A monitoring/prometheus/clusterrole.yaml => monitoring/prometheus/clusterrole.yaml +11 -0
@@ 0,0 1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: prometheus
+rules:
+ - apiGroups: ['']
+ resources: [pods, nodes]
+ verbs: [get, list, watch]
+ - apiGroups: ['']
+ resources: [nodes/metrics]
+ verbs: [get]
A monitoring/prometheus/clusterrolebinding.yaml => monitoring/prometheus/clusterrolebinding.yaml +13 -0
@@ 0,0 1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ creationTimestamp: null
+ name: prometheus
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: prometheus
+subjects:
+- kind: ServiceAccount
+ name: prometheus
+ namespace: prometheus
M monitoring/prometheus/deployment.yaml => monitoring/prometheus/deployment.yaml +1 -0
@@ 14,6 14,7 @@ spec:
volumeMounts:
- name: configs
mountPath: /etc/prometheus
+ serviceAccountName: prometheus
volumes:
- name: configs
configMap:
M monitoring/prometheus/kustomization.yaml => monitoring/prometheus/kustomization.yaml +3 -0
@@ 10,3 10,6 @@ resources:
- namespace.yaml
- deployment.yaml
- configmap.yaml
+ - serviceaccount.yaml
+ - clusterrole.yaml
+ - clusterrolebinding.yaml
A monitoring/prometheus/serviceaccount.yaml => monitoring/prometheus/serviceaccount.yaml +5 -0
@@ 0,0 1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ creationTimestamp: null
+ name: prometheus