Browse Source

feat: Update RBAC for kube-state-metrics

tags/0.3.0
parent
commit
e9a65116e1
Signed by untrusted user: christophe.vkerchove <christophe.vkerchove@fxinnovation.com> GPG Key ID: 0A0AD982455B0314
3 changed files with 38 additions and 3 deletions
  1. +2
    -2
      .pre-commit-config.yaml
  2. +5
    -0
      CHANGELOG.md
  3. +31
    -1
      main.tf

+ 2
- 2
.pre-commit-config.yaml View File

@@ -1,11 +1,11 @@
repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
rev: v1.25.0
rev: v1.45.0
hooks:
- id: terraform_fmt
- id: terraform_docs
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v2.5.0
rev: v3.3.0
hooks:
- id: check-merge-conflict
- id: trailing-whitespace


+ 5
- 0
CHANGELOG.md View File

@@ -1,4 +1,9 @@

0.3.0 / 2020-11-16
==================

* feat: Update RBAC for kube-state-metrics

0.2.1 / 2020-04-08
==================



+ 31
- 1
main.tf View File

@@ -821,7 +821,7 @@ resource "kubernetes_cluster_role" "this" {

rule {
api_groups = ["apps"]
resources = ["daemonsets", "deployments", "statefulsets"]
resources = ["daemonsets", "deployments", "statefulsets", "replicasets"]
verbs = ["get", "list", "watch"]
}

@@ -837,6 +837,12 @@ resource "kubernetes_cluster_role" "this" {
verbs = ["list", "watch"]
}

rule {
api_groups = ["authorization.k8s.io"]
resources = ["subjectaccessreviews"]
verbs = ["create"]
}

rule {
api_groups = ["policy"]
resources = ["poddisruptionbudgets"]
@@ -848,6 +854,30 @@ resource "kubernetes_cluster_role" "this" {
resources = ["certificatesigningrequests"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["networking.k8s.io"]
resources = ["networkpolicies", "ingresses"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["coordination.k8s.io"]
resources = ["leases"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["storage.k8s.io"]
resources = ["storageclasses", "volumeattachments"]
verbs = ["list", "watch"]
}

rule {
api_groups = ["admissionregistration.k8s.io"]
resources = ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs = ["list", "watch"]
}
}

#####


Loading…
Cancel
Save