---
apiVersion: v1
kind: ServiceAccount
metadata:
    name: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
    name: prometheus
rules:
    - apiGroups: [""]
      resources:
          - nodes
          - services
          - endpoints
          - pods
      verbs: ["get", "list", "watch"]
    - apiGroups: [""]
      resources:
          - configmaps
      verbs: ["get"]
    - nonResourceURLs: ["/metrics"]
      verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
    name: prometheus
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: prometheus
subjects:
    - kind: ServiceAccount
      name: prometheus
      namespace: prod-passbook-ng
---
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
    name: prometheus
spec:
    serviceAccountName: prometheus
    serviceMonitorSelector:
        matchLabels:
            app.kubernetes.io/name: passbook
    enableAdminAPI: false
    ruleSelector:
        matchLabels:
            app.kubernetes.io/name: passbook
    storage:
        volumeClaimTemplate:
            metadata:
                labels:
                    prometheus: k8s
                name: prometheus-storage
            spec:
                accessModes:
                    - ReadWriteOnce
                resources:
                    requests:
                        storage: 15Gi