kube-prometheus: Add poddisruptionbudgets to ksm cluster role

This patch allows kube-state-metrics to list and watch instances of poddisruptionbudgets from the policy API group.

kube-prometheus: Add poddisruptionbudgets to ksm cluster role
b27b69e1 · Max Leonard Inden · a8b036e6 · b27b69e1
Commit b27b69e1 authored 6 years ago by Max Leonard Inden
--- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
@@ -41,11 +41,11 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
    clusterRole:
      local clusterRole = k.rbac.v1.clusterRole;
-      local policyRule = clusterRole.rulesType;
+      local rulesType = clusterRole.rulesType;
-      local coreRule = policyRule.new() +
+      local coreRule = rulesType.new() +
-                       policyRule.withApiGroups(['']) +
+                       rulesType.withApiGroups(['']) +
-                       policyRule.withResources([
+                       rulesType.withResources([
                         'configmaps',
                         'secrets',
                         'nodes',
@@ -59,57 +59,64 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
                         'namespaces',
                         'endpoints',
                       ]) +
-                       policyRule.withVerbs(['list', 'watch']);
+                       rulesType.withVerbs(['list', 'watch']);
-      local extensionsRule = policyRule.new() +
+      local extensionsRule = rulesType.new() +
-                             policyRule.withApiGroups(['extensions']) +
+                             rulesType.withApiGroups(['extensions']) +
-                             policyRule.withResources([
+                             rulesType.withResources([
                               'daemonsets',
                               'deployments',
                               'replicasets',
                             ]) +
-                             policyRule.withVerbs(['list', 'watch']);
+                             rulesType.withVerbs(['list', 'watch']);
-      local appsRule = policyRule.new() +
+      local appsRule = rulesType.new() +
-                       policyRule.withApiGroups(['apps']) +
+                       rulesType.withApiGroups(['apps']) +
-                       policyRule.withResources([
+                       rulesType.withResources([
                         'statefulsets',
                         'daemonsets',
                         'deployments',
                         'replicasets',
                       ]) +
-                       policyRule.withVerbs(['list', 'watch']);
+                       rulesType.withVerbs(['list', 'watch']);
-      local batchRule = policyRule.new() +
+      local batchRule = rulesType.new() +
-                        policyRule.withApiGroups(['batch']) +
+                        rulesType.withApiGroups(['batch']) +
-                        policyRule.withResources([
+                        rulesType.withResources([
                          'cronjobs',
                          'jobs',
                        ]) +
-                        policyRule.withVerbs(['list', 'watch']);
+                        rulesType.withVerbs(['list', 'watch']);
-      local autoscalingRule = policyRule.new() +
+      local autoscalingRule = rulesType.new() +
-                              policyRule.withApiGroups(['autoscaling']) +
+                              rulesType.withApiGroups(['autoscaling']) +
-                              policyRule.withResources([
+                              rulesType.withResources([
                                'horizontalpodautoscalers',
                              ]) +
-                              policyRule.withVerbs(['list', 'watch']);
+                              rulesType.withVerbs(['list', 'watch']);
-      local authenticationRole = policyRule.new() +
+      local authenticationRole = rulesType.new() +
-                                 policyRule.withApiGroups(['authentication.k8s.io']) +
+                                 rulesType.withApiGroups(['authentication.k8s.io']) +
-                                 policyRule.withResources([
+                                 rulesType.withResources([
                                   'tokenreviews',
                                 ]) +
-                                 policyRule.withVerbs(['create']);
+                                 rulesType.withVerbs(['create']);
-      local authorizationRole = policyRule.new() +
+      local authorizationRole = rulesType.new() +
-                                policyRule.withApiGroups(['authorization.k8s.io']) +
+                                rulesType.withApiGroups(['authorization.k8s.io']) +
-                                policyRule.withResources([
+                                rulesType.withResources([
                                  'subjectaccessreviews',
                                ]) +
-                                policyRule.withVerbs(['create']);
+                                rulesType.withVerbs(['create']);
-      local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole];
+      local policyRule = rulesType.new() +
+                                rulesType.withApiGroups(['policy']) +
+                                rulesType.withResources([
+                                  'poddisruptionbudgets',
+                                ]) +
+                                rulesType.withVerbs(['list', 'watch']);
+      local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole, policyRule];
      clusterRole.new() +
      clusterRole.mixin.metadata.withName('kube-state-metrics') +
@@ -208,30 +215,30 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
    role:
      local role = k.rbac.v1.role;
-      local policyRule = role.rulesType;
+      local rulesType = role.rulesType;
-      local coreRule = policyRule.new() +
+      local coreRule = rulesType.new() +
-                       policyRule.withApiGroups(['']) +
+                       rulesType.withApiGroups(['']) +
-                       policyRule.withResources([
+                       rulesType.withResources([
                         'pods',
                       ]) +
-                       policyRule.withVerbs(['get']);
+                       rulesType.withVerbs(['get']);
-      local extensionsRule = policyRule.new() +
+      local extensionsRule = rulesType.new() +
-                             policyRule.withApiGroups(['extensions']) +
+                             rulesType.withApiGroups(['extensions']) +
-                             policyRule.withResources([
+                             rulesType.withResources([
                               'deployments',
                             ]) +
-                             policyRule.withVerbs(['get', 'update']) +
+                             rulesType.withVerbs(['get', 'update']) +
-                             policyRule.withResourceNames(['kube-state-metrics']);
+                             rulesType.withResourceNames(['kube-state-metrics']);
-      local appsRule = policyRule.new() +
+      local appsRule = rulesType.new() +
-                       policyRule.withApiGroups(['apps']) +
+                       rulesType.withApiGroups(['apps']) +
-                       policyRule.withResources([
+                       rulesType.withResources([
                         'deployments',
                       ]) +
-                       policyRule.withVerbs(['get', 'update']) +
+                       rulesType.withVerbs(['get', 'update']) +
-                       policyRule.withResourceNames(['kube-state-metrics']);
+                       rulesType.withResourceNames(['kube-state-metrics']);
      local rules = [coreRule, extensionsRule, appsRule];