metrics: Add role to allow anon access to metrics

By default, the Kubernetes metrics endpoints are restricted. I don't think they're worth protecting with authentication, so I've added a cluster role/binding to allow anonymous access to them.
2022-11-05 16:23:02 -05:00 · 2022-11-05 16:23:02 -05:00 · 5208902706
parent 6df6e552b7
commit 5208902706
1 changed files with 29 additions and 0 deletions
--- a/metrics/metrics.yaml
+++ b/metrics/metrics.yaml
@ -0,0 +1,29 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+- apiGroups: ['']
+  resources:
+  - nodes/metrics
+  verbs:
+  - get
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name:  prometheus
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: system:anonymous