{{- $functionNs := default .Release.Namespace .Values.functionNamespace }} {{- if .Values.prometheus.create }} --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} --- {{- if .Values.clusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ .Release.Name }}-prometheus labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} rules: - apiGroups: [""] resources: - services - endpoints - pods verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ .Release.Name }}-prometheus subjects: - kind: ServiceAccount name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} {{- if ne $functionNs (.Release.Namespace | toString) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-prometheus namespace: {{ $functionNs | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ .Release.Name }}-prometheus subjects: - kind: ServiceAccount name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} {{- end }} {{- else -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Release.Name }}-prometheus labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} rules: - apiGroups: [""] resources: - services - endpoints - pods verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ .Release.Name }}-prometheus subjects: - kind: ServiceAccount name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} {{- if ne $functionNs (.Release.Namespace | toString) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Release.Name }}-prometheus-fn namespace: {{ $functionNs | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} rules: - apiGroups: [""] resources: - services - endpoints - pods verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-prometheus-fn namespace: {{ $functionNs | quote }} labels: app: {{ template "openfaas.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} component: prometheus heritage: {{ .Release.Service }} release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ .Release.Name }}-prometheus-fn subjects: - kind: ServiceAccount name: {{ .Release.Name }}-prometheus namespace: {{ .Release.Namespace | quote }} {{- end }} {{- end }} {{- end }}