apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus rules: - resources: - nodes - nodes/metrics - services - endpoints - pods apiGroups: [""] verbs: ["get", "list", "watch"] - resources: - configmaps apiGroups: [""] verbs: ["get"] - resources: - ingresses apiGroups: - networking.k8s.io verbs: ["get", "list", "watch"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus roleRef: name: prometheus kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: prometheus namespace: prometheus kind: ServiceAccount