Can Prometheus work on kubernetes WITHOUT clusterscope access?

[Klavs Klavsen]

Can Prometheus work - if it does not have any privileges, except:

ClusterRole with these rules:

```

rules:

- apiGroups:

  - ""

  attributeRestrictions: null

  resources:

  - configmaps

  - endpoints

  - pods

  - services

  verbs:

  - get

  - list

  - watch

- apiGroups: null

  attributeRestrictions: null

  nonResourceURLs:

  - /metrics

  resources: []

  verbs:

  - get

```

and then RoleBindings to that ClusterRole in the namespaces - where I want it to monitor pods.. ?

It keeps logging that its trying to access v1.Pod at clusterscope level - and a short look at the code - makes it look like code is hardcoded to do that?

[Klavs Klavsen]

I would be absolutely fine with having to manually define pods it should scrape (and also which it should scrape pod request and limit information on via kubernetes api).