diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
index 8ff6e924e26e165511d5910b92687d7aacac5155..e4f102c72997493325b2d4c17b250984b921b389 100644
--- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
@@ -145,12 +145,18 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
'pods',
]) +
policyRule.withVerbs(['get', 'list', 'watch']);
+ local ingressRule = policyRule.new() +
+ policyRule.withApiGroups(['extensions']) +
+ policyRule.withResources([
+ 'ingresses',
+ ]) +
+ policyRule.withVerbs(['get', 'list', 'watch']);
local newSpecificRole(namespace) =
role.new() +
role.mixin.metadata.withName('prometheus-' + p.name) +
role.mixin.metadata.withNamespace(namespace) +
- role.withRules(coreRule);
+ role.withRules([coreRule, ingressRule]);
local roleList = k3.rbac.v1.roleList;
roleList.new([newSpecificRole(x) for x in p.roleBindingNamespaces]),
diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml
index b920b886e3cfee0fe48648533df5206f277fe041..689baa932f888172044e553da52c2398f1282efa 100644
--- a/manifests/prometheus-roleSpecificNamespaces.yaml
+++ b/manifests/prometheus-roleSpecificNamespaces.yaml
@@ -16,6 +16,14 @@ items:
- get
- list
- watch
+ - apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -32,6 +40,14 @@ items:
- get
- list
- watch
+ - apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -48,4 +64,12 @@ items:
- get
- list
- watch
+ - apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
kind: RoleList