Skip to content
Snippets Groups Projects
Unverified Commit 3fecdadf authored by Cyril Jouve's avatar Cyril Jouve Committed by GitHub
Browse files

add monitor and rules resources to user-facing roles (#2238) 

in cluster with separation between (cluster) admin and (namespaced)
users, it allows the namespaced users to create monitor and rules in
their namespaces according to the default k8s model of user-facing
roles.

ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
parent 1deaee53
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet 0 → 100644
+ 67
0
View file @ 3fecdadf
// user facing roles for monitors, probe, and rules
// ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
{
prometheusOperator+: {
local po = self,
clusterRoleView: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: po._metadata {
name: 'monitoring-view',
namespace:: null,
labels+: {
'rbac.authorization.k8s.io/aggregate-to-view': 'true',
},
},
rules: [
{
apiGroups: [
'monitoring.coreos.com',
],
resources: [
'podmonitors',
'probes',
'prometheusrules',
'servicemonitors',
],
verbs: [
'get',
'list',
'watch',
],
},
],
},
clusterRoleEdit: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: po._metadata {
name: 'monitoring-edit',
namespace:: null,
labels+: {
'rbac.authorization.k8s.io/aggregate-to-edit': 'true',
},
},
rules: [
{
apiGroups: [
'monitoring.coreos.com',
],
resources: [
'podmonitors',
'probes',
'prometheusrules',
'servicemonitors',
],
verbs: [
'create',
'delete',
'deletecollection',
'patch',
'update',
],
},
],
},
},
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment