init: copy from lawndale-infra

2022-05-27 02:51:52 +02:00
commit 6a60d271bf
18 changed files with 1126 additions and 0 deletions
--- a/prometheus_rbac.tf
+++ b/prometheus_rbac.tf
@@ -0,0 +1,79 @@
+resource "kubernetes_namespace" "prometheus" {
+  metadata {
+    name = "prometheus"
+  }
+}
+
+resource "kubernetes_service_account" "prometheus" {
+  metadata {
+    name      = "prometheus"
+    namespace = kubernetes_namespace.prometheus.metadata.0.name
+  }
+  automount_service_account_token = false
+}
+
+resource "kubernetes_cluster_role_binding" "prometheus" {
+  metadata {
+    name = "prometheus"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = kubernetes_cluster_role.prometheus.metadata.0.name
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = kubernetes_service_account.prometheus.metadata.0.name
+    namespace = kubernetes_service_account.prometheus.metadata.0.namespace
+  }
+}
+
+resource "kubernetes_cluster_role" "prometheus" {
+  metadata {
+    name = "prometheus"
+  }
+  rule {
+    api_groups = [""]
+    resources = [
+      "nodes",
+      "nodes/metrics",
+      "nodes/proxy",
+      "services",
+      "endpoints",
+      "pods",
+    ]
+    verbs = ["get", "list", "watch"]
+  }
+  rule {
+    api_groups = [""]
+    resources = [
+      "configmaps",
+    ]
+    verbs = ["get"]
+  }
+
+  rule {
+    api_groups = ["networking.k8s.io"]
+    resources = [
+      "ingresses",
+    ]
+    verbs = ["get", "list", "watch"]
+  }
+
+  rule {
+    api_groups = [""]
+    resources = [
+      "pods/proxy",
+      "services/proxy",
+    ]
+    verbs = ["get", "list", "watch"]
+  }
+
+  rule {
+    non_resource_urls = [
+      "/metrics",
+    ]
+    verbs = ["get"]
+  }
+}
+