[kube-state-metrics] Use kube-rbac-proxy ports for probes when kube-rbac-proxy is enabled

[r0bj]

What this PR does / why we need it

When kubeRBACProxy is enabled, probes from the kubelet fail because the kube-state-metrics ports are bound to 127.0.0.1. This PR configures the probes to use the ports protected by kube-rbac-proxy, ensuring that health checks succeed when kube-rbac-proxy is enabled.

For more context, please refer to this comment.

Which issue this PR fixes

(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged)

• fixes [kube-state-metrics] Readiness probe not working with rbac proxy #4992

Special notes for your reviewer

Checklist

• DCO signed
• Chart Version bumped
• Title of the PR starts with chart name (e.g. [prometheus-couchdb-exporter])

[fahedouch]

thanks you for implementing this @r0bj. LGTM

For more context, please refer to #5215 (comment).

you comment link is pointing to the wrong comment ^^

[dotdc]

Hi @r0bj,
Thank you for your pull requests on this topic.
For the first part of the pull request, I think that you could use extraArgs and kubeRBACProxy.extraArgs directly.
If you need specific extra args for the http and telemetry containers, I would rather add something like kubeRBACProxy.extraHttpArgs and kubeRBACProxy.extraTelemetryArgs.
What do you think?

[r0bj]

@dotdc Yes, that also makes sense. We can remove the conditional logic for including --ignore-paths in the kube-rbac-proxy containers and instead rely on .Values.kubeRBACProxy.extraArgs to pass --ignore-paths=/livez,/readyz. Would that approach work better?

[dotdc]

Yes I would prefer, as it gives more flexibility.
Can you update the pull request?

[r0bj]

Yes I would prefer, as it gives more flexibility.
Can you update the pull request?

@dotdc Yes, I updated the pull request.

[dotdc]

Yes I would prefer, as it gives more flexibility.
Can you update the pull request?

@dotdc Yes, I updated the pull request.

@r0bj You removed flags in 4118f78 without implementing kubeRBACProxy.extraHttpArgs and kubeRBACProxy.extraTelemetryArgs, is it intended?

Did you notice it wasn't needed in the end?

[r0bj]

@r0bj You removed flags in 4118f78 without implementing kubeRBACProxy.extraHttpArgs and kubeRBACProxy.extraTelemetryArgs, is it intended?
Did you notice it wasn't needed in the end?

Instead of creating additional values for each kube-rbac-proxy instance (e.g., .Values.kubeRBACProxy.extraHttpArgs, .Values.kubeRBACProxy.extraTelemetryArgs), we can use the existing value .Values.kubeRBACProxy.extraArgs, which simplifies the configuration. For example, setting .Values.kubeRBACProxy.extraArgs to --ignore-paths=/livez,/readyz should work fine. Let me know if that works for you.