refactor(prometheus): adjusted role/rolbinding manifest to loop

!1

templates/Role-SpecificNamespaces-prometheus.yaml

@@ -1,6 +1,8 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 items:
+
+{{ range .Values.nfc_monitoring.prometheus.monitor_namespaces }}
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: Role
   metadata:
@@ -12,7 +14,7 @@ items:
       app.kubernetes.io/managed-by: {{ $.Release.Service }}
       app.kubernetes.io/version: {{ $.Chart.Version }}
     name: prometheus-k8s
-    namespace: default
+    namespace: {{ . | quote }}
   rules:
   - apiGroups:
     - ""
@@ -40,251 +42,6 @@ items:
     - get
     - list
     - watch
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: kube-system
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-
-
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: ceph
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.loki.namespace }}
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: grafana
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.alert_manager.namespace | quote }}
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - extensions
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - networking.k8s.io
-    resources:
-    - ingresses
-    verbs:
-    - get
-    - list
-    - watch
-
-
-
-
-
+{{ end }}
 
 kind: RoleList

templates/RoleBinding-SpecificNamespaces-prometheus.yaml

@@ -1,6 +1,7 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 items:
+{{ range .Values.nfc_monitoring.prometheus.monitor_namespaces }}
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: RoleBinding
   metadata:
@@ -12,7 +13,7 @@ items:
       app.kubernetes.io/managed-by: {{ $.Release.Service }}
       app.kubernetes.io/version: {{ $.Chart.Version }}
     name: prometheus-k8s
-    namespace: default
+    namespace: {{ . | quote }}
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: Role
@@ -20,232 +21,7 @@ items:
   subjects:
   - kind: ServiceAccount
     name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: kube-system
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: monitoring
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: ceph
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.loki.namespace }}
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: grafana
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-
-
-
-
-
-
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: kube-metrics
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: monitoring
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: kube-dashboard
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: olm
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: operators
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app.kubernetes.io/component: prometheus
-      app.kubernetes.io/instance: k8s
-      app.kubernetes.io/name: prometheus
-      app.kubernetes.io/part-of: {{ $.Chart.Name }}
-      app.kubernetes.io/managed-by: {{ $.Release.Service }}
-      app.kubernetes.io/version: {{ $.Chart.Version }}
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.alert_manager.namespace | quote }}
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.nfc_monitoring.prometheus.namespace }}
-
-
-
-
-
-
-
-
-
-
-
+    namespace: {{ $.Values.nfc_monitoring.prometheus.namespace }}
+{{ end }}
 
 kind: RoleBindingList

values.yaml

@@ -135,6 +135,23 @@ nfc_monitoring:
             topologyKey: kubernetes.io/hostname
           weight: 10
 
+    # List of namespaces that prometheus is to monitor
+    # used to create Roles and RoleBindings
+    monitor_namespaces:
+      - alerting
+      - default
+      # - ceph
+      - grafana
+      - monitoring
+      # - kube-dashboard
+      # - kube-metrics
+      - kube-policy
+      - kube-system
+      - logging
+      # - mariadb
+      # - olm
+      # - operators
+
     storage:
       volumeClaimTemplate:
         spec: