fix libsonnet to add roles

kaitoii11 · kaitoii11 · commit 64926a340761 · 2022-06-30T22:03:14.000+09:00
diff --git a/examples/autosharding/cluster-role.yaml b/examples/autosharding/cluster-role.yaml
@@ -108,3 +108,11 @@ rules:
   verbs:
   - list
   - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - roles
+  verbs:
+  - list
+  - watch
diff --git a/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
@@ -145,7 +145,15 @@
         ],
         verbs: ['list', 'watch'],
       },
-    ];
+      {
+        apiGroups: ['rbac.authorization.k8s.io'],
+        resources: [
+          'clusterroles',
+          'roles',
+        ],
+        verbs: ['list', 'watch'],
+      },
+     ];
 
     {
       apiVersion: 'rbac.authorization.k8s.io/v1',
@@ -164,9 +172,9 @@
         { name: 'http-metrics', containerPort: 8080 },
         { name: 'telemetry', containerPort: 8081 },
       ],
-      securityContext: { 
-        runAsUser: 65534, 
-        allowPrivilegeEscalation: false,        
+      securityContext: {
+        runAsUser: 65534,
+        allowPrivilegeEscalation: false,
         readOnlyRootFilesystem: true,
         capabilities: { drop: ['ALL'] },
       },
