---
###################################################
# kube-state-metrics Roles
###################################################
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: monitoring
  name: kube-state-metrics
rules:
- apiGroups: [""]
  resources:
  - pods
  verbs: ["get"]
- apiGroups: ["extensions"]
  resources:
  - deployments
  resourceNames: ["kube-state-metrics"]
  verbs: ["get", "update"]
---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kube-state-metrics
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kube-state-metrics
subjects:
- kind: ServiceAccount
  name: kube-state-metrics
  namespace: monitoring
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kube-state-metrics
  namespace: monitoring
rules:
- apiGroups: [""]
  resources:
  - nodes
  - pods
  - services
  - resourcequotas
  - replicationcontrollers
  - limitranges
  - persistentvolumeclaims
  - persistentvolumes
  - namespaces
  - endpoints
  verbs: ["list", "watch"]
- apiGroups: ["extensions"]
  resources:
  - daemonsets
  - deployments
  - replicasets
  verbs: ["list", "watch"]
- apiGroups: ["apps"]
  resources:
  - statefulsets
  verbs: ["list", "watch"]
- apiGroups: ["batch"]
  resources:
  - cronjobs
  - jobs
  verbs: ["list", "watch"]
- apiGroups: ["autoscaling"]
  resources:
  - horizontalpodautoscalers
  verbs: ["list", "watch"]
- apiGroups: ["policy"]
  resources:
  - poddisruptionbudgets
  verbs: ["list", "watch"]
---

apiVersion: rbac.authorization.k8s.io/v1 
kind: ClusterRoleBinding
metadata:
  name: kube-state-metrics
  namespace: monitoring
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kube-state-metrics
subjects:
- kind: ServiceAccount
  name: kube-state-metrics
  namespace: monitoring




---
###################################################
# kube-state-metrics ServiceAccount
###################################################
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kube-state-metrics
  namespace: monitoring





---
###################################################
# kube-state-metrics Deployment
###################################################
apiVersion: apps/v1
kind: Deployment
metadata: 
  name: kube-state-metrics
  namespace: monitoring
spec: 
  selector: 
    matchLabels: 
      app: kube-state-metrics 
      grafanak8sapp: "true" 
  replicas: 1
  template: 
    metadata: 
      labels: 
        app: kube-state-metrics 
        grafanak8sapp: "true"
    spec: 
      serviceAccountName: kube-state-metrics
      containers: 
      - name: kube-state-metrics
        image: quay.io/coreos/kube-state-metrics:v1.1.0
        ports: 
        - name: http-metrics
          containerPort: 8080
        readinessProbe: 
          httpGet: 
            path: /healthz
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5