[kube-prometheus-stack] Add RBAC Proxy rule to Prom ClusterRole

We need to add a rule into the prometheus ClusterRole if we want to scrap the node-exporter via the RBAC Proxy. fixes 3338 Signed-off-by: Alexandre Nicolaie <[email protected]>
prometheus-community · Mar 17, 2024 · 54ff0e7 · 54ff0e7
1 parent 8995925
commit 54ff0e7
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
@@ -23,7 +23,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 57.0.3
+version: 57.0.4
 appVersion: v0.72.0
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus

diff --git a/charts/kube-prometheus-stack/ci/03-non-defaults-values.yaml b/charts/kube-prometheus-stack/ci/03-non-defaults-values.yaml
@@ -79,5 +79,9 @@ kubeProxy:
         k8s-app: kube-proxy
 
 nodeExporter:
-  enabled: false
+  enabled: true
   forceDeployDashboards: true
+
+prometheus-node-exporter:
+  kubeRBACProxy:
+    enabled: true
diff --git a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
@@ -24,6 +24,13 @@ rules:
   verbs: ["get", "list", "watch"]
 - nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
   verbs: ["get"]
+{{/* fix(#3338): add required rules to use node-exporter with the RBAC proxy */}}
+{{- if and .Values.nodeExporter.enabled (index .Values "prometheus-node-exporter").kubeRBACProxy.enabled }}
+- apiGroups: [ "" ]
+  resources:
+  - services/{{ include "prometheus-node-exporter.fullname" (index .Subcharts "prometheus-node-exporter") }}
+  verbs: [ "get", "list", "watch" ]
+{{- end }}
 {{- if .Values.prometheus.additionalRulesForClusterRole }}
 {{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
 {{- end }}