[prometheus-node-exporter] Add permissions for 'CustomResources' with 'extraRules'

[Alja9]

Is your feature request related to a problem ?

I use kubeRBACproxy to make metrics endpoint to https and I install node-exporter in different cluster from prometheus. And I use serviceaccount token for auth. But the error that always appears is Forbidden when trying to curl https metrics from different cluster.

Describe the solution you'd like.

When the node-exporter installation is finish, there is a note like this :

kube-rbac-proxy endpoint protections is enabled:
- Metrics endpoints is now HTTPS
- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions:
rules:
  - apiGroups: [ "" ]
    resources: ["services/prometheus-node-exporter"]
    verbs:
      - get

So temporary solution, I need to manually add those rules to the node-exporter clusterrole to allow the serviceaccount token to working well.
Possible solution: Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration.

Describe alternatives you've considered.

Add extraRules: [] in rbac section

Additional context.

No response