{{ if .Values.nfc_monitoring.prometheus.kyverno_role_policy }} --- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: add-prometheus-role annotations: policies.kyverno.io/title: Add Prometheus Role policies.kyverno.io/category: Monitoring policies.kyverno.io/subject: RoleBinding policies.kyverno.io/minversion: 1.6.0 policies.kyverno.io/description: >- This policy is responsible for ensuring that a Role for the prometheus monitoring instances is created to enable monitoring of the namespace in question. labels: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: {{ $.Chart.Name }} app.kubernetes.io/managed-by: {{ $.Release.Service }} app.kubernetes.io/version: {{ $.Chart.Version }} spec: background: true generateExisting: true rules: - name: generate-prometheus-role match: any: - resources: kinds: - Namespace generate: synchronize: true apiVersion: rbac.authorization.k8s.io/v1 kind: Role name: prometheus-k8s namespace: "{{ `{{` }}request.object.metadata.name }}" data: metadata: labels: app.kubernetes.io/component: prometheus app.kubernetes.io/instance: k8s app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: {{ $.Chart.Name }} app.kubernetes.io/version: {{ $.Chart.Version }} rules: - apiGroups: - "" resources: - services - endpoints - pods verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - watch {{ end }}