Skip to main content
Cloud Insights

NKMO Clusterrole YAML Example

Contributors netapp-alavoie

The kubectl component of the NetApp Kubernetes Monitoring Operator (NKMO) needs to be configured with access to the following kubernetes objects, at a minimum: agents, clusterroles, clusterrolebindings, customresourcedefinitions, deployments, namespaces, roles, rolebindings, secrets, serviceaccounts, and services. Below is an example clusterrole with these minimum privileges.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: netapp-kubernetes-monitoring-operator-installer-role
rules:
- apiGroups:
  - ""
  resources:
  - services
  - serviceaccounts
  - secrets
  - namespaces
  verbs:
  - get
  - list
  - create
  - patch
  - update
  - delete
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - roles
  - clusterroles
  - rolebindings
  - clusterrolebindings
  verbs:
  - get
  - list
  - create
  - patch
  - update
  - delete
  - escalate
  - bind
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - get
  - list
  - create
  - patch
  - update
  - delete
- apiGroups:
  - apps
  resources:
  - deployments
  verbs:
  - get
  - list
  - create
  - patch
  - update
  - delete
- apiGroups:
  - monitoring.netapp.com
  resources:
  - agents
  verbs:
  - get
  - list
  - create
  - patch
  - update
  - delete