add statusz implementation and enablement in apiserver

plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/serviceaccount"
 	"k8s.io/apiserver/pkg/authentication/user"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	zpagesfeatures "k8s.io/component-base/zpages/features"
 
 	rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1"
 	"k8s.io/kubernetes/pkg/features"
@@ -194,6 +195,18 @@ func NodeRules() []rbacv1.PolicyRule {
 
 // ClusterRoles returns the cluster roles to bootstrap an API server with
 func ClusterRoles() []rbacv1.ClusterRole {
+	monitoringRules := []rbacv1.PolicyRule{
+		rbacv1helpers.NewRule("get").URLs(
+			"/metrics", "/metrics/slis",
+			"/livez", "/readyz", "/healthz",
+			"/livez/*", "/readyz/*", "/healthz/*",
+		).RuleOrDie(),
+	}
+
+	if utilfeature.DefaultFeatureGate.Enabled(zpagesfeatures.ComponentStatusz) {
+		monitoringRules = append(monitoringRules, rbacv1helpers.NewRule("get").URLs("/statusz").RuleOrDie())
+	}
+
 	roles := []rbacv1.ClusterRole{
 		{
 			// a "root" role which can do absolutely anything
@@ -223,13 +236,7 @@ func ClusterRoles() []rbacv1.ClusterRole {
 			// The splatted health check endpoints allow read access to individual health check
 			// endpoints which may contain more sensitive cluster information information
 			ObjectMeta: metav1.ObjectMeta{Name: "system:monitoring"},
-			Rules: []rbacv1.PolicyRule{
-				rbacv1helpers.NewRule("get").URLs(
-					"/metrics", "/metrics/slis",
-					"/livez", "/readyz", "/healthz",
-					"/livez/*", "/readyz/*", "/healthz/*",
-				).RuleOrDie(),
-			},
+			Rules:      monitoringRules,
 		},
 	}