|
- resources: [horizontalpodautoscalers]
|
|
|
+ - apiGroups: ['']
|
|
|
+ resources: [configmaps, endpoints, limitranges, namespaces, nodes, persistentvolumeclaims,
|
|
|
+ persistentvolumes, pods, replicationcontrollers, resourcequotas, secrets, services]
|
|
|
verbs: [list, watch]
|
|
|
- - apiGroups: [authentication.k8s.io]
|
|
|
- resources: [tokenreviews]
|
|
|
- verbs: [create]
|
|
|
- - apiGroups: [authorization.k8s.io]
|
|
|
- resources: [subjectaccessreviews]
|
|
|
- verbs: [create]
|
|
|
- apiGroups: ['']
|
|
|
resources: [pods]
|
|
|
verbs: [get]
|
|
|
+ - apiGroups: [apps]
|
|
|
+ resourceNames: [kube-state-metrics]
|
|
|
+ resources: [deployments]
|
|
|
+ verbs: [get, update]
|
|
|
- apiGroups: [extensions]
|
|
|
resourceNames: [kube-state-metrics]
|
|
|
resources: [deployments]
|
|
|
verbs: [get, update]
|
|
|
- - apiGroups: [authentication.k8s.io]
|
|
|
- resources: [tokenreviews]
|
|
|
- verbs: [create]
|
|
|
- - apiGroups: [authorization.k8s.io]
|
|
|
- resources: [subjectaccessreviews]
|
|
|
- verbs: [create]
|
|
|
+ - apiGroups: ['']
|
|
|
+ resources: [namespaces]
|
|
|
+ verbs: [get]
|
|
|
+ - apiGroups: ['']
|
|
|
+ resources: [nodes/metrics]
|
|
|
+ verbs: [get]
|
|
|
- nonResourceURLs: [/metrics]
|
|
|
verbs: [get]
|
|
|
- - apiGroups: [authentication.k8s.io]
|
|
|
- resources: [tokenreviews]
|
|
|
- verbs: [create]
|
|
|
- - apiGroups: [authorization.k8s.io]
|
|
|
- resources: [subjectaccessreviews]
|
|
|
- verbs: [create]
|
|
|
- apiGroups: ['']
|
|
|
- resources: [namespaces, nodes/metrics]
|
|
|
+ resources: [configmaps]
|
|
|
verbs: [get]
|
|
|
- apiGroups: ['']
|
|
|
- resources: [nodes, services, endpoints, pods]
|
|
|
+ resources: [endpoints, nodes, pods, services]
|
|
|
verbs: [get, list, watch]
|
|
|
- apiGroups: ['']
|
|
|
- resources: [configmaps]
|
|
|
- verbs: [get]
|
|
|
- - apiGroups: [extensions]
|
|
|
- resources: [thirdpartyresources]
|
|
|
- verbs: ['*']
|
|
|
- - apiGroups: [apiextensions.k8s.io]
|
|
|
- resources: [customresourcedefinitions]
|
|
|
- verbs: ['*']
|
|
|
+ resources: [namespaces]
|
|
|
+ verbs: [list, watch]
|
|
|
+ - apiGroups: ['']
|
|
|
+ resources: [nodes]
|
|
|
+ verbs: [list, watch]
|
|
|
- apiGroups: [monitoring.coreos.com]
|
|
|
- resources: [alertmanagers, prometheuses, prometheuses/finalizers, alertmanagers/finalizers, servicemonitors, prometheusrules]
|
|
|
+ resources: [alertmanagers, alertmanagers/finalizers, prometheuses, prometheuses/finalizers,
|
|
|
+ prometheusrules, servicemonitors]
|
|
|
+ verbs: ['*']
|
|
|
+ - apiGroups: ['']
|
|
|
+ resources: [configmaps, secrets]
|
|
|
verbs: ['*']
|
|
|
- apiGroups: [apps]
|
|
|
resources: [statefulsets]
|
|
|
verbs: ['*']
|
|
|
- apiGroups: ['']
|
|
|
- resources: [configmaps, secrets]
|
|
|
- verbs: ['*']
|
|
|
+ resources: [endpoints, services]
|
|
|
+ verbs: [create, get, update]
|
|
|
- apiGroups: ['']
|
|
|
resources: [pods]
|
|
|
- verbs: [list, delete]
|
|
|
- - apiGroups: ['']
|
|
|
- resources: [services, endpoints]
|
|
|
- verbs: [get, create, update]
|
|
|
- - apiGroups: ['']
|
|
|
- resources: [nodes]
|
|
|
- verbs: [list, watch]
|
|
|
- - apiGroups: ['']
|
|
|
- resources: [namespaces]
|
|
|
- verbs: [list]
|
|
|
+ verbs: [delete, list]
|
|
|
+ - apiGroups: [apiextensions.k8s.io]
|
|
|
+ resources: [customresourcedefinitions]
|
|
|
+ verbs: ['*']
|
|
|
- apiVersion: v1
|
|
|
kind: ServiceAccount
|
|
|
metadata:
|
Lucas Serven