Skip to content

I
influxdb
Switch branch/tag
Find file
Normal viewHistoryPermalink
role.yaml 962 Bytes
EditWeb IDE
Newer Older
Nicolas Steinmetz's avatar
Add telegraf-ds (imported and updated from old tick-stack charts)
3a099155
 
Nicolas Steinmetz committed
1 2 3 4 5 6 7 8 9 
{{- if .Values.rbac.create }}
# kubernetes_plugin: Give access to stats endpoints
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: influx:stats:viewer
  labels:
    rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
rules:
David McKay's avatar
feat(telegraf-ds): opinionated telegraf-ds deamonset
fc730cf0
 
David McKay committed
10 11 12 
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods"]
    verbs: ["get", "list", "watch"]
Nicolas Steinmetz's avatar
Add telegraf-ds (imported and updated from old tick-stack charts)
3a099155
 
Nicolas Steinmetz committed
13 
  - apiGroups: [""]
David McKay's avatar
fix: node/stats was incorrectly removed
c1eaf61e
 
David McKay committed
14 
    resources: ["nodes/proxy", "nodes/stats"]
David McKay's avatar
fix: add nodes/proxy permission for kubelet pod request
24717e93
 
David McKay committed
15 
    verbs: ["get", "list", "watch"]
Nicolas Steinmetz's avatar
Add telegraf-ds (imported and updated from old tick-stack charts)
3a099155
 
Nicolas Steinmetz committed
16 17 18 19 20 21 22 23 24 25 26 27 28 
---
# Define global role with the default system:aggregate-to-view cluster role and the two rules we just created
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: influx:telegraf
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        rbac.authorization.k8s.io/aggregate-view-telegraf-stats: "true"
    - matchLabels:
        rbac.authorization.k8s.io/aggregate-to-view: "true"
rules: [] # Rules are automatically filled in by the controller manager.
David McKay's avatar
feat(telegraf-ds): opinionated telegraf-ds deamonset
fc730cf0
 
David McKay committed
29 
{{- end }}