-
Notifications
You must be signed in to change notification settings - Fork 333
/
role.yaml
30 lines (30 loc) · 1.02 KB
/
role.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{{- if .Values.rbac.create }}
# kubernetes_plugin: Give access to stats endpoints
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: influx-stats-viewer
labels:
{{- include "telegraf.labels" . | nindent 4 }}
rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes", "nodes/proxy", "nodes/stats", "persistentvolumes"]
verbs: ["get", "list", "watch"]
---
# Define global role with the default system:aggregate-to-view cluster role and the two rules we just created
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: influx:telegraf
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules: [] # Rules are automatically filled in by the controller manager.
{{- end }}