Skip to content

Commit

Permalink
Merge pull request #400 from mesosphere/jr/prometheus-ingress-roles
Browse files Browse the repository at this point in the history 
[prometheus] add prometheus RBAC roles
  • Loading branch information
@jr0d
jr0d authored Feb 4, 2020
2 parents dec2604 + 757b628 commit fd59bed
Show file tree
Hide file tree
Showing 5 changed files with 204 additions and 1 deletion.
2 changes: 1 addition & 1 deletion staging/prometheus-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ sources:
- https://github.com/coreos/kube-prometheus
- https://github.com/coreos/prometheus-operator
- https://coreos.com/operators/prometheus
version: 8.3.9
version: 8.3.10
appVersion: 0.34.0
tillerVersion: ">=2.12.0"
home: https://github.com/coreos/prometheus-operator
Expand Down
69 changes: 69 additions & 0 deletions staging/prometheus-operator/templates/ingress-rbac/alertmanager.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{{- if and .Values.mesosphereResources.ingressRBAC.enabled .Values.alertmanager.ingress.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-alertmanager-admin
labels:
app: {{ template "prometheus-operator.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.alertmanager.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
- delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-alertmanager-view
labels:
app: {{ template "prometheus-operator.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.alertmanager.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-alertmanager-edit
labels:
app: {{ template "prometheus-operator.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.alertmanager.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
{{- end }}
63 changes: 63 additions & 0 deletions staging/prometheus-operator/templates/ingress-rbac/grafana.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
{{- if and .Values.mesosphereResources.ingressRBAC.enabled .Values.grafana.ingress.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-grafana-admin
labels:
app: {{ template "prometheus-operator.name" . }}-grafana
{{- if .Values.grafana.ingress.labels }}
{{ toYaml .Values.grafana.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}/*
verbs:
- get
- head
- post
- put
- delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-grafana-view
labels:
app: {{ template "prometheus-operator.name" . }}-grafana
{{- if .Values.grafana.ingress.labels }}
{{ toYaml .Values.grafana.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}/*
verbs:
- get
- head

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-grafana-edit
labels:
app: {{ template "prometheus-operator.name" . }}-grafana
{{- if .Values.grafana.ingress.labels }}
{{ toYaml .Values.grafana.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}
- {{ .Values.grafana.ingress.path | trimSuffix "/" }}/*
verbs:
- get
- head
- post
- put
{{- end }}
69 changes: 69 additions & 0 deletions staging/prometheus-operator/templates/ingress-rbac/prometheus.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{{- if and .Values.mesosphereResources.ingressRBAC.enabled .Values.prometheus.ingress.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-prom-admin
labels:
app: {{ template "prometheus-operator.name" . }}-prom
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.prometheus.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
- delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-prom-view
labels:
app: {{ template "prometheus-operator.name" . }}-prom
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.prometheus.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "prometheus-operator.name" . }}-prom-edit
labels:
app: {{ template "prometheus-operator.name" . }}-prom
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
{{ include "prometheus-operator.labels" . | indent 4 }}
rules:
- nonResourceURLs:
{{- range .Values.prometheus.ingress.paths }}
- {{ . | trimSuffix "/" }}
- {{ . | trimSuffix "/" }}/*
{{- end }}
verbs:
- get
- head
- post
- put
{{- end }}
2 changes: 2 additions & 0 deletions staging/prometheus-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ mesosphereResources:
image: dwdraju/alpine-curl-jq
secretKeyRef: ops-portal-credentials
serviceURL: http://prometheus-kubeaddons-grafana.kubeaddons:3000
ingressRBAC:
enabled: true


## Provide custom recording or alerting rules to be deployed into the cluster.
Expand Down

0 comments on commit fd59bed

Please sign in to comment.