From b9d0ed2444284a7458f0963a21cd9c6ed44f6013 Mon Sep 17 00:00:00 2001 From: Mathis Date: Sat, 18 Jul 2020 01:04:50 +0200 Subject: [PATCH] [stable/kube-state-metrics] Fix STS role for Autosharding (#23210) Currently, Get, List and Watch are required. List and Watch are provided by the ClusterRole related to collectors. The STS collector can be disabled breaking the current AutoSharding role permissions. Moreover, the resourceNames depends of the RELEASE_NAME as defined in deployment.yaml so we need to reflect this or we won't have the correct permission to read our STS. Signed-off-by: Mathis Raguin --- stable/kube-state-metrics/Chart.yaml | 2 +- stable/kube-state-metrics/templates/stsdiscovery-role.yaml | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index 63fd666894ac..6f41880ab5b5 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -6,7 +6,7 @@ keywords: - monitoring - prometheus - kubernetes -version: 2.8.11 +version: 2.8.12 appVersion: 1.9.7 home: https://github.com/kubernetes/kube-state-metrics/ sources: diff --git a/stable/kube-state-metrics/templates/stsdiscovery-role.yaml b/stable/kube-state-metrics/templates/stsdiscovery-role.yaml index bf5396072710..9770b0498752 100644 --- a/stable/kube-state-metrics/templates/stsdiscovery-role.yaml +++ b/stable/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -19,9 +19,11 @@ rules: - apiGroups: - apps resourceNames: - - kube-state-metrics + - {{ template "kube-state-metrics.fullname" . }} resources: - statefulsets verbs: - get + - list + - watch {{- end }}