Allow prometheus to get/list/watch extensions.ingresses

jsonnet/kube-prometheus/prometheus/prometheus.libsonnet

@@ -145,12 +145,18 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
                          'pods',
                        ]) +
                        policyRule.withVerbs(['get', 'list', 'watch']);
+      local ingressRule = policyRule.new() +
+                          policyRule.withApiGroups(['extensions']) +
+                          policyRule.withResources([
+                            'ingresses',
+                          ]) +
+                          policyRule.withVerbs(['get', 'list', 'watch']);
 
       local newSpecificRole(namespace) =
         role.new() +
         role.mixin.metadata.withName('prometheus-' + p.name) +
         role.mixin.metadata.withNamespace(namespace) +
-        role.withRules(coreRule);
+        role.withRules([coreRule, ingressRule]);
 
       local roleList = k3.rbac.v1.roleList;
       roleList.new([newSpecificRole(x) for x in p.roleBindingNamespaces]),

manifests/prometheus-roleSpecificNamespaces.yaml

@@ -16,6 +16,14 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: Role
   metadata:
@@ -32,6 +40,14 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: Role
   metadata:
@@ -48,4 +64,12 @@ items:
     - get
     - list
     - watch
+  - apiGroups:
+    - extensions
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
 kind: RoleList