glassonion1 · May 9, 2020 03:43 · glassonion1 · May 23, 2020
diff --git a/brac.yaml b/brac.yaml
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
  name: all-reader
 rules:
 - apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
 - apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
 - nonResourceURLs: ["/metrics"]
  verbs: ["get"]
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: prometheus
  namespace: stats
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  name: prometheus
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: all-reader
 subjects:
 - kind: ServiceAccount
  name: prometheus
  namespace: stats
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRole
	metadata:
	name: all-reader
	rules:
	- apiGroups: [""]
	resources:
	- nodes
	- nodes/proxy
	- services
	- endpoints
	- pods
	verbs: ["get", "list", "watch"]
	- apiGroups:
	- extensions
	resources:
	- ingresses
	verbs: ["get", "list", "watch"]
	- nonResourceURLs: ["/metrics"]
	verbs: ["get"]
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: prometheus
	namespace: stats
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	name: prometheus
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: all-reader
	subjects:
	- kind: ServiceAccount
	name: prometheus
	namespace: stats