From bbd5684b43638b199ee3057f74e7994de01f14f7 Mon Sep 17 00:00:00 2001
From: Frederic Branczyk <fbranczyk@gmail.com>
Date: Thu, 23 Mar 2017 13:39:32 +0100
Subject: [PATCH] kube-prometheus: add RBAC roles for kube-state-metrics

---
 ...kube-state-metrics-cluster-role-binding.yaml | 12 ++++++++++++
 .../kube-state-metrics-cluster-role.yaml        | 17 +++++++++++++++++
 .../kube-state-metrics-deployment.yaml          |  1 +
 .../kube-state-metrics-service-account.yaml     |  4 ++++
 4 files changed, 34 insertions(+)
 create mode 100644 manifests/exporters/kube-state-metrics-cluster-role-binding.yaml
 create mode 100644 manifests/exporters/kube-state-metrics-cluster-role.yaml
 create mode 100644 manifests/exporters/kube-state-metrics-service-account.yaml

diff --git a/manifests/exporters/kube-state-metrics-cluster-role-binding.yaml b/manifests/exporters/kube-state-metrics-cluster-role-binding.yaml
new file mode 100644
index 00000000..d7e421e6
--- /dev/null
+++ b/manifests/exporters/kube-state-metrics-cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-state-metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-state-metrics
+subjects:
+- kind: ServiceAccount
+  name: kube-state-metrics
+  namespace: monitoring
diff --git a/manifests/exporters/kube-state-metrics-cluster-role.yaml b/manifests/exporters/kube-state-metrics-cluster-role.yaml
new file mode 100644
index 00000000..fdbd41db
--- /dev/null
+++ b/manifests/exporters/kube-state-metrics-cluster-role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+kind: ClusterRole
+metadata:
+  name: kube-state-metrics
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - pods
+  - resourcequotas
+  verbs: ["list", "watch"]
+- apiGroups: ["extensions"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs: ["list", "watch"]
diff --git a/manifests/exporters/kube-state-metrics-deployment.yaml b/manifests/exporters/kube-state-metrics-deployment.yaml
index 3fec8cad..4a4e9ffd 100644
--- a/manifests/exporters/kube-state-metrics-deployment.yaml
+++ b/manifests/exporters/kube-state-metrics-deployment.yaml
@@ -9,6 +9,7 @@ spec:
       labels:
         app: kube-state-metrics
     spec:
+      serviceAccountName: kube-state-metrics
       containers:
       - name: kube-state-metrics
         image: gcr.io/google_containers/kube-state-metrics:v0.4.1
diff --git a/manifests/exporters/kube-state-metrics-service-account.yaml b/manifests/exporters/kube-state-metrics-service-account.yaml
new file mode 100644
index 00000000..99779352
--- /dev/null
+++ b/manifests/exporters/kube-state-metrics-service-account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-state-metrics
-- 
GitLab