1apiVersion: rbac.authorization.k8s.io/v1
2kind: ClusterRole
3metadata:
4 name: kube-state-metrics
5rules:
6- resources:
7 - configmaps
8 - secrets
9 - nodes
10 - pods
11 - services
12 - resourcequotas
13 - replicationcontrollers
14 - limitranges
15 - persistentvolumeclaims
16 - persistentvolumes
17 - namespaces
18 - endpoints
19 apiGroups:
20 - ""
21 verbs:
22 - list
23 - watch
24- resources:
25 - statefulsets
26 - daemonsets
27 - deployments
28 - replicasets
29 apiGroups:
30 - apps
31 verbs:
32 - list
33 - watch
34- resources:
35 - cronjobs
36 - jobs
37 apiGroups:
38 - batch
39 verbs:
40 - list
41 - watch
42- resources:
43 - horizontalpodautoscalers
44 apiGroups:
45 - autoscaling
46 verbs:
47 - list
48 - watch
49- resources:
50 - tokenreviews
51 apiGroups:
52 - authentication.k8s.io
53 verbs:
54 - create
55- resources:
56 - subjectaccessreviews
57 apiGroups:
58 - authorization.k8s.io
59 verbs:
60 - create
61- resources:
62 - poddisruptionbudgets
63 apiGroups:
64 - policy
65 verbs:
66 - list
67 - watch
68- resources:
69 - certificatesigningrequests
70 apiGroups:
71 - certificates.k8s.io
72 verbs:
73 - list
74 - watch
75- resources:
76 - storageclasses
77 - volumeattachments
78 apiGroups:
79 - storage.k8s.io
80 verbs:
81 - list
82 - watch
83- resources:
84 - mutatingwebhookconfigurations
85 - validatingwebhookconfigurations
86 apiGroups:
87 - admissionregistration.k8s.io
88 verbs:
89 - list
90 - watch
91- resources:
92 - networkpolicies
93 - ingresses
94 apiGroups:
95 - networking.k8s.io
96 verbs:
97 - list
98 - watch
99- resources:
100 - leases
101 apiGroups:
102 - coordination.k8s.io
103 verbs:
104 - list
105 - watch
106---
107apiVersion: rbac.authorization.k8s.io/v1
108kind: ClusterRoleBinding
109metadata:
110 name: kube-state-metrics
111roleRef:
112 name: kube-state-metrics
113 kind: ClusterRole
114 apiGroup: rbac.authorization.k8s.io
115subjects:
116- name: kube-state-metrics
117 namespace: kube-state-metrics
118 kind: ServiceAccount
View as plain text