diff --git a/templates/Role-SpecificNamespaces-prometheus.yaml b/templates/Role-SpecificNamespaces-prometheus.yaml index 959efde..8f3447f 100644 --- a/templates/Role-SpecificNamespaces-prometheus.yaml +++ b/templates/Role-SpecificNamespaces-prometheus.yaml @@ -1,6 +1,8 @@ --- apiVersion: rbac.authorization.k8s.io/v1 items: + +{{ range .Values.nfc_monitoring.prometheus.monitor_namespaces }} - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -12,7 +14,7 @@ items: app.kubernetes.io/managed-by: {{ $.Release.Service }} app.kubernetes.io/version: {{ $.Chart.Version }} name: prometheus-k8s - namespace: default + namespace: {{ . | quote }} rules: - apiGroups: - "" @@ -40,251 +42,6 @@ items: - get - list - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: kube-system - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: ceph - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.loki.namespace }} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: grafana - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.alert_manager.namespace | quote }} - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - - - - +{{ end }} kind: RoleList diff --git a/templates/RoleBinding-SpecificNamespaces-prometheus.yaml b/templates/RoleBinding-SpecificNamespaces-prometheus.yaml index d5b4dcc..d7c5ceb 100644 --- a/templates/RoleBinding-SpecificNamespaces-prometheus.yaml +++ b/templates/RoleBinding-SpecificNamespaces-prometheus.yaml @@ -1,6 +1,7 @@ --- apiVersion: rbac.authorization.k8s.io/v1 items: +{{ range .Values.nfc_monitoring.prometheus.monitor_namespaces }} - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -12,7 +13,7 @@ items: app.kubernetes.io/managed-by: {{ $.Release.Service }} app.kubernetes.io/version: {{ $.Chart.Version }} name: prometheus-k8s - namespace: default + namespace: {{ . | quote }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -20,232 +21,7 @@ items: subjects: - kind: ServiceAccount name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: kube-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - - - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: monitoring - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: ceph - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.loki.namespace }} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: grafana - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - - - - - - - -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: kube-metrics - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: monitoring -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: kube-dashboard - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: olm - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: operators - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/instance: k8s - app.kubernetes.io/name: prometheus - app.kubernetes.io/part-of: {{ $.Chart.Name }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/version: {{ $.Chart.Version }} - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.alert_manager.namespace | quote }} - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.nfc_monitoring.prometheus.namespace }} - - - - - - - - - - - + namespace: {{ $.Values.nfc_monitoring.prometheus.namespace }} +{{ end }} kind: RoleBindingList diff --git a/values.yaml b/values.yaml index 01fc324..f979bf4 100644 --- a/values.yaml +++ b/values.yaml @@ -135,6 +135,23 @@ nfc_monitoring: topologyKey: kubernetes.io/hostname weight: 10 + # List of namespaces that prometheus is to monitor + # used to create Roles and RoleBindings + monitor_namespaces: + - alerting + - default + # - ceph + - grafana + - monitoring + # - kube-dashboard + # - kube-metrics + - kube-policy + - kube-system + - logging + # - mariadb + # - olm + # - operators + storage: volumeClaimTemplate: spec: