80 lines
1.5 KiB
HCL
80 lines
1.5 KiB
HCL
resource "kubernetes_namespace" "prometheus" {
|
|
metadata {
|
|
name = "prometheus"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service_account" "prometheus" {
|
|
metadata {
|
|
name = "prometheus"
|
|
namespace = kubernetes_namespace.prometheus.metadata.0.name
|
|
}
|
|
automount_service_account_token = false
|
|
}
|
|
|
|
resource "kubernetes_cluster_role_binding" "prometheus" {
|
|
metadata {
|
|
name = "prometheus"
|
|
}
|
|
role_ref {
|
|
api_group = "rbac.authorization.k8s.io"
|
|
kind = "ClusterRole"
|
|
name = kubernetes_cluster_role.prometheus.metadata.0.name
|
|
}
|
|
subject {
|
|
kind = "ServiceAccount"
|
|
name = kubernetes_service_account.prometheus.metadata.0.name
|
|
namespace = kubernetes_service_account.prometheus.metadata.0.namespace
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_cluster_role" "prometheus" {
|
|
metadata {
|
|
name = "prometheus"
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = [
|
|
"nodes",
|
|
"nodes/metrics",
|
|
"nodes/proxy",
|
|
"services",
|
|
"endpoints",
|
|
"pods",
|
|
]
|
|
verbs = ["get", "list", "watch"]
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = [
|
|
"configmaps",
|
|
]
|
|
verbs = ["get"]
|
|
}
|
|
|
|
rule {
|
|
api_groups = ["networking.k8s.io"]
|
|
resources = [
|
|
"ingresses",
|
|
]
|
|
verbs = ["get", "list", "watch"]
|
|
}
|
|
|
|
rule {
|
|
api_groups = [""]
|
|
resources = [
|
|
"pods/proxy",
|
|
"services/proxy",
|
|
]
|
|
verbs = ["get", "list", "watch"]
|
|
}
|
|
|
|
rule {
|
|
non_resource_urls = [
|
|
"/metrics",
|
|
]
|
|
verbs = ["get"]
|
|
}
|
|
}
|
|
|