From f5da67080f5cf1537ed159426637cbace99ab52f Mon Sep 17 00:00:00 2001 From: Fabrice Date: Wed, 4 Mar 2020 01:57:47 -0800 Subject: [PATCH] [stable/kube-state-metrics] Add missing permission for volumeattachments collector (#21079) When enabling the volumeattachments collector, the following error is logged without this permission: Failed to list *v1.VolumeAttachment: volumeattachments.storage.k8s.io is forbidden: User "XXXXX:kube-state-metrics" cannot list resource "volumeattachments" in API group "storage.k8s.io" at the cluster scope Signed-off-by: Fabrice Rabaute --- stable/kube-state-metrics/Chart.yaml | 2 +- stable/kube-state-metrics/templates/clusterrole.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index 494548d5ffae..4468a0785d5d 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -6,7 +6,7 @@ keywords: - monitoring - prometheus - kubernetes -version: 2.7.1 +version: 2.7.2 appVersion: 1.9.5 home: https://github.com/kubernetes/kube-state-metrics/ sources: diff --git a/stable/kube-state-metrics/templates/clusterrole.yaml b/stable/kube-state-metrics/templates/clusterrole.yaml index 8728aab61e6b..319aec16c203 100644 --- a/stable/kube-state-metrics/templates/clusterrole.yaml +++ b/stable/kube-state-metrics/templates/clusterrole.yaml @@ -166,9 +166,9 @@ rules: verbs: ["list", "watch"] {{ end -}} {{ if .Values.collectors.volumeattachments }} -- apiGroups: ["storageclasses.k8s.io"] +- apiGroups: ["storage.k8s.io"] resources: - - storageclasses + - volumeattachments verbs: ["list", "watch"] {{ end -}} {{ if .Values.collectors.verticalpodautoscalers }}