增加监控所需要的权限

kpl_base/autodl/2-autocnn-sa.yaml

@@ -6,39 +6,91 @@ metadata:
   namespace: autodl
 
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: autodl-clusterrole
 rules:
-  - apiGroups:
+- apiGroups:
   - ""
   resources:
   - nodes
+  - deployments
   - pods
-    verbs: ["get", "watch", "list", "patch"]
-  - nonResourceURLs:
+  - services
+  - endpoints
+  - nodes/proxy
+  - nodes/metrics
+  - ingresses
+  verbs:
+  - get
+  - watch
+  - list
+  - patch
+- nonResourceURLs:
   - /version/
-    verbs: ["get"]
+  - /metrics
+  verbs:
+  - get
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: autodl-role
   namespace: autodl
 rules:
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "watch", "list", "create", "delete", "patch"]
-  - apiGroups: [""]
-    resources: ["configmaps", "secrets"]
-    verbs: ["get", "update", "patch", "create", "delete"]
-  - apiGroups: ["", "extensions"]
-    resources: ["services", "ingresses", "deployments", "replicasets"]
-    verbs: ["get", "create", "patch", "delete", "list"]
-  - apiGroups: ["", "*"]
-    resources: ["events", "pods/status", "pods/log","pods/exec"]
-    verbs: ["watch", "get", "list","create"]
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - get
+  - update
+  - patch
+  - create
+  - delete
+- apiGroups:
+  - ""
+  - '*'
+  - extensions
+  resources:
+  - services
+  - ingresses
+  - deployments
+  - deployments/scale
+  - replicasets
+  verbs:
+  - get
+  - update
+  - create
+  - patch
+  - delete
+  - list
+- apiGroups:
+  - ""
+  - '*'
+  resources:
+  - events
+  - pods/status
+  - pods/log
+  - pods/exec
+  verbs:
+  - watch
+  - get
+  - list
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding