updating RBAC for prometheus

Author: charlyF

02-path-working-with-clusters/201-cluster-monitoring/templates/prometheus/prometheus.yaml

@@ -225,7 +225,7 @@ metadata:
 spec:
   replicas: 2
   version: v2.0.0-rc.1
-  serviceAccountName: prometheus-operator
+  serviceAccountName: prometheus
   serviceMonitorSelector:
     matchExpressions:
     - {key: k8s-app, operator: Exists}
@@ -246,6 +246,45 @@ spec:
       name: alertmanager-main
       port: web
 ---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: prometheus
+  namespace: monitoring
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs: ["get"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: monitoring
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  namespace: monitoring
+---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata: