[kube-state-metrics] Probes error with auth when kube-rbac-proxy is enabled

[Alja9]

Describe the bug a clear and concise description of what the bug is.

Error with liveness and readiness when kube-rbac-proxy is enabled. Both use https scheme but don't have auth

Readiness probe failed: Get "https://xxx:8081/readyz": dial tcp xxx:8081: connect: connection refused
Liveness probe failed: HTTP probe failed with statuscode: 401
Container kube-state-metrics failed liveness probe, will be restarted

What's your helm version?

version.BuildInfo{Version:"v3.17.2", GitCommit:"cc0bbbd6d6276b83880042c1ecb34087e84d41eb", GitTreeState:"clean", GoVersion:"go1.23.7"}

What's your kubectl version?

Client Version: v1.29.5 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.29.5

Which chart?

kube-state-metrics

What's the chart version?

5.32.0

What happened?

I have checked this changes :
6a3be8f

I saw there are used https scheme for Readiness and Liveness in kube-state-metrics container

What you expected to happen?

Pod kube-state-metrics can Running well

How to reproduce it?

If possible, use scheme http for Readiness and Liveness
Currently, I just downgrade to the chart version 5.26.0 or app.kubernetes.io/version is 2.13.0

Enter the changed values of values.yaml?

volumeMounts:
- name: kube-state-metrics-secret
  mountPath: /tls/private
  readOnly: true
prometheus:
  monitor:
    enabled: false
kubeRBACProxy:
  enabled: true
  extraArgs:
  - --tls-cert-file=/tls/private/tls.crt
  - --tls-private-key-file=/tls/private/tls.key
  - --client-ca-file=/tls/private/ca.crt
  volumeMounts:
  - name: kube-state-metrics-secret
    mountPath: /tls/private
    readOnly: true
volumes:
- name: kube-state-metrics-secret
  secret:
    secretName: kube-state-metrics-secret
    items:
    - key: tls.crt
      path: tls.crt
    - key: tls.key
      path: tls.key
    - key: ca.crt
      path: ca.crt

Enter the command that you execute and failing/misfunctioning.

helm install kube-state-metrics prometheus-community/kube-state-metrics --version 5.32.0 --values values.yaml

Anything else we need to know?

I can use my custom auth for kube-rbac-proxy container, but I don't know how to make kube-state-metrics container use my custom auth for probes since its scheme uses https

[Mrbm5]

I am also facing the same issue when I upgraded the kube-prometheus-stack chart to version 70.0.3. The kube-state-metrics container fails both liveness and readiness probes when kube-rbac-proxy is enabled.

Warning  Unhealthy  20m (x114 over 120m)    kubelet  Liveness probe failed: HTTP probe failed with statuscode: 401
Normal   Killing    20m (x38 over 119m)     kubelet  Container kube-state-metrics failed liveness probe, will be restarted
Warning  Unhealthy  14m (x120 over 120m)    kubelet  Readiness probe failed: Get "https://10.x.x.x:8081/readyz": dial tcp 10.x.x.x:8081: connect: connection refused

My setup:

• kube-prometheus-stack chart version : 70.0.3
• kube-state-metrics chart version: 5.30.1
• Helm version: version.BuildInfo{Version:"v3.17.1", GitCommit:"980d8ac1939e39138101364400756af2bdee1da5", GitTreeState:"clean", GoVersion:"go1.23.6"}
• kubectl version: Client Version: v1.32.1 Kustomize Version: v5.5.0 Server Version: v1.32.1

kube-prometheus-stack --> values.yaml
## Configuration for kube-state-metrics
kube-state-metrics:
  resources:
    requests:
      cpu: 10m
      memory: 30Mi
    limits:
      memory: 250Mi
  kubeRBACProxy:
    enabled: true
    resources:
      requests:
        cpu: 10m
        memory: 20Mi
      limits:
        memory: 40Mi
  prometheus:
    monitor:
      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
      scheme: https
      tlsConfig:
        insecureSkipVerify: true

I would appreciate any guidance or workarounds to fix this issue. Thank you for your assistance!