Skip to content

Commit

Permalink
[prometheus] add prometheus RBAC roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@jr0d
jr0d committed Feb 4, 2020
1 parent dec2604 commit 8e6308b
Show file tree
Hide file tree
Showing 5 changed files with 205 additions and 1 deletion.
2 changes: 1 addition & 1 deletion staging/prometheus-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ sources:
- https://github.com/coreos/kube-prometheus
- https://github.com/coreos/prometheus-operator
- https://coreos.com/operators/prometheus
version: 8.3.9
version: 8.3.10
appVersion: 0.34.0
tillerVersion: ">=2.12.0"
home: https://github.com/coreos/prometheus-operator
Expand Down
69 changes: 69 additions & 0 deletions staging/prometheus-operator/templates/ingress-rbac/alertmanager.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{{- if and .Values.ingressRBAC.enabled .Values.alertmanager.ingress.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-alertmanager-admin
labels:
app: {{ template "prometheus-operator.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.alertmanager.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
- delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-alertmanager-view
labels:
app: {{ template "prometheus-operator.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.alertmanager.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-alertmanager-edit
labels:
app: {{ template "prometheus-operator.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.alertmanager.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
{{- end }}
63 changes: 63 additions & 0 deletions staging/prometheus-operator/templates/ingress-rbac/grafana.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
{{- if and .Values.ingressRBAC.enabled .Values.grafana.ingress.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-grafana-admin
labels:
app: {{ template "prometheus-operator.name" . }}-grafana
{{- if .Values.grafana.ingress.labels }}
{{ toYaml .Values.grafana.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}/*
verbs:
- get
- head
- post
- put
- delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-grafana-view
labels:
app: {{ template "prometheus-operator.name" . }}-grafana
{{- if .Values.grafana.ingress.labels }}
{{ toYaml .Values.grafana.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}/*
verbs:
- get
- head

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-grafana-edit
labels:
app: {{ template "prometheus-operator.name" . }}-grafana
{{- if .Values.grafana.ingress.labels }}
{{ toYaml .Values.grafana.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}/*
verbs:
- get
- head
- post
- put
{{- end }}
69 changes: 69 additions & 0 deletions staging/prometheus-operator/templates/ingress-rbac/prometheus.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{{- if and .Values.ingressRBAC.enabled .Values.prometheus.ingress.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-prom-admin
labels:
app: {{ template "prometheus-operator.name" . }}-prom
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.prometheus.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
- delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-prom-view
labels:
app: {{ template "prometheus-operator.name" . }}-prom
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.prometheus.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-prom-edit
labels:
app: {{ template "prometheus-operator.name" . }}-prom
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.prometheus.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
{{- end }}
3 changes: 3 additions & 0 deletions staging/prometheus-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1885,3 +1885,6 @@ prometheus:
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint
##
# podMetricsEndpoints: []

ingressRBAC:
enabled: true

0 comments on commit 8e6308b

Please sign in to comment.