From dc4316b6cc1a9d8c3d7de1042621b67f6e45b163 Mon Sep 17 00:00:00 2001 From: Kaustav Majumder Date: Thu, 21 Mar 2024 20:11:38 +0530 Subject: [PATCH] prometheus: generated changes Signed-off-by: Kaustav Majumder --- config/rbac/role.yaml | 28 ++++++++++ deploy/csv-templates/ocs-operator.csv.yaml.in | 28 ++++++++++ ...s-metrics-servicemonitor-role-binding.yaml | 12 +++++ .../k8s-metrics-servicemonitor-role.yaml | 51 +++++++++++++++++++ .../ocs-operator.clusterserviceversion.yaml | 28 ++++++++++ .../odf-prometheus-role-binding.yaml | 12 +++++ .../manifests/odf-prometheus-role.yaml | 24 +++++++++ 7 files changed, 183 insertions(+) create mode 100644 deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role-binding.yaml create mode 100644 deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role.yaml create mode 100644 deploy/ocs-operator/manifests/odf-prometheus-role-binding.yaml create mode 100644 deploy/ocs-operator/manifests/odf-prometheus-role.yaml diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a322815201..6d50577d4a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -174,6 +174,19 @@ rules: - get - list - watch +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -186,6 +199,18 @@ rules: - list - update - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - noobaa.io resources: @@ -266,8 +291,11 @@ rules: resources: - clusterserviceversions verbs: + - delete - get - list + - patch + - update - watch - apiGroups: - operators.coreos.com diff --git a/deploy/csv-templates/ocs-operator.csv.yaml.in b/deploy/csv-templates/ocs-operator.csv.yaml.in index c1280da381..0553a943e2 100644 --- a/deploy/csv-templates/ocs-operator.csv.yaml.in +++ b/deploy/csv-templates/ocs-operator.csv.yaml.in @@ -328,6 +328,19 @@ spec: - get - list - watch + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -340,6 +353,18 @@ spec: - list - update - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - noobaa.io resources: @@ -420,8 +445,11 @@ spec: resources: - clusterserviceversions verbs: + - delete - get - list + - patch + - update - watch - apiGroups: - operators.coreos.com diff --git a/deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role-binding.yaml b/deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role-binding.yaml new file mode 100644 index 0000000000..de28ba69f9 --- /dev/null +++ b/deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: k8s-metrics-sm-prometheus-k8s +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: k8s-metrics-sm-prometheus-k8s +subjects: + - kind: ServiceAccount + name: prometheus-k8s + namespace: odf-storage diff --git a/deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role.yaml b/deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role.yaml new file mode 100644 index 0000000000..050f85a3e1 --- /dev/null +++ b/deploy/ocs-operator/manifests/k8s-metrics-servicemonitor-role.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: k8s-metrics-sm-prometheus-k8s +rules: + - verbs: + - get + apiGroups: + - '' + resources: + - nodes/metrics + - verbs: + - get + nonResourceURLs: + - /metrics + - verbs: + - create + apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + - verbs: + - create + apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + - verbs: + - get + apiGroups: + - '' + resources: + - namespaces + - verbs: + - use + apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - nonroot + - verbs: + - list + - watch + - get + apiGroups: + - '' + resources: + - pods + - endpoints + - services diff --git a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml index 1a0e146ed8..7e97b3b998 100644 --- a/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml +++ b/deploy/ocs-operator/manifests/ocs-operator.clusterserviceversion.yaml @@ -349,6 +349,19 @@ spec: - get - list - watch + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - monitoring.coreos.com resources: @@ -361,6 +374,18 @@ spec: - list - update - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - noobaa.io resources: @@ -441,8 +466,11 @@ spec: resources: - clusterserviceversions verbs: + - delete - get - list + - patch + - update - watch - apiGroups: - operators.coreos.com diff --git a/deploy/ocs-operator/manifests/odf-prometheus-role-binding.yaml b/deploy/ocs-operator/manifests/odf-prometheus-role-binding.yaml new file mode 100644 index 0000000000..ab0ce55096 --- /dev/null +++ b/deploy/ocs-operator/manifests/odf-prometheus-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: odf-prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: odf-prometheus +subjects: +- kind: ServiceAccount + name: prometheus-k8s + namespace: odf-storage diff --git a/deploy/ocs-operator/manifests/odf-prometheus-role.yaml b/deploy/ocs-operator/manifests/odf-prometheus-role.yaml new file mode 100644 index 0000000000..58f679e113 --- /dev/null +++ b/deploy/ocs-operator/manifests/odf-prometheus-role.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: odf-prometheus +rules: +- apiGroups: [""] + resources: + - nodes + - nodes/metrics + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: + - configmaps + verbs: ["get"] +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"]