From 62330542f91e372a2ab332a50331b737a30abac0 Mon Sep 17 00:00:00 2001
From: Karol Wychowaniec <kawych@google.com>
Date: Mon, 2 Oct 2017 15:56:22 +0200
Subject: [PATCH] Add permisions for Metrics Server to read resources on
 cluster level

---
 .../metrics-server/resource-reader.yaml       | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 cluster/addons/metrics-server/resource-reader.yaml

diff --git a/cluster/addons/metrics-server/resource-reader.yaml b/cluster/addons/metrics-server/resource-reader.yaml
new file mode 100644
index 00000000000..91aefba9580
--- /dev/null
+++ b/cluster/addons/metrics-server/resource-reader.yaml
@@ -0,0 +1,42 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - "extensions"
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system