apiVersion: v1
kind: ServiceAccount
metadata:
  name: scalyr-service-account
secrets:
- name: scalyr-api-key
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: scalyr-clusterrole
rules:
- apiGroups: [""]
  resources: ["namespaces","pods","replicationcontrollers", "secrets"]
  verbs: ["get","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get","list"]
- apiGroups: ["apps"]
  resources: ["daemonsets","deployments","replicasets","replicasets/scale","statefulsets","namespaces"]
  verbs: ["get","list"]
- apiGroups: ["batch", "extensions"]
  resources: ["cronjobs","jobs"]
  verbs: ["get","list"]
- apiGroups: ["","events.k8s.io"]
  resources: ["events"]
  verbs: ["get","list","watch"]
# nodes/proxy and /metrics permissions are needed for Kubernetes Open Metrics monitor
# so local Kubelet API can be queried for metrics in Open Metrics format.
- apiGroups: [""]
  resources: ["nodes/stats", "nodes/proxy"]
  verbs: ["get"]
- apiGroups: ["argoproj.io"]
  resources: ["rollouts"]
  verbs: ["get","list"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: scalyr-clusterrole-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: scalyr-clusterrole
subjects:
  - kind: ServiceAccount
    name: scalyr-service-account
    namespace: default