From feee269fdb8e4a69eaa081b0a8c470f6ebb5ed07 Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Tue, 4 May 2021 13:09:22 +0200
Subject: [PATCH] jsonnet: improve all-namespaces addon

Signed-off-by: paulfantom <pawel@krupa.net.pl>
---
 .../addons/all-namespaces.libsonnet           | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet b/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet
index 843c1769..34f83173 100644
--- a/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet
+++ b/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet
@@ -1,11 +1,22 @@
 {
   prometheus+:: {
     clusterRole+: {
-      rules+: [{
-        apiGroups: [''],
-        resources: ['services', 'endpoints', 'pods'],
-        verbs: ['get', 'list', 'watch'],
-      }],
+      rules+: [
+        {
+          apiGroups: [''],
+          resources: ['services', 'endpoints', 'pods'],
+          verbs: ['get', 'list', 'watch'],
+        },
+        {
+          apiGroups: ['networking.k8s.io'],
+          resources: ['ingresses'],
+          verbs: ['get', 'list', 'watch'],
+        },
+      ],
     },
+    // There is no need for specific namespaces RBAC as this addon grants
+    // all required permissions for every namespace
+    roleBindingSpecificNamespaces:: null,
+    roleSpecificNamespaces:: null,
   },
 }
-- 
GitLab