[kube-prometheus-stack] Add RBAC Proxy rule to Prom ClusterRole

We need to add a rule into the prometheus ClusterRole if we want to scrap the node-exporter via the RBAC Proxy. fixes 3338 Signed-off-by: Alexandre Nicolaie <[email protected]>
prometheus-community · Oct 27, 2023 · 7691ea1 · 7691ea1
1 parent a04e17c
commit 7691ea1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
@@ -21,7 +21,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 52.1.0
+version: 52.1.1
 appVersion: v0.68.0
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus

diff --git a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
@@ -24,6 +24,14 @@ rules:
   verbs: ["get", "list", "watch"]
 - nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
   verbs: ["get"]
+{{/* fix(#3338): add required rules to use node-exporter with the RBAC proxy */}}
+{{- if (index .Values "prometheus-node-exporter").kubeRBACProxy.enabled }}
+{{- $nodeExporterCtx := (dict "Values" (index .Values "prometheus-node-exporter") "Chart" (dict "Name" "prometheus-node-exporter") "Release" .Release) }}
+- apiGroups: [ "" ]
+  resources:
+  - services/{{ include "prometheus-node-exporter.fullname" $nodeExporterCtx }}
+  verbs: [ "get", "list", "watch" ]
+{{- end }}
 {{- if .Values.prometheus.additionalRulesForClusterRole }}
 {{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
 {{- end }}