From 7691ea153e80974e5a0df95f5789e0653baff623 Mon Sep 17 00:00:00 2001
From: Alexandre Nicolaie <alexandre.nicolaie@gmail.com>
Date: Fri, 27 Oct 2023 18:27:40 +0200
Subject: [PATCH] [kube-prometheus-stack] Add RBAC Proxy rule to Prom
 ClusterRole

We need to add a rule into the prometheus ClusterRole if we want to
scrap the node-exporter via the RBAC Proxy.

fixes 3338

Signed-off-by: Alexandre Nicolaie <alexandre.nicolaie@gmail.com>
---
 charts/kube-prometheus-stack/Chart.yaml                   | 2 +-
 .../templates/prometheus/clusterrole.yaml                 | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
index 067e65ddb41a..dae7db4fea98 100644
--- a/charts/kube-prometheus-stack/Chart.yaml
+++ b/charts/kube-prometheus-stack/Chart.yaml
@@ -21,7 +21,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 52.1.0
+version: 52.1.1
 appVersion: v0.68.0
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus
diff --git a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
index 3585b5db1151..1f2850097c13 100644
--- a/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
+++ b/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
@@ -24,6 +24,14 @@ rules:
   verbs: ["get", "list", "watch"]
 - nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
   verbs: ["get"]
+{{/* fix(#3338): add required rules to use node-exporter with the RBAC proxy */}}
+{{- if (index .Values "prometheus-node-exporter").kubeRBACProxy.enabled }}
+{{- $nodeExporterCtx := (dict "Values" (index .Values "prometheus-node-exporter") "Chart" (dict "Name" "prometheus-node-exporter") "Release" .Release) }}
+- apiGroups: [ "" ]
+  resources:
+  - services/{{ include "prometheus-node-exporter.fullname" $nodeExporterCtx }}
+  verbs: [ "get", "list", "watch" ]
+{{- end }}
 {{- if .Values.prometheus.additionalRulesForClusterRole }}
 {{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
 {{- end }}