From c69b5650149e03210fa8ad7012ded0e0d5adc054 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Mon, 7 Mar 2022 18:20:41 +0100 Subject: [PATCH] [metricbeat] add missing rolebinding and cluster role rules (#1603) This commits add a rolebinding and cluster role rules to match https://github.com/elastic/beats/blob/main/deploy/kubernetes/metricbeat-kubernetes.yaml Follow-up of #1422 --- metricbeat/templates/rolebinding.yaml | 19 +++++++++++++++++++ metricbeat/values.yaml | 13 ++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 metricbeat/templates/rolebinding.yaml mode change 100755 => 100644 metricbeat/values.yaml diff --git a/metricbeat/templates/rolebinding.yaml b/metricbeat/templates/rolebinding.yaml new file mode 100644 index 000000000..372954738 --- /dev/null +++ b/metricbeat/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.managedServiceAccount }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "metricbeat.serviceAccount" . }}-role-binding + labels: + app: "{{ template "metricbeat.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} +roleRef: + kind: ClusterRole + name: {{ template "metricbeat.serviceAccount" . }}-role + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ template "metricbeat.serviceAccount" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/metricbeat/values.yaml b/metricbeat/values.yaml old mode 100755 new mode 100644 index 608d2f75c..debe600c6 --- a/metricbeat/values.yaml +++ b/metricbeat/values.yaml @@ -220,6 +220,7 @@ clusterRoleRules: - namespaces - events - pods + - services verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: @@ -235,10 +236,16 @@ clusterRoleRules: resources: - nodes/stats verbs: ["get"] - - apiGroups: ["coordination.k8s.io"] + - apiGroups: + - "" resources: - - leases - verbs: ["create", "get", "list", "update"] + - nodes/stats + verbs: + - get + - nonResourceURLs: + - "/metrics" + verbs: + - get podAnnotations: {}