[prometheus-node-exporter] Add permissions for 'CustomResources' with 'extraRules'

[Alja9]

Is your feature request related to a problem ?

I use kubeRBACproxy to make metrics endpoint to https and I install node-exporter in different cluster from prometheus. And I use serviceaccount token for auth. But the error that always appears is Forbidden when trying to curl https metrics from different cluster.

Describe the solution you'd like.

When the node-exporter installation is finish, there is a note like this :

kube-rbac-proxy endpoint protections is enabled:
- Metrics endpoints is now HTTPS
- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions:
rules:
  - apiGroups: [ "" ]
    resources: ["services/prometheus-node-exporter"]
    verbs:
      - get

So temporary solution, I need to manually add those rules to the node-exporter clusterrole to allow the serviceaccount token to working well.
Possible solution: Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration.

Describe alternatives you've considered.

Add extraRules: [] in rbac section

Additional context.

No response

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[Alja9]

not stale