Support namespace label enrichment for metrics (like podLogs.namespaceLabels)

[jakubramut]

Hello,

I'm implementing Label-Based Access Control (LBAC) in Grafana Cloud for a multi-tenant Kubernetes cluster. Our namespaces have labels (department, team, environment) that define tenant ownership.
For logs, podLogs.namespaceLabels works perfectly - I can enrich logs with namespace labels and apply LBAC rules.
For metrics, I cannot find an equivalent feature. There's no way to enrich metrics with namespace labels, so I can't apply consistent LBAC rules across logs and metrics.

What I tried:

1. extraConfig with prometheus.enrich - doesn't work because the chart's scrapers forward directly to prometheus.remote_write. I can define the component but can't intercept the pipeline
2. extraDiscoveryRules on clusterMetrics components - the __meta_kubernetes_namespace_label_* labels are not available during pod/service discovery

Expected behavior:
A configuration option similar to podLogs.namespaceLabels for metrics:

k8smonitoring:
  clusterMetrics:
    namespaceLabels:
      department: "department"
      team: "team"
      env: "environment"

Or the ability to inject prometheus.enrich into the metrics pipeline before prometheus.remote_write

Environment

• Chart version: 3.5.1
• Alloy version: v1.10.1

Related

• v2: Adding namespace label to signals in k8s-monitoring-helm #1056 - similar request, resolved for logs but not metrics
• prometheus.enrich component available in Alloy v1.11.0+ (experimental)