---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cwagent-prometheus-role
rules:
  - apiGroups: [""]
    resources:
    - nodes
    - nodes/proxy
    - services
    - endpoints
    - pods
    verbs: ["get", "list", "watch"]
  - apiGroups:
    - extensions
    resources:
    - ingresses
    verbs: ["get", "list", "watch"]
  - nonResourceURLs: ["/metrics"]
    verbs: ["get"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cwagent-prometheus-role-binding
subjects:
  - kind: ServiceAccount
    name: cwagent-prometheus
    namespace: amazon-cloudwatch
roleRef:
  kind: ClusterRole
  name: cwagent-prometheus-role
  apiGroup: rbac.authorization.k8s.io

---
# Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cwagent-prometheus
  namespace: amazon-cloudwatch
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cwagent-prometheus
  template:
    metadata:
      labels:
        app: cwagent-prometheus
    spec:
      containers:
        - name: cloudwatch-agent
          image: amazon/cloudwatch-agent:1.248913.0-prometheus
          imagePullPolicy: Always
          resources:
            limits:
              cpu:  1000m
              memory: 1000Mi
            requests:
              cpu: 200m
              memory: 200Mi
          # Please don't change below envs
          env:
            - name: CI_VERSION
              value: "k8s/1.2.0-prometheus"
          # Please don't change the mountPath
          volumeMounts:
            - name: prometheus-cwagentconfig
              mountPath: /etc/cwagentconfig
            - name: prometheus-config
              mountPath: /etc/prometheusconfig

      volumes:
        - name: prometheus-cwagentconfig
          configMap:
            name: prometheus-cwagentconfig
        - name: prometheus-config
          configMap:
            name: prometheus-config
      terminationGracePeriodSeconds: 60
      serviceAccountName: cwagent-prometheus