feat: added serviceaccount RBAC to allow prometheus-auth to work

Since only caas-project-owners have the verb view on prometheus.monitoring.coreos.com they can also pass it down to their serviceaccounts, which will need to parse the central prometheus database for federated metrics for their own namespaces. Signed-off-by: Bruno Bressi <bruno.bressi@telekom.de>
caas-team · Oct 2, 2024 · ace25ad · ace25ad
1 parent afce1ce
commit ace25ad
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/templates/caas-project-monitoring-rbac.yaml b/templates/caas-project-monitoring-rbac.yaml
@@ -23,6 +23,20 @@ metadata:
  name: {{ $fullname }}
  namespace: {{ $ns }}
 rules:
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - prometheuses
+ verbs:
+ - view
+- apiGroups: 
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ verbs:
+ - get
+ - list
+ - watch
 - apiGroups:
  - ""
  resources:
@@ -41,14 +55,6 @@ rules:
  - get
  - list
  - watch
-- apiGroups: 
- - monitoring.coreos.com
- resources:
- - servicemonitors
- verbs:
- - get
- - list
- - watch
 - apiGroups:
  - ""
  resources: