From 4e458eeb2a0f2b0ae75ead1c15a1277d0059effd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Pervill=C3=A9?=
 <julien.perville@perfect-memory.com>
Date: Wed, 19 Aug 2020 09:20:19 +0200
Subject: [PATCH] Allow prometheus to get/list/watch extensions.ingresses

---
 .../prometheus/prometheus.libsonnet           |  8 ++++++-
 .../prometheus-roleSpecificNamespaces.yaml    | 24 +++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
index 8ff6e924..e4f102c7 100644
--- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
@@ -145,12 +145,18 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
                          'pods',
                        ]) +
                        policyRule.withVerbs(['get', 'list', 'watch']);
+      local ingressRule = policyRule.new() +
+                          policyRule.withApiGroups(['extensions']) +
+                          policyRule.withResources([
+                            'ingresses',
+                          ]) +
+                          policyRule.withVerbs(['get', 'list', 'watch']);
 
       local newSpecificRole(namespace) =
         role.new() +
         role.mixin.metadata.withName('prometheus-' + p.name) +
         role.mixin.metadata.withNamespace(namespace) +
-        role.withRules(coreRule);
+        role.withRules([coreRule, ingressRule]);
 
       local roleList = k3.rbac.v1.roleList;
       roleList.new([newSpecificRole(x) for x in p.roleBindingNamespaces]),
diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml
index b920b886..689baa93 100644
--- a/manifests/prometheus-roleSpecificNamespaces.yaml
+++ b/manifests/prometheus-roleSpecificNamespaces.yaml
@@ -16,6 +16,14 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: Role
   metadata:
@@ -32,6 +40,14 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: Role
   metadata:
@@ -48,4 +64,12 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
 kind: RoleList
-- 
GitLab