From 225fd8469c6b14ba33cdb5cad0acae8f1dd2df26 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 2 Jan 2024 11:25:54 -0600
Subject: [PATCH] v-m/vmagent: Allow listing all pods in cluster

The original RBAC configuration allowed `vmagent` only to list the pods
in the `victoria-metrics` namespace.  In order to allow it to monitor
other applications' pods, it needs to be assigned permission to list
pods in all namespaces.
---
 victoria-metrics/vmagent.yaml | 35 +----------------------------------
 1 file changed, 1 insertion(+), 34 deletions(-)

diff --git a/victoria-metrics/vmagent.yaml b/victoria-metrics/vmagent.yaml
index 4367eac..377f9bc 100644
--- a/victoria-metrics/vmagent.yaml
+++ b/victoria-metrics/vmagent.yaml
@@ -19,6 +19,7 @@ rules:
   - ''
   resources:
   - nodes
+  - pods
   verbs:
   - get
   - list
@@ -51,40 +52,6 @@ subjects:
   name: vmagent
   namespace: victoria-metrics
 
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: vmagent
-  labels:
-    app.kubernetes.io/name: vmagent
-    app.kubernetes.io/component: vmagent
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: vmagent
-  labels:
-    app.kubernetes.io/name: vmagent
-    app.kubernetes.io/component: vmagent
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: vmagent
-subjects:
-- kind: ServiceAccount
-  name: vmagent
-
 ---
 apiVersion: v1
 kind: Service