apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus
rules:
- resources:
  - nodes
  - nodes/metrics
  - services
  - endpoints
  - pods
  apiGroups: [""]
  verbs: ["get", "list", "watch"]
- resources:
  - configmaps
  apiGroups: [""]
  verbs: ["get"]
- resources:
  - ingresses
  apiGroups:
  - networking.k8s.io
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  name: prometheus
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: prometheus
  namespace: prometheus
  kind: ServiceAccount