From 14dd08212ba6854fb4ca773b158ecb9cbab98841 Mon Sep 17 00:00:00 2001
From: trivernis <trivernis@protonmail.com>
Date: Thu, 14 Dec 2023 14:22:30 +0100
Subject: [PATCH] apps(metrics): Add rbac config

---
 apps/metrics/app.yaml      |  3 ++-
 apps/metrics/app/rbac.yaml | 45 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 apps/metrics/app/rbac.yaml

diff --git a/apps/metrics/app.yaml b/apps/metrics/app.yaml
index f789bf9..4224fa2 100644
--- a/apps/metrics/app.yaml
+++ b/apps/metrics/app.yaml
@@ -1,11 +1,12 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: kube-system
+namespace: metrics
 metadata:
   name: metrics
 resources:
   - app/namespace.yaml
   - app/metrics-sealedsecret.yaml
   - app/release.yaml
+  - app/rbac.yaml
   - app/route.yaml
   - app/monitor.yaml
diff --git a/apps/metrics/app/rbac.yaml b/apps/metrics/app/rbac.yaml
new file mode 100644
index 0000000..a465566
--- /dev/null
+++ b/apps/metrics/app/rbac.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: metrics
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+  namespace: metrics
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/metrics
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs: ["get"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+  namespace: metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  namespace: metrics