[bitnami/kube-prometheus] add extraRbac (#34968)

2026-02-10 20:17:22 +08:00 · 2025-08-05 10:39:06 +02:00
parent 07cef53113
commit 954f3ad925
6 changed files with 39 additions and 8 deletions
--- a/bitnami/kube-prometheus/CHANGELOG.md
+++ b/bitnami/kube-prometheus/CHANGELOG.md
@@ -1,8 +1,14 @@
 # Changelog

-## 11.2.16 (2025-07-21)
+## 11.3.0 (2025-08-05)

-* [bitnami/kube-prometheus] :zap: :arrow_up: Update dependency references ([#35227](https://github.com/bitnami/charts/pull/35227))
+* [bitnami/kube-prometheus] add extraRbac ([#34968](https://github.com/bitnami/charts/pull/34968))
+
+## <small>11.2.16 (2025-07-21)</small>
+
+* [bitnami/*] Adapt main README and change ascii (#35173) ([73d15e0](https://github.com/bitnami/charts/commit/73d15e03e04647efa902a1d14a09ea8657429cd0)), closes [#35173](https://github.com/bitnami/charts/issues/35173)
+* [bitnami/*] Add BSI to charts' READMEs (#35174) ([4973fd0](https://github.com/bitnami/charts/commit/4973fd08dd7e95398ddcc4054538023b542e19f2)), closes [#35174](https://github.com/bitnami/charts/issues/35174)
+* [bitnami/kube-prometheus] :zap: :arrow_up: Update dependency references (#35227) ([46f60cb](https://github.com/bitnami/charts/commit/46f60cb83dfdbbfb4973634616bf100bdd4a0832)), closes [#35227](https://github.com/bitnami/charts/issues/35227)

 ## <small>11.2.15 (2025-07-17)</small>

--- a/bitnami/kube-prometheus/Chart.yaml
+++ b/bitnami/kube-prometheus/Chart.yaml
@@ -51,4 +51,4 @@ maintainers:
 name: kube-prometheus
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus
-version: 11.2.16
+version: 11.3.0
--- a/bitnami/kube-prometheus/README.md
+++ b/bitnami/kube-prometheus/README.md
@@ -922,10 +922,12 @@ As an alternative, use one of the preset configurations for pod affinity, pod an

 ### RBAC parameters

-| Name              | Description                                                                                                                                                        | Value  |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ |
-| `rbac.create`     | Whether to create and use RBAC resources or not                                                                                                                    | `true` |
-| `rbac.pspEnabled` | Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` |
+| Name                    | Description                                                                                                                                                        | Value  |
+| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ |
+| `rbac.create`           | Whether to create and use RBAC resources or not                                                                                                                    | `true` |
+| `rbac.pspEnabled`       | Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` |
+| `rbac.rules.operator`   | Custom RBAC rules to set on Prometheus Operator ClusterRole                                                                                                        | `[]`   |
+| `rbac.rules.prometheus` | Custom RBAC rules to set on Prometheus ClusterRole                                                                                                                 | `[]`   |

 ### Thanos Ruler Parameters

--- a/bitnami/kube-prometheus/templates/prometheus-operator/clusterrole.yaml
+++ b/bitnami/kube-prometheus/templates/prometheus-operator/clusterrole.yaml
@@ -126,4 +126,7 @@ rules:
      - storageclasses
    verbs:
      - get
+  {{- if and .Values.rbac.rules.operator }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.rbac.rules.operator "context" $) | nindent 2 }}
+  {{- end }}
 {{- end }}
--- a/bitnami/kube-prometheus/templates/prometheus/clusterrole.yaml
+++ b/bitnami/kube-prometheus/templates/prometheus/clusterrole.yaml
@@ -46,4 +46,7 @@ rules:
      - "/metrics"
    verbs:
      - "get"
+  {{- if and .Values.rbac.rules.prometheus }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.rbac.rules.prometheus "context" $) | nindent 2 }}
+  {{- end }}
 {{- end }}
--- a/bitnami/kube-prometheus/values.yaml
+++ b/bitnami/kube-prometheus/values.yaml
@@ -3332,10 +3332,27 @@ kubeProxy:
 ## ref: https://kubernetes.io/docs/admin/authorization/rbac/
 ## @param rbac.create Whether to create and use RBAC resources or not
 ## @param rbac.pspEnabled Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
-##
 rbac:
  create: true
  pspEnabled: true
+  ## @param rbac.rules.operator Custom RBAC rules to set on Prometheus Operator ClusterRole
+  ## @param rbac.rules.prometheus Custom RBAC rules to set on Prometheus ClusterRole
+  ## e.g:
+  ## rbac:
+  ##   rules:
+  ##     operator: []
+  ##     prometheus:
+  ##       - apiGroups:
+  ##           - ""
+  ##         resources:
+  ##           - pods
+  ##         verbs:
+  ##           - get
+  ##           - list
+  ##
+  rules:
+    operator: []
+    prometheus: []

 ## @section Thanos Ruler Parameters
 ##