rmb938/clusterrole.yaml

## clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus-operator
rules:
- apiGroups:
  - apiextensions.k8s.io
  resources:
  - customresourcedefinitions
  verbs:
  - '*'
- apiGroups:
  - monitoring.coreos.com
  resources:
  - alertmanagers
  - prometheuses
  - prometheuses/finalizers
  - alertmanagers/finalizers
  - servicemonitors
  - podmonitors
  - prometheusrules
  verbs:
  - '*'
- apiGroups:
  - apps
  resources:
  - statefulsets
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - configmaps
  - secrets
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
  - delete
- apiGroups:
  - ""
  resources:
  - services
  - endpoints
  verbs:
  - get
  - create
  - update
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
  - watch

## clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus-operator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus-operator
subjects:
- kind: ServiceAccount
  name: prometheus-operator
  namespace: prometheus

## deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: prometheus-operator
  name: prometheus-operator
  namespace: prometheus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus-operator
  template:
    metadata:
      labels:
        app: prometheus-operator
    spec:
      containers:
      - args:
        - -kubelet-service=prometheus/kubelet
        image: quay.io/coreos/prometheus-operator:v0.31.1
        imagePullPolicy: IfNotPresent
        name: prometheus-operator
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        resources:
          limits:
            cpu: 200m
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 100Mi
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
      serviceAccountName: prometheus-operator

## serviceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus-operator
  namespace: prometheus
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: prometheus-operator
	rules:
	- apiGroups:
	- apiextensions.k8s.io
	resources:
	- customresourcedefinitions
	verbs:
	- '*'
	- apiGroups:
	- monitoring.coreos.com
	resources:
	- alertmanagers
	- prometheuses
	- prometheuses/finalizers
	- alertmanagers/finalizers
	- servicemonitors
	- podmonitors
	- prometheusrules
	verbs:
	- '*'
	- apiGroups:
	- apps
	resources:
	- statefulsets
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- configmaps
	- secrets
	verbs:
	- '*'
	- apiGroups:
	- ""
	resources:
	- pods
	verbs:
	- list
	- delete
	- apiGroups:
	- ""
	resources:
	- services
	- endpoints
	verbs:
	- get
	- create
	- update
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- list
	- watch
	- apiGroups:
	- ""
	resources:
	- namespaces
	verbs:
	- get
	- list
	- watch
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: prometheus-operator
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: prometheus-operator
	subjects:
	- kind: ServiceAccount
	name: prometheus-operator
	namespace: prometheus
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	labels:
	app: prometheus-operator
	name: prometheus-operator
	namespace: prometheus
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: prometheus-operator
	template:
	metadata:
	labels:
	app: prometheus-operator
	spec:
	containers:
	- args:
	- -kubelet-service=prometheus/kubelet
	image: quay.io/coreos/prometheus-operator:v0.31.1
	imagePullPolicy: IfNotPresent
	name: prometheus-operator
	ports:
	- containerPort: 8080
	name: http
	protocol: TCP
	resources:
	limits:
	cpu: 200m
	memory: 200Mi
	requests:
	cpu: 100m
	memory: 100Mi
	securityContext:
	allowPrivilegeEscalation: false
	readOnlyRootFilesystem: true
	securityContext:
	runAsNonRoot: true
	runAsUser: 65534
	serviceAccountName: prometheus-operator
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: prometheus-operator
	namespace: prometheus