Skip to content

Commit 2c27f24

Browse files
mateofloridomateoflorido
authored
fix: narrow the scope of system:cos 
1 parent 15f2db1 commit 2c27f24

File tree

1 file changed

+7
-5
lines changed

1 file changed

+7
-5
lines changed

charms/worker/k8s/templates/cos_roles.yaml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,17 @@ kind: ClusterRole
66
metadata:
77
name: system:cos
88
rules:
9+
# NOTE: Required for Kubelet metrics
910
- apiGroups: [""]
1011
resources:
1112
- "nodes/metrics"
12-
- "pods/metrics"
13-
- "services/metrics"
14-
- "services"
13+
verbs: ["get"]
14+
# NOTE: Required for kube-state-metrics via API server proxy
15+
- apiGroups: [""]
16+
resources:
1517
- "services/proxy"
16-
- "nodes/proxy"
17-
verbs: ["get", "list", "watch"]
18+
verbs: ["get"]
19+
# NOTE: Required for API server /metrics endpoints
1820
- nonResourceURLs: ["/metrics"]
1921
verbs: ["get"]
2022
---

0 commit comments

Comments
 (0)