From b27b69e162c5cd2e9db24b7ab18973f92dc4d486 Mon Sep 17 00:00:00 2001
From: Max Leonard Inden <IndenML@gmail.com>
Date: Tue, 11 Dec 2018 15:34:02 +0100
Subject: [PATCH] kube-prometheus: Add poddisruptionbudgets to ksm cluster role
This patch allows kube-state-metrics to list and watch instances of
poddisruptionbudgets from the policy API group.
---
.../kube-state-metrics.libsonnet | 97 ++++++++++---------
1 file changed, 52 insertions(+), 45 deletions(-)
diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
index a3bb0ec6..153d7b08 100644
--- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
@@ -41,11 +41,11 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
clusterRole:
local clusterRole = k.rbac.v1.clusterRole;
- local policyRule = clusterRole.rulesType;
+ local rulesType = clusterRole.rulesType;
- local coreRule = policyRule.new() +
- policyRule.withApiGroups(['']) +
- policyRule.withResources([
+ local coreRule = rulesType.new() +
+ rulesType.withApiGroups(['']) +
+ rulesType.withResources([
'configmaps',
'secrets',
'nodes',
@@ -59,57 +59,64 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
'namespaces',
'endpoints',
]) +
- policyRule.withVerbs(['list', 'watch']);
+ rulesType.withVerbs(['list', 'watch']);
- local extensionsRule = policyRule.new() +
- policyRule.withApiGroups(['extensions']) +
- policyRule.withResources([
+ local extensionsRule = rulesType.new() +
+ rulesType.withApiGroups(['extensions']) +
+ rulesType.withResources([
'daemonsets',
'deployments',
'replicasets',
]) +
- policyRule.withVerbs(['list', 'watch']);
+ rulesType.withVerbs(['list', 'watch']);
- local appsRule = policyRule.new() +
- policyRule.withApiGroups(['apps']) +
- policyRule.withResources([
+ local appsRule = rulesType.new() +
+ rulesType.withApiGroups(['apps']) +
+ rulesType.withResources([
'statefulsets',
'daemonsets',
'deployments',
'replicasets',
]) +
- policyRule.withVerbs(['list', 'watch']);
+ rulesType.withVerbs(['list', 'watch']);
- local batchRule = policyRule.new() +
- policyRule.withApiGroups(['batch']) +
- policyRule.withResources([
+ local batchRule = rulesType.new() +
+ rulesType.withApiGroups(['batch']) +
+ rulesType.withResources([
'cronjobs',
'jobs',
]) +
- policyRule.withVerbs(['list', 'watch']);
+ rulesType.withVerbs(['list', 'watch']);
- local autoscalingRule = policyRule.new() +
- policyRule.withApiGroups(['autoscaling']) +
- policyRule.withResources([
+ local autoscalingRule = rulesType.new() +
+ rulesType.withApiGroups(['autoscaling']) +
+ rulesType.withResources([
'horizontalpodautoscalers',
]) +
- policyRule.withVerbs(['list', 'watch']);
+ rulesType.withVerbs(['list', 'watch']);
- local authenticationRole = policyRule.new() +
- policyRule.withApiGroups(['authentication.k8s.io']) +
- policyRule.withResources([
+ local authenticationRole = rulesType.new() +
+ rulesType.withApiGroups(['authentication.k8s.io']) +
+ rulesType.withResources([
'tokenreviews',
]) +
- policyRule.withVerbs(['create']);
+ rulesType.withVerbs(['create']);
- local authorizationRole = policyRule.new() +
- policyRule.withApiGroups(['authorization.k8s.io']) +
- policyRule.withResources([
+ local authorizationRole = rulesType.new() +
+ rulesType.withApiGroups(['authorization.k8s.io']) +
+ rulesType.withResources([
'subjectaccessreviews',
]) +
- policyRule.withVerbs(['create']);
+ rulesType.withVerbs(['create']);
- local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole];
+ local policyRule = rulesType.new() +
+ rulesType.withApiGroups(['policy']) +
+ rulesType.withResources([
+ 'poddisruptionbudgets',
+ ]) +
+ rulesType.withVerbs(['list', 'watch']);
+
+ local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole, policyRule];
clusterRole.new() +
clusterRole.mixin.metadata.withName('kube-state-metrics') +
@@ -208,30 +215,30 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
role:
local role = k.rbac.v1.role;
- local policyRule = role.rulesType;
+ local rulesType = role.rulesType;
- local coreRule = policyRule.new() +
- policyRule.withApiGroups(['']) +
- policyRule.withResources([
+ local coreRule = rulesType.new() +
+ rulesType.withApiGroups(['']) +
+ rulesType.withResources([
'pods',
]) +
- policyRule.withVerbs(['get']);
+ rulesType.withVerbs(['get']);
- local extensionsRule = policyRule.new() +
- policyRule.withApiGroups(['extensions']) +
- policyRule.withResources([
+ local extensionsRule = rulesType.new() +
+ rulesType.withApiGroups(['extensions']) +
+ rulesType.withResources([
'deployments',
]) +
- policyRule.withVerbs(['get', 'update']) +
- policyRule.withResourceNames(['kube-state-metrics']);
+ rulesType.withVerbs(['get', 'update']) +
+ rulesType.withResourceNames(['kube-state-metrics']);
- local appsRule = policyRule.new() +
- policyRule.withApiGroups(['apps']) +
- policyRule.withResources([
+ local appsRule = rulesType.new() +
+ rulesType.withApiGroups(['apps']) +
+ rulesType.withResources([
'deployments',
]) +
- policyRule.withVerbs(['get', 'update']) +
- policyRule.withResourceNames(['kube-state-metrics']);
+ rulesType.withVerbs(['get', 'update']) +
+ rulesType.withResourceNames(['kube-state-metrics']);
local rules = [coreRule, extensionsRule, appsRule];
--
GitLab