[kube-state-metrics] Use kube-rbac-proxy ports for probes when kube-rbac-proxy is enabled

[r0bj]

What this PR does / why we need it

When kubeRBACProxy is enabled, probes from the kubelet fail because the kube-state-metrics ports are bound to 127.0.0.1. This PR configures the probes to use the ports protected by kube-rbac-proxy, ensuring that health checks succeed when kube-rbac-proxy is enabled.

For more context, please refer to this comment.

Which issue this PR fixes

(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged)

• fixes [kube-state-metrics] Readiness probe not working with rbac proxy #4992

Special notes for your reviewer

Checklist

• DCO signed
• Chart Version bumped
• Title of the PR starts with chart name (e.g. [prometheus-couchdb-exporter])

[fahedouch]

thanks you for implementing this @r0bj. LGTM

For more context, please refer to #5215 (comment).

you comment link is pointing to the wrong comment ^^

[dotdc]

Hi @r0bj,
Thank you for your pull requests on this topic.
For the first part of the pull request, I think that you could use extraArgs and kubeRBACProxy.extraArgs directly.
If you need specific extra args for the http and telemetry containers, I would rather add something like kubeRBACProxy.extraHttpArgs and kubeRBACProxy.extraTelemetryArgs.
What do you think?

[r0bj]

@dotdc Yes, that also makes sense. We can remove the conditional logic for including --ignore-paths in the kube-rbac-proxy containers and instead rely on .Values.kubeRBACProxy.extraArgs to pass --ignore-paths=/livez,/readyz. Would that approach work better?

[dotdc]

Yes I would prefer, as it gives more flexibility.
Can you update the pull request?