[kube-state-metrics]: Configurable extra rules for KSM ClusterRole

charts/kube-state-metrics/Chart.yaml

@@ -7,7 +7,7 @@ keywords:
 - prometheus
 - kubernetes
 type: application
-version: 4.12.0
+version: 4.13.0
 appVersion: 2.5.0
 home: https://github.com/kubernetes/kube-state-metrics/
 sources:

charts/kube-state-metrics/templates/role.yaml

@@ -183,5 +183,8 @@ rules:
     - verticalpodautoscalers
   verbs: ["list", "watch"]
 {{ end -}}
+{{ if $.Values.rbac.extraRules }}
+{{ toYaml $.Values.rbac.extraRules }}
+{{ end }}
 {{- end -}}
 {{- end -}}

charts/kube-state-metrics/values.yaml

@@ -50,6 +50,13 @@ rbac:
   # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
   useClusterRole: true
 
+  # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration
+  # Example:
+  # - apiGroups: ["monitoring.coreos.com"]
+  #   resources: ["prometheuses"]
+  #   verbs: ["list", "watch"]
+  extraRules: []
+
 serviceAccount:
   # Specifies whether a ServiceAccount should be created, require rbac true
   create: true