fix rbac issue

kubernetes/kube-state-metrics-cluster-role.yaml

@@ -3,26 +3,20 @@ kind: ClusterRole
 metadata:
   name: kube-state-metrics
 rules:
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["list", "watch", "get"]
 - apiGroups: [""]
   resources:
   - nodes
+  - pods
   - services
   - resourcequotas
   - replicationcontrollers
   - limitranges
   - persistentvolumeclaims
   verbs: ["list", "watch"]
-- apiGroups: ["extensions"]
-  resources:
-  - deployments
-  verbs: ["list", "watch", "get", "update"]
 - apiGroups: ["extensions"]
   resources:
   - daemonsets
+  - deployments
   - replicasets
   verbs: ["list", "watch"]
 - apiGroups: ["apps"]
@@ -34,4 +28,3 @@ rules:
   - cronjobs
   - jobs
   verbs: ["list", "watch"]
-

kubernetes/kube-state-metrics-deployment.yaml

@@ -30,7 +30,7 @@ spec:
           limits:
             memory: 50Mi
             cpu: 200m
-      - name: pod-nanny
+      - name: addon-resizer
         image: gcr.io/google_containers/addon-resizer:1.0
         resources:
           limits:

kubernetes/kube-state-metrics-role-binding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: kube-state-metrics
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kube-state-metrics-resizer
+subjects:
+- kind: ServiceAccount
+  name: kube-state-metrics
+  namespace: kube-system
+

kubernetes/kube-state-metrics-role.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  namespace: kube-system
+  name: kube-state-metrics-resizer
+rules:
+- apiGroups: [""]
+  resources:
+  - pods
+  verbs: ["get"]
+- apiGroups: ["extensions"]
+  resources:
+  - deployments
+  resourceNames: ["kube-state-metrics"]
+  verbs: ["get", "update"]
+