apiVersion: v1
kind: ServiceAccount
metadata:
  name: kube-state-metrics
  namespace: monitoring
  labels:
    app.kubernetes.io/name: kube-state-metrics
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/name: kube-state-metrics
  name: kube-state-metrics
rules:
  - apiGroups: ["certificates.k8s.io"]
    resources:
    - certificatesigningrequests
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - configmaps
    verbs: ["list", "watch"]

  - apiGroups: ["batch"]
    resources:
    - cronjobs
    verbs: ["list", "watch"]

  - apiGroups: ["extensions", "apps"]
    resources:
    - daemonsets
    verbs: ["list", "watch"]

  - apiGroups: ["extensions", "apps"]
    resources:
    - deployments
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - endpoints
    verbs: ["list", "watch"]

  - apiGroups: ["autoscaling"]
    resources:
    - horizontalpodautoscalers
    verbs: ["list", "watch"]

  - apiGroups: ["extensions", "networking.k8s.io"]
    resources:
    - ingresses
    verbs: ["list", "watch"]

  - apiGroups: ["batch"]
    resources:
    - jobs
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - limitranges
    verbs: ["list", "watch"]

  - apiGroups: ["admissionregistration.k8s.io"]
    resources:
      - mutatingwebhookconfigurations
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - namespaces
    verbs: ["list", "watch"]

  - apiGroups: ["networking.k8s.io"]
    resources:
    - networkpolicies
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - nodes
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - persistentvolumeclaims
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - persistentvolumes
    verbs: ["list", "watch"]

  - apiGroups: ["policy"]
    resources:
      - poddisruptionbudgets
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - pods
    verbs: ["list", "watch"]

  - apiGroups: ["extensions", "apps"]
    resources:
    - replicasets
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - replicationcontrollers
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - resourcequotas
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - secrets
    verbs: ["list", "watch"]

  - apiGroups: [""]
    resources:
    - services
    verbs: ["list", "watch"]

  - apiGroups: ["apps"]
    resources:
    - statefulsets
    verbs: ["list", "watch"]

  - apiGroups: ["storage.k8s.io"]
    resources:
      - storageclasses
    verbs: ["list", "watch"]

  - apiGroups: ["admissionregistration.k8s.io"]
    resources:
      - validatingwebhookconfigurations
    verbs: ["list", "watch"]

  - apiGroups: ["storage.k8s.io"]
    resources:
      - volumeattachments
    verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/name: kube-state-metrics
  name: kube-state-metrics
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kube-state-metrics
subjects:
- kind: ServiceAccount
  name: kube-state-metrics
  namespace: monitoring
---

apiVersion: v1
kind: Service
metadata:
  name: kube-state-metrics
  namespace: monitoring
  labels:
    app.kubernetes.io/name: kube-state-metrics
  annotations:
    prometheus.io/scrape: 'true'
spec:
  type: "ClusterIP"
  ports:
  - name: "http"
    protocol: TCP
    port: 8080
    targetPort: 8080
  selector:
    app.kubernetes.io/name: kube-state-metrics
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kube-state-metrics
  namespace: monitoring
  labels:
    app.kubernetes.io/name: kube-state-metrics
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: kube-state-metrics
  replicas: 1
  template:
    metadata:
      labels:
        app.kubernetes.io/name: kube-state-metrics
    spec:
      serviceAccountName: kube-state-metrics
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsUser: 65534
      containers:
      - name: kube-state-metrics
        args:
        #- --resources=certificatesigningrequests
        - --resources=configmaps
        - --resources=cronjobs
        - --resources=daemonsets
        - --resources=deployments
        #- --resources=endpoints
        #- --resources=horizontalpodautoscalers
        - --resources=ingresses
        - --resources=jobs
        #- --resources=limitranges
        - --resources=mutatingwebhookconfigurations
        - --resources=namespaces
        #- --resources=networkpolicies
        - --resources=nodes
        - --resources=persistentvolumeclaims
        - --resources=persistentvolumes
        - --resources=poddisruptionbudgets
        - --resources=pods
        - --resources=replicasets
        #- --resources=replicationcontrollers
        #- --resources=resourcequotas
        - --resources=secrets
        - --resources=services
        - --resources=statefulsets
        - --resources=storageclasses
        - --resources=validatingwebhookconfigurations
        #- --resources=volumeattachments
        imagePullPolicy: IfNotPresent
        image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
        ports:
        - containerPort: 8080
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /
            port: 8080
          initialDelaySeconds: 5
          timeoutSeconds: 5
---