52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
{{ if .Values.nfc_monitoring.prometheus.kyverno_role_policy }}
|
|
---
|
|
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: add-prometheus-role-binding
|
|
annotations:
|
|
policies.kyverno.io/title: Add Prometheus RoleBinding
|
|
policies.kyverno.io/category: Monitoring
|
|
policies.kyverno.io/subject: RoleBinding
|
|
policies.kyverno.io/minversion: 1.6.0
|
|
policies.kyverno.io/description: >-
|
|
This policy is responsible for ensuring that a RoleBinding for the prometheus
|
|
monitoring instances is created to enable monitoring of the namespace in
|
|
question.
|
|
labels:
|
|
{{ toYaml $.Values.nfc_monitoring.prometheus.labels | nindent 4 }}
|
|
app.kubernetes.io/part-of: {{ $.Chart.Name }}
|
|
app.kubernetes.io/managed-by: {{ $.Release.Service }}
|
|
app.kubernetes.io/version: {{ $.Chart.Version }}
|
|
spec:
|
|
background: true
|
|
generateExisting: true
|
|
rules:
|
|
- name: generate-prometheus-binding
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Namespace
|
|
generate:
|
|
synchronize: true
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
name: prometheus-k8s
|
|
namespace: "{{ `{{` }}request.object.metadata.name }}"
|
|
data:
|
|
metadata:
|
|
labels:
|
|
{{ toYaml $.Values.nfc_monitoring.prometheus.labels | nindent 14 }}
|
|
app.kubernetes.io/part-of: {{ $.Chart.Name }}
|
|
app.kubernetes.io/version: {{ $.Chart.Version }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: prometheus-k8s
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: prometheus-k8s
|
|
namespace: "{{ .Values.nfc_monitoring.prometheus.namespace }}"
|
|
{{ end }}
|