Skip to content
Snippets Groups Projects
Commit b27b69e1 authored by Max Leonard Inden's avatar Max Leonard Inden
Browse files

kube-prometheus: Add poddisruptionbudgets to ksm cluster role

This patch  allows kube-state-metrics to list and watch instances of
poddisruptionbudgets from the policy API group.
parent a8b036e6
Branches
Tags
No related merge requests found
...@@ -41,11 +41,11 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; ...@@ -41,11 +41,11 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
clusterRole: clusterRole:
local clusterRole = k.rbac.v1.clusterRole; local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType; local rulesType = clusterRole.rulesType;
local coreRule = policyRule.new() + local coreRule = rulesType.new() +
policyRule.withApiGroups(['']) + rulesType.withApiGroups(['']) +
policyRule.withResources([ rulesType.withResources([
'configmaps', 'configmaps',
'secrets', 'secrets',
'nodes', 'nodes',
...@@ -59,57 +59,64 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; ...@@ -59,57 +59,64 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
'namespaces', 'namespaces',
'endpoints', 'endpoints',
]) + ]) +
policyRule.withVerbs(['list', 'watch']); rulesType.withVerbs(['list', 'watch']);
local extensionsRule = policyRule.new() + local extensionsRule = rulesType.new() +
policyRule.withApiGroups(['extensions']) + rulesType.withApiGroups(['extensions']) +
policyRule.withResources([ rulesType.withResources([
'daemonsets', 'daemonsets',
'deployments', 'deployments',
'replicasets', 'replicasets',
]) + ]) +
policyRule.withVerbs(['list', 'watch']); rulesType.withVerbs(['list', 'watch']);
local appsRule = policyRule.new() + local appsRule = rulesType.new() +
policyRule.withApiGroups(['apps']) + rulesType.withApiGroups(['apps']) +
policyRule.withResources([ rulesType.withResources([
'statefulsets', 'statefulsets',
'daemonsets', 'daemonsets',
'deployments', 'deployments',
'replicasets', 'replicasets',
]) + ]) +
policyRule.withVerbs(['list', 'watch']); rulesType.withVerbs(['list', 'watch']);
local batchRule = policyRule.new() + local batchRule = rulesType.new() +
policyRule.withApiGroups(['batch']) + rulesType.withApiGroups(['batch']) +
policyRule.withResources([ rulesType.withResources([
'cronjobs', 'cronjobs',
'jobs', 'jobs',
]) + ]) +
policyRule.withVerbs(['list', 'watch']); rulesType.withVerbs(['list', 'watch']);
local autoscalingRule = policyRule.new() + local autoscalingRule = rulesType.new() +
policyRule.withApiGroups(['autoscaling']) + rulesType.withApiGroups(['autoscaling']) +
policyRule.withResources([ rulesType.withResources([
'horizontalpodautoscalers', 'horizontalpodautoscalers',
]) + ]) +
policyRule.withVerbs(['list', 'watch']); rulesType.withVerbs(['list', 'watch']);
local authenticationRole = policyRule.new() + local authenticationRole = rulesType.new() +
policyRule.withApiGroups(['authentication.k8s.io']) + rulesType.withApiGroups(['authentication.k8s.io']) +
policyRule.withResources([ rulesType.withResources([
'tokenreviews', 'tokenreviews',
]) + ]) +
policyRule.withVerbs(['create']); rulesType.withVerbs(['create']);
local authorizationRole = policyRule.new() + local authorizationRole = rulesType.new() +
policyRule.withApiGroups(['authorization.k8s.io']) + rulesType.withApiGroups(['authorization.k8s.io']) +
policyRule.withResources([ rulesType.withResources([
'subjectaccessreviews', 'subjectaccessreviews',
]) + ]) +
policyRule.withVerbs(['create']); rulesType.withVerbs(['create']);
local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole]; local policyRule = rulesType.new() +
rulesType.withApiGroups(['policy']) +
rulesType.withResources([
'poddisruptionbudgets',
]) +
rulesType.withVerbs(['list', 'watch']);
local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole, policyRule];
clusterRole.new() + clusterRole.new() +
clusterRole.mixin.metadata.withName('kube-state-metrics') + clusterRole.mixin.metadata.withName('kube-state-metrics') +
...@@ -208,30 +215,30 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; ...@@ -208,30 +215,30 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
role: role:
local role = k.rbac.v1.role; local role = k.rbac.v1.role;
local policyRule = role.rulesType; local rulesType = role.rulesType;
local coreRule = policyRule.new() + local coreRule = rulesType.new() +
policyRule.withApiGroups(['']) + rulesType.withApiGroups(['']) +
policyRule.withResources([ rulesType.withResources([
'pods', 'pods',
]) + ]) +
policyRule.withVerbs(['get']); rulesType.withVerbs(['get']);
local extensionsRule = policyRule.new() + local extensionsRule = rulesType.new() +
policyRule.withApiGroups(['extensions']) + rulesType.withApiGroups(['extensions']) +
policyRule.withResources([ rulesType.withResources([
'deployments', 'deployments',
]) + ]) +
policyRule.withVerbs(['get', 'update']) + rulesType.withVerbs(['get', 'update']) +
policyRule.withResourceNames(['kube-state-metrics']); rulesType.withResourceNames(['kube-state-metrics']);
local appsRule = policyRule.new() + local appsRule = rulesType.new() +
policyRule.withApiGroups(['apps']) + rulesType.withApiGroups(['apps']) +
policyRule.withResources([ rulesType.withResources([
'deployments', 'deployments',
]) + ]) +
policyRule.withVerbs(['get', 'update']) + rulesType.withVerbs(['get', 'update']) +
policyRule.withResourceNames(['kube-state-metrics']); rulesType.withResourceNames(['kube-state-metrics']);
local rules = [coreRule, extensionsRule, appsRule]; local rules = [coreRule, extensionsRule, appsRule];
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment