apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: opentelemetry-targetallocator-role
rules:
- resources: ["servicemonitors", "podmonitors"]
  apiGroups: ["monitoring.coreos.com"]
  verbs: ['*']
- resources: ["namespaces", "nodes", "nodes/metrics", "services", "endpoints", "pods", "configmaps", "secrets"]
  apiGroups: [""]
  verbs: ["get", "list", "watch"]
- resources: ["endpointslices"]
  apiGroups: ["discovery.k8s.io"]
  verbs: ["get", "list", "watch"]
- resources: ["ingresses"]
  apiGroups: ["networking.k8s.io"]
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: opentelemetry-targetallocator-rb
roleRef:
  name: opentelemetry-targetallocator-role
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: opentelemetry-targetallocator-sa
  kind: ServiceAccount