39 lines
731 B
YAML
39 lines
731 B
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRole
|
||
metadata:
|
||
name: prometheus
|
||
rules:
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- nodes
|
||
- nodes/proxy
|
||
- services
|
||
- endpoints
|
||
- pods
|
||
verbs: ["get", "list", "watch"]
|
||
- nonResourceURLs:
|
||
- /metrics
|
||
verbs:
|
||
- get
|
||
---
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: prometheus
|
||
namespace: prometheus
|
||
---
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRoleBinding
|
||
metadata:
|
||
name: prometheus
|
||
roleRef:
|
||
apiGroup: rbac.authorization.k8s.io
|
||
kind: ClusterRole
|
||
name: prometheus
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: prometheus
|
||
namespace: prometheus
|
||
# ClusterRole是全局的,不需要指定命名空间
|