diff --git a/charts/k8s-monitoring/Chart.lock b/charts/k8s-monitoring/Chart.lock
index b2c2e2b5d7..9d111996b4 100644
--- a/charts/k8s-monitoring/Chart.lock
+++ b/charts/k8s-monitoring/Chart.lock
@@ -26,6 +26,9 @@ dependencies:
 - name: feature-pod-logs-via-kubernetes-api
   repository: ""
   version: 1.0.0
+- name: feature-kubernetes-manifests
+  repository: ""
+  version: 1.0.0
 - name: feature-profiling
   repository: ""
   version: 1.0.0
@@ -38,5 +41,5 @@ dependencies:
 - name: alloy-operator
   repository: https://grafana.github.io/helm-charts
   version: 0.3.14
-digest: sha256:660387cc1740f69780420e72cdddd6eb497097901a524e5d5f20b8a59303e402
-generated: "2025-12-02T10:47:58.495-06:00"
+digest: sha256:74d3926b919ff3580aecc7c990ca9b9e37b3a3d10a129cf61e3ba7deeaab6d6c
+generated: "2025-12-02T14:05:13.070402-06:00"
diff --git a/charts/k8s-monitoring/Chart.yaml b/charts/k8s-monitoring/Chart.yaml
index a752c06d5b..10ea416cec 100644
--- a/charts/k8s-monitoring/Chart.yaml
+++ b/charts/k8s-monitoring/Chart.yaml
@@ -58,6 +58,11 @@ dependencies:
     repository: ""
     version: 1.0.0
     condition: podLogsViaKubernetesApi.enabled
+  - alias: kubernetesManifests
+    name: feature-kubernetes-manifests
+    repository: ""
+    version: 1.0.0
+    condition: kubernetesManifests.enabled
   - alias: profiling
     name: feature-profiling
     repository: ""
diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md
index 746c967e2f..1da56c4b4b 100644
--- a/charts/k8s-monitoring/README.md
+++ b/charts/k8s-monitoring/README.md
@@ -248,6 +248,7 @@ details:
 |  | clusterEvents(feature-cluster-events) | 1.0.0 |
 |  | clusterMetrics(feature-cluster-metrics) | 1.0.0 |
 |  | integrations(feature-integrations) | 1.0.0 |
+|  | kubernetesManifests(feature-kubernetes-manifests) | 1.0.0 |
 |  | nodeLogs(feature-node-logs) | 1.0.0 |
 |  | podLogs(feature-pod-logs) | 1.0.0 |
 |  | podLogsViaKubernetesApi(feature-pod-logs-via-kubernetes-api) | 1.0.0 |
@@ -393,6 +394,13 @@ details:
 | integrations | object | No integrations enabled | Service Integrations enables gathering telemetry data for common services and applications deployed to Kubernetes. To see the valid options, please see the [Service Integrations documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-integrations). |
 | integrations.destinations | list | `[]` | The destinations where integration metrics will be sent. If empty, all metrics-capable destinations will be used. |
 
+### Features - Kubernetes Manifests
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kubernetesManifests.destinations | list | `[]` | The destinations where logs will be sent. If empty, all logs-capable destinations will be used. |
+| kubernetesManifests.enabled | bool | `false` | Enable gathering Kubernetes Manifests. |
+
 ### Features - Node Logs
 
 | Key | Type | Default | Description |
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/.helmignore b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/.helmignore
new file mode 100644
index 0000000000..2b29eaf564
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/.helmignore
@@ -0,0 +1,6 @@
+docs
+schema-mods
+tests
+Makefile
+README.md
+README.md.gotmpl
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Chart.lock b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Chart.lock
new file mode 100644
index 0000000000..cc833191e5
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Chart.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: "2024-08-28T15:09:37.347011-05:00"
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Chart.yaml b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Chart.yaml
new file mode 100644
index 0000000000..7951325271
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Chart.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v2
+name: feature-kubernetes-manifests
+description: Kubernetes Observability feature for gathering Kubernetes manifests.
+type: application
+sources:
+  - https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-kubernetes-manifests
+version: 1.0.0
+appVersion: 1.0.0
+maintainers:
+  - email: pete.wall@grafana.com
+    name: petewall
+dependencies: []
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Makefile b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Makefile
new file mode 100644
index 0000000000..bd42e5f39b
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/Makefile
@@ -0,0 +1,51 @@
+HAS_HELM_UNITTEST := $(shell helm plugin list | grep unittest 2> /dev/null)
+
+.SECONDEXPANSION:
+README.md: values.yaml Chart.yaml $$(wildcard README.md.gotmpl)
+	docker run --rm --platform linux/amd64 --volume $(shell pwd):/chart ghcr.io/grafana/helm-chart-toolbox-doc-generator --chart /chart > $@
+
+Chart.lock: Chart.yaml
+	helm dependency update .
+	@touch Chart.lock # Ensure the timestamp is updated
+
+values.schema.json: values.yaml $$(wildcard schema-mods/*)
+	docker run --rm --platform linux/amd64 --volume $(shell pwd):/chart ghcr.io/grafana/helm-chart-toolbox-schema-generator --chart /chart > $@
+
+.PHONY: clean
+clean:
+	rm -f README.md values.schema.json
+
+.PHONY: build
+build: README.md Chart.lock values.schema.json
+
+.PHONY: lint-shell
+lint-shell:
+	@if command -v shellcheck &> /dev/null; then \
+		shellcheck collect-manifests.sh; \
+	else \
+		docker run --rm -v $(shell pwd):/src --workdir /src koalaman/shellcheck:stable --rcfile .shellcheckrc templates/script.sh; \
+	fi
+
+.PHONY: lint-helm
+lint-helm:
+	helm lint .
+	ct lint --lint-conf ../../.lintconf.yaml --helm-dependency-extra-args=--skip-refresh --charts .
+
+.PHONY: lint
+lint: lint-shell lint-helm
+
+.PHONY: test
+test: build lint
+ifdef HAS_HELM_UNITTEST
+	helm unittest .
+else
+	docker run --rm --volume $(shell pwd):/apps helmunittest/helm-unittest:3.18.4-1.0.0 .
+endif
+
+.PHONY: update-test-snapshots
+update-test-snapshots:
+ifdef HAS_HELM_UNITTEST
+	helm unittest . --update-snapshot
+else
+	docker run --rm --volume $(shell pwd):/apps helmunittest/helm-unittest:3.18.4-1.0.0 . --update-snapshot
+endif
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/README.md b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/README.md
new file mode 100644
index 0000000000..6614de6050
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/README.md
@@ -0,0 +1,64 @@
+<!--
+(NOTE: Do not edit README.md directly. It is a generated file!)
+(      To make changes, please modify README.md.gotmpl and run `helm-docs`)
+-->
+
+# Feature: Kubernetes Manifests
+
+TODO
+
+## Usage
+
+```yaml
+kubernetesManifests:
+  enabled: true
+  ... [values](#values)
+```
+
+## Testing
+
+This chart contains unit tests to verify the generated configuration. The hidden value `deployAsConfigMap` will render
+the generated configuration into a ConfigMap object. While this ConfigMap is not used during regular operation, you can
+use it to show the outcome of a given values file.
+
+The unit tests use this ConfigMap to create an object with the configuration that can be asserted against. To run the
+tests, use `helm test`.
+
+Be sure perform actual integration testing in a live environment in the main [k8s-monitoring](../..) chart.
+
+<!-- textlint-disable terminology -->
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| petewall | <pete.wall@grafana.com> |  |
+<!-- textlint-enable terminology -->
+<!-- markdownlint-disable no-bare-urls -->
+<!-- markdownlint-disable list-marker-space -->
+## Source Code
+
+* <https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-kubernetes-manifests>
+<!-- markdownlint-enable list-marker-space -->
+<!-- markdownlint-enable no-bare-urls -->
+
+## Values
+
+### Image
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image | object | `{"digest":"","pullPolicy":"IfNotPresent","pullSecrets":[],"registry":"ghcr.io","repository":"grafana/helm-chart-toolbox-kubectl","tag":"0.1.3"}` | The image to run to get the Kubernetes manifests from this cluster. It must contain `kubectl` and `jq` at a minimum. |
+
+### General Settings
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kinds | object | `{"cronjobs":{"gather":false},"daemonsets":{"gather":false},"deployments":{"gather":false},"pods":{"gather":false},"statefulsets":{"gather":false}}` | The kinds of manifests to gather. |
+| namespaces | list | `[]` | Only gather manifests from these namespaces. If empty, gather from all. This affects the manifests gathered, but Also if this chart deploys ClusterRoles and ClusterRoleBindings or Roles and RoleBindings. |
+| refreshInterval | string | `"1d"` | How frequently to refresh all manifests, regardless of if they have changed. At maximum, this should be set lower Than the retention period for your log storage. |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| global.image.registry | string | `""` |  |
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/README.md.gotmpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/README.md.gotmpl
new file mode 100644
index 0000000000..f9e27dbfb6
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/README.md.gotmpl
@@ -0,0 +1,38 @@
+<!--
+(NOTE: Do not edit README.md directly. It is a generated file!)
+(      To make changes, please modify README.md.gotmpl and run `helm-docs`)
+-->
+
+# Feature: Kubernetes Manifests
+
+TODO
+
+## Usage
+
+```yaml
+kubernetesManifests:
+  enabled: true
+  ... [values](#values)
+```
+
+## Testing
+
+This chart contains unit tests to verify the generated configuration. The hidden value `deployAsConfigMap` will render
+the generated configuration into a ConfigMap object. While this ConfigMap is not used during regular operation, you can
+use it to show the outcome of a given values file.
+
+The unit tests use this ConfigMap to create an object with the configuration that can be asserted against. To run the
+tests, use `helm test`.
+
+Be sure perform actual integration testing in a live environment in the main [k8s-monitoring](../..) chart.
+
+<!-- textlint-disable terminology -->
+{{ template "chart.maintainersSection" . }}
+<!-- textlint-enable terminology -->
+<!-- markdownlint-disable no-bare-urls -->
+<!-- markdownlint-disable list-marker-space -->
+{{ template "chart.sourcesSection" . }}
+<!-- markdownlint-enable list-marker-space -->
+<!-- markdownlint-enable no-bare-urls -->
+{{ template "chart.requirementsSection" . }}
+{{ template "chart.valuesSection" . }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/collect-manifests.sh b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/collect-manifests.sh
new file mode 100755
index 0000000000..ccee01cbd7
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/collect-manifests.sh
@@ -0,0 +1,203 @@
+#!/bin/bash
+set -o pipefail
+
+script_name="${0##*/}"
+if [[ "${script_name}" == "bash" || "${script_name}" == "-bash" ]]; then
+  script_name="script.sh"
+fi
+
+DefaultWatchTimeout=30s
+ManifestRequestThrottling=0.1s
+WatchRestartDelay=5
+
+usage() {
+  echo "Usage: ${script_name} [OPTIONS]"
+  echo ""
+  echo "Collects Kubernetes manifests and saves them as files."
+  echo ""
+  echo "Resource manifests are stored at \${MANIFEST_DIR}/<kind>/<namespace>/<name>.json"
+  echo ""
+  echo "Requires the MANIFEST_DIR environment variable to be set to the target directory."
+  echo ""
+  echo "Options:"
+  echo "  -k, --kind <kind>        Kubernetes resource kind passed to \"kubectl get\"."
+  echo "                           Default: pods"
+  echo "  -n, --namespace <name>   Namespace to scan. When omitted, all namespaces"
+  echo "                           are scanned."
+  echo "  -f, --filters <list>     Comma or space separated list of jq selectors to drop"
+  echo "                           from the resource JSON. Default: \".status\""
+  echo "  --watch-timeout <time>   How long to keep a watch open before restarting."
+  echo "                           Default: ${DefaultWatchTimeout}s."
+  echo "  -h, --help               Show this help message."
+}
+
+kind="pods"
+kindDir="pods"
+namespace=""
+filters=(".status")
+watchTimeout="${DefaultWatchTimeout}"
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    -k|--kind)
+      if [[ $# -lt 2 ]]; then
+        echo "Error: --kind requires an argument." >&2
+        usage
+        exit 1
+      fi
+      kind="$2"
+      kindDir="${kind,,}"  # Forces lowercase
+      kindDir="${kindDir//[^a-z0-9._-]/_}"  # Replace special characters with _
+      shift 2
+      ;;
+    -n|--namespace)
+      if [[ $# -lt 2 ]]; then
+        echo "Error: --namespace requires an argument." >&2
+        usage
+        exit 1
+      fi
+      namespace="$2"
+      shift 2
+      ;;
+    -f|--filters)
+      if [[ $# -lt 2 ]]; then
+        echo "Error: --filters requires an argument." >&2
+        usage
+        exit 1
+      fi
+
+      filters=()
+      sanitized="${2//$'\n'/ }"
+      sanitized="${sanitized//,/ }"
+      read -ra parsedFilters <<< "${sanitized}"
+      for filter in "${parsedFilters[@]}"; do
+        [[ -n "${filter}" ]] || continue
+        filters+=("${filter}")
+      done
+      jqFilters="$(build_jq_filter "${filters[@]}")"
+
+      shift 2
+      ;;
+    --watch-timeout)
+      if [[ $# -lt 2 ]]; then
+        echo "Error: --watch-timeout requires an argument." >&2
+        usage
+        exit 1
+      fi
+      watchTimeout="$2"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Unknown option: $1" >&2
+      usage
+      exit 1
+      ;;
+  esac
+done
+
+if [[ -z "${MANIFEST_DIR:-}" ]]; then
+  echo "Error: MANIFEST_DIR environment variable must be set." >&2
+  exit 1
+fi
+
+mkdir -p "${MANIFEST_DIR}"
+
+build_jq_filter() {
+  local program="."
+  for filter in "$@"; do
+    [[ -n "${filter}" ]] || continue
+    program+=" | del(${filter})"
+  done
+  printf '%s' "${program}"
+}
+
+jqFilters="$(build_jq_filter "${filters[@]}")"
+
+collect_manifest() {
+  local namespace="$1"
+  local resourceName="$2"
+
+  [[ -n "${namespace}" && -n "${resourceName}" ]] || return 0
+
+  local namespaceDir="${MANIFEST_DIR}/${kindDir}/${namespace}"
+  mkdir -p "${namespaceDir}"
+
+  local outputFile="${namespaceDir}/${resourceName}.json"
+  local tmpFile="${outputFile}.tmp"
+
+  if kubectl get "${kind}" --namespace "${namespace}" "${resourceName}" -o json \
+    | jq --compact-output "${jqFilters}" > "${tmpFile}"; then
+    if [[ ! -f "${outputFile}" ]] || ! cmp -s "${tmpFile}" "${outputFile}"; then
+      echo "[INFO] ${kind}: Saving manifest for \"${namespace}/${resourceName}\""
+      mv "${tmpFile}" "${outputFile}"
+    else
+      echo "[DEBUG] ${kind}: No changes to manifest for \"${namespace}/${resourceName}\""
+      rm -f "${tmpFile}"
+    fi
+  else
+    echo "[ERROR] ${kind}: Failed to collect manifest for ${kind} ${namespace}/${resourceName}" >&2
+    rm -f "${tmpFile}"
+  fi
+}
+
+remove_manifest() {
+  local namespace="$1"
+  local resourceName="$2"
+
+  [[ -n "${namespace}" && -n "${resourceName}" ]] || return
+
+  local outputFile="${MANIFEST_DIR}/${kindDir}/${namespace}/${resourceName}.json"
+  if [[ -f "${outputFile}" ]]; then
+    rm -f "${outputFile}"
+    echo "[INFO] ${kind}: Removed manifest for \"${namespace}/${resourceName}\""
+  fi
+}
+
+handle_watch_event() {
+  local eventType="$1"
+  local namespace="$2"
+  local resourceName="$3"
+
+  [[ -n "${eventType}" && -n "${namespace}" && -n "${resourceName}" ]] || return
+
+  echo "[DEBUG] ${kind}: ${eventType} event for ${namespace}/${resourceName}"
+  case "${eventType}" in
+    ADDED|MODIFIED)
+      collect_manifest "${namespace}" "${resourceName}"
+      ;;
+    DELETED)
+      remove_manifest "${namespace}" "${resourceName}"
+      ;;
+    *)
+      ;;
+  esac
+}
+
+watch_resources() {
+  local kubectlArgs=()
+  if [[ -n "${namespace}" ]]; then
+    kubectlArgs=(--namespace "${namespace}")
+    echo "[INFO] ${kind}: Watching namespace ${namespace}"
+  else
+    kubectlArgs=(--all-namespaces)
+    echo "[INFO] ${kind}: Watching all namespaces"
+  fi
+
+  while true; do
+    if ! timeout --foreground "${watchTimeout}" kubectl get "${kind}" "${kubectlArgs[@]}" --watch --output-watch-events -o json \
+      | jq --unbuffered -r 'select(.object.metadata.namespace != null and .object.metadata.name != null and .type != null) | "\(.type) \(.object.metadata.namespace) \(.object.metadata.name)"' \
+      | while read -r eventType namespace resourceName; do
+          handle_watch_event "${eventType}" "${namespace}" "${resourceName}"
+          sleep "${ManifestRequestThrottling}"  # Throttle the requests
+        done; then
+      echo "[WARN] ${kind}: Watch ended. Restarting in ${WatchRestartDelay} seconds." >&2
+      sleep "${WatchRestartDelay}"
+    fi
+  done
+}
+
+watch_resources
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_collector_validation.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_collector_validation.tpl
new file mode 100644
index 0000000000..7649212eba
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_collector_validation.tpl
@@ -0,0 +1,4 @@
+{{/* Validates that the Alloy instance is appropriate for the given Kubernetes Manifests settings */}}
+{{/* Inputs: Values (Kubernetes Manifests values), Collector (Alloy values), CollectorName (string) */}}
+{{- define "feature.kubernetesManifests.collector.validate" -}}
+{{- end -}}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_helpers.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_helpers.tpl
new file mode 100644
index 0000000000..276d91802c
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_helpers.tpl
@@ -0,0 +1,3 @@
+{{- define "escape_label" -}}
+{{ . | replace "-" "_" | replace "." "_" | replace "/" "_" }}
+{{- end }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_module.alloy.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_module.alloy.tpl
new file mode 100644
index 0000000000..e6905ce0ab
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_module.alloy.tpl
@@ -0,0 +1,22 @@
+{{- define "feature.kubernetesManifests.module" }}
+declare "kubernetes_manifests" {
+  argument "logs_destinations" {
+    comment = "Must be a list of log destinations where collected logs should be forwarded to"
+  }
+{{- if .Values.kinds.pods.gather }}
+{{ include "feature.kubernetesManifests.pods" . | nindent 2 }}
+{{- end }}
+{{- if .Values.kinds.deployments.gather }}
+{{ include "feature.kubernetesManifests.workload" (dict "kind" "deployment" "Values" .Values "Release" .Release) | nindent 2 }}
+{{- end }}
+{{- if .Values.kinds.statefulsets.gather }}
+{{ include "feature.kubernetesManifests.workload" (dict "kind" "statefulset" "Values" .Values "Release" .Release) | nindent 2 }}
+{{- end }}
+{{- if .Values.kinds.daemonsets.gather }}
+{{ include "feature.kubernetesManifests.workload" (dict "kind" "daemonset" "Values" .Values "Release" .Release) | nindent 2 }}
+{{- end }}
+{{- if .Values.kinds.cronjobs.gather }}
+{{ include "feature.kubernetesManifests.workload" (dict "kind" "cronjob" "Values" .Values "Release" .Release) | nindent 2 }}
+{{- end }}
+}
+{{- end -}}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_notes.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_notes.tpl
new file mode 100644
index 0000000000..4d542cf0bd
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_notes.tpl
@@ -0,0 +1,11 @@
+{{- define "feature.kubernetesManifests.notes.deployments" }}{{- end }}
+
+{{- define "feature.kubernetesManifests.notes.task" }}
+Gather Kubernetes manifests
+{{- end }}
+
+{{- define "feature.kubernetesManifests.notes.actions" }}{{- end }}
+
+{{- define "feature.kubernetesManifests.summary" -}}
+version: {{ .Chart.Version }}
+{{- end }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_pods.alloy.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_pods.alloy.tpl
new file mode 100644
index 0000000000..5b2c001f9a
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_pods.alloy.tpl
@@ -0,0 +1,61 @@
+{{- define "feature.kubernetesManifests.pods" }}
+otelcol.receiver.filelog "pod_manifests" {
+  include = ["/var/kubernetes-manifests/pods/*/*.json"]
+  include_file_path_resolved = true
+  start_at = "beginning"
+  delete_after_read = true
+
+  output {
+    logs = [otelcol.processor.transform.pod_manifests.input]
+  }
+}
+
+otelcol.processor.transform "pod_manifests" {
+  error_mode = "ignore"
+
+  log_statements {
+    context = "log"
+    statements = [
+      `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/pods/(?P<namespace>[^/]+)/(?P<pod>[^.]+)\\.json$"), "upsert")`,
+      `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+      `set(resource.attributes["k8s.pod.name"], attributes["pod"])`,
+      `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+      `set(resource.attributes["service.namespace"], {{ $.Release.Namespace | quote }})`,
+    ]
+  }
+
+  output {
+    logs = [otelcol.processor.k8sattributes.pod_manifests.input]
+  }
+}
+
+otelcol.processor.k8sattributes "pod_manifests" {
+  pod_association {
+    source {
+      from = "resource_attribute"
+      name = "k8s.pod.name"
+    }
+    source {
+      from = "resource_attribute"
+      name = "k8s.namespace.name"
+    }
+  }
+
+  extract {
+    metadata = [
+      "k8s.cronjob.name",
+      "k8s.daemonset.name",
+      "k8s.deployment.name",
+      "k8s.job.name",
+      "k8s.node.name",
+      "k8s.pod.start_time",
+      "k8s.replicaset.name",
+      "k8s.statefulset.name",
+    ]
+  }
+
+  output {
+    logs = argument.logs_destinations.value
+  }
+}
+{{- end -}}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_sidecar.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_sidecar.tpl
new file mode 100644
index 0000000000..84fd807e19
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_sidecar.tpl
@@ -0,0 +1,57 @@
+{{- define "feature.kubernetesManifests.sidecarContainer" }}
+{{- $globalArgs := "" }}
+{{- if .Values.refreshInterval }}
+  {{- $globalArgs = printf "--watch-timeout %s" (.Values.refreshInterval | quote) }}
+{{- end }}
+- name: kubernetes-manifest-collector
+  {{- with .Values.image }}
+    {{- if .digest }}
+  image: "{{ $.Values.global.image.registry | default .registry }}/{{ .repository }}@{{ .digest }}"
+    {{- else }}
+  image: "{{ $.Values.global.image.registry | default .registry  }}/{{ .repository }}:{{ .tag }}"
+    {{- end }}
+  {{- end }}
+  imagePullPolicy: {{ .Values.image.pullPolicy }}
+  command:
+    - /bin/bash
+    - -c
+    - |
+      set -euo pipefail
+      pids=()
+{{- range $kind := keys .Values.kinds | sortAlpha }}
+{{- if dig $kind "gather" false $.Values.kinds }}
+{{- if not $.Values.namespaces }}
+      bash /etc/alloy/collect-manifests.sh --kind {{ $kind }} {{ $globalArgs }} &
+      pids+=("$!")
+{{- else }}
+{{- range $namespace := $.Values.namespaces }}
+      bash /etc/alloy/collect-manifests.sh --kind {{ $kind }} --namespace {{ $namespace | quote }} {{ $globalArgs }} &
+      pids+=("$!")
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+      trap 'for pid in "${pids[@]}"; do kill "${pid}" 2>/dev/null || true; done' EXIT
+      wait -n "${pids[@]}"
+  env:
+    - name: MANIFEST_DIR
+      value: /var/kubernetes-manifests
+  volumeMounts:
+    - mountPath: /etc/alloy
+      name: config
+    - mountPath: /var/kubernetes-manifests
+      name: kubernetes-manifests
+      readOnly: false
+{{- end }}
+
+{{- define "feature.kubernetesManifests.volume" }}
+- name: kubernetes-manifests
+  emptyDir:
+    medium: Memory
+{{- end }}
+
+{{- define "feature.kubernetesManifests.volumeMount" }}
+- mountPath: /var/kubernetes-manifests
+  name: kubernetes-manifests
+  readOnly: false
+{{- end }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_validation.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_validation.tpl
new file mode 100644
index 0000000000..064e0f2ccd
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_validation.tpl
@@ -0,0 +1,18 @@
+{{- define "feature.kubernetesManifests.validate" }}
+{{- $atLeastOneKindIsEnabled := false }}
+{{- range $kind := keys .Values.kinds }}
+  {{- if dig $kind "gather" false $.Values.kinds }}
+    {{- $atLeastOneKindIsEnabled = true }}
+  {{- end }}
+{{- end }}
+{{- if not $atLeastOneKindIsEnabled }}
+  {{- $msg := list "" "At least one manifest kind must be enabled to use Kubernetes Manifest gathering." }}
+  {{- $msg = append $msg "Please enable one. For example:" }}
+  {{- $msg = append $msg "kubernetesManifests:" }}
+  {{- $msg = append $msg "  kinds:" }}
+  {{- $msg = append $msg "    pods:" }}
+  {{- $msg = append $msg "      gather: true" }}
+  {{- $msg = append $msg "See https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-kubernetes-manifests for more details." }}
+  {{- fail (join "\n" $msg) }}
+{{- end }}
+{{- end }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_workload.alloy.tpl b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_workload.alloy.tpl
new file mode 100644
index 0000000000..163656d864
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/_workload.alloy.tpl
@@ -0,0 +1,31 @@
+{{- define "feature.kubernetesManifests.workload" }}
+otelcol.receiver.filelog "{{ .kind }}_manifests" {
+  include = ["/var/kubernetes-manifests/{{ .kind }}s/*/*.json"]
+  include_file_path_resolved = true
+  start_at = "beginning"
+  delete_after_read = true
+
+  output {
+    logs = [otelcol.processor.transform.{{ .kind }}_manifests.input]
+  }
+}
+
+otelcol.processor.transform "{{ .kind }}_manifests" {
+  error_mode = "ignore"
+
+  log_statements {
+    context = "log"
+    statements = [
+      `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/{{ .kind }}s/(?P<namespace>[^/]+)/(?P<{{ .kind }}>[^.]+)\\.json$"), "upsert")`,
+      `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+      `set(resource.attributes["k8s.{{ .kind }}.name"], attributes["{{ .kind }}"])`,
+      `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+      `set(resource.attributes["service.namespace"], {{ $.Release.Namespace | quote }})`,
+    ]
+  }
+
+  output {
+    logs = argument.logs_destinations.value
+  }
+}
+{{- end -}}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/test/collector.yaml b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/test/collector.yaml
new file mode 100644
index 0000000000..89b62d8712
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/test/collector.yaml
@@ -0,0 +1,14 @@
+{{- if eq (((index .Values "testing") | default false) | toString) "true" }}
+{{ include "feature.kubernetesManifests.collector.validate" (dict "Values" .Values "Collector" .Values.test.Collector "CollectorName" "alloy-test" )}}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ .Chart.Name }}-test-collector
+  namespace: {{ .Release.Namespace }}
+spec:
+  containers:
+    - name: alloy
+      image: grafana/alloy
+{{- include "feature.kubernetesManifests.sidecarContainer" . | indent 4 }}
+{{- end }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/test/configmap.yaml b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/test/configmap.yaml
new file mode 100644
index 0000000000..7a854c58fb
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/templates/test/configmap.yaml
@@ -0,0 +1,14 @@
+{{- if eq (((index .Values "testing") | default false) | toString) "true" }}
+{{- include "feature.kubernetesManifests.validate" . }}
+{{- $alloyConfig := include "feature.kubernetesManifests.module" . }}
+{{- $alloyConfig = regexReplaceAll `[ \t]+(\r?\n)` $alloyConfig "\n" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-test-config
+  namespace: {{ .Release.Namespace }}
+data:
+  module.alloy: |-
+    {{- $alloyConfig | trim | nindent 4 }}
+{{- end }}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/__snapshot__/default_test.yaml.snap b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/__snapshot__/default_test.yaml.snap
new file mode 100644
index 0000000000..0e8872a3b2
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/__snapshot__/default_test.yaml.snap
@@ -0,0 +1,336 @@
+should allow filtering by namespace:
+  1: |
+    |-
+      declare "kubernetes_manifests" {
+        argument "logs_destinations" {
+          comment = "Must be a list of log destinations where collected logs should be forwarded to"
+        }
+
+
+        otelcol.receiver.filelog "deployment_manifests" {
+          include = ["/var/kubernetes-manifests/deployments/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.deployment_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "deployment_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/deployments/(?P<namespace>[^/]+)/(?P<deployment>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.deployment.name"], attributes["deployment"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+
+
+        otelcol.receiver.filelog "statefulset_manifests" {
+          include = ["/var/kubernetes-manifests/statefulsets/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.statefulset_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "statefulset_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/statefulsets/(?P<namespace>[^/]+)/(?P<statefulset>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.statefulset.name"], attributes["statefulset"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+
+
+        otelcol.receiver.filelog "daemonset_manifests" {
+          include = ["/var/kubernetes-manifests/daemonsets/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.daemonset_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "daemonset_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/daemonsets/(?P<namespace>[^/]+)/(?P<daemonset>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.daemonset.name"], attributes["daemonset"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+
+
+        otelcol.receiver.filelog "cronjob_manifests" {
+          include = ["/var/kubernetes-manifests/cronjobs/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.cronjob_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "cronjob_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/cronjobs/(?P<namespace>[^/]+)/(?P<cronjob>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.cronjob.name"], attributes["cronjob"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+      }
+  2: |
+    command:
+      - /bin/bash
+      - -c
+      - |
+        set -euo pipefail
+        pids=()
+        bash /etc/alloy/collect-manifests.sh --kind cronjobs --namespace "default" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind cronjobs --namespace "production" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind daemonsets --namespace "default" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind daemonsets --namespace "production" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind deployments --namespace "default" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind deployments --namespace "production" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind pod --namespace "default" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind pod --namespace "production" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind statefulsets --namespace "default" --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind statefulsets --namespace "production" --watch-timeout "1d" &
+        pids+=("$!")
+        trap 'for pid in "${pids[@]}"; do kill "${pid}" 2>/dev/null || true; done' EXIT
+        wait -n "${pids[@]}"
+    env:
+      - name: MANIFEST_DIR
+        value: /var/kubernetes-manifests
+    image: ghcr.io/grafana/helm-chart-toolbox-kubectl:0.1.3
+    imagePullPolicy: IfNotPresent
+    name: kubernetes-manifest-collector
+    volumeMounts:
+      - mountPath: /etc/alloy
+        name: config
+      - mountPath: /var/kubernetes-manifests
+        name: kubernetes-manifests
+        readOnly: false
+should render the default configuration:
+  1: |
+    |-
+      declare "kubernetes_manifests" {
+        argument "logs_destinations" {
+          comment = "Must be a list of log destinations where collected logs should be forwarded to"
+        }
+
+
+        otelcol.receiver.filelog "deployment_manifests" {
+          include = ["/var/kubernetes-manifests/deployments/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.deployment_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "deployment_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/deployments/(?P<namespace>[^/]+)/(?P<deployment>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.deployment.name"], attributes["deployment"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+
+
+        otelcol.receiver.filelog "statefulset_manifests" {
+          include = ["/var/kubernetes-manifests/statefulsets/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.statefulset_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "statefulset_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/statefulsets/(?P<namespace>[^/]+)/(?P<statefulset>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.statefulset.name"], attributes["statefulset"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+
+
+        otelcol.receiver.filelog "daemonset_manifests" {
+          include = ["/var/kubernetes-manifests/daemonsets/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.daemonset_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "daemonset_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/daemonsets/(?P<namespace>[^/]+)/(?P<daemonset>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.daemonset.name"], attributes["daemonset"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+
+
+        otelcol.receiver.filelog "cronjob_manifests" {
+          include = ["/var/kubernetes-manifests/cronjobs/*/*.json"]
+          include_file_path_resolved = true
+          start_at = "beginning"
+          delete_after_read = true
+
+          output {
+            logs = [otelcol.processor.transform.cronjob_manifests.input]
+          }
+        }
+
+        otelcol.processor.transform "cronjob_manifests" {
+          error_mode = "ignore"
+
+          log_statements {
+            context = "log"
+            statements = [
+              `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/cronjobs/(?P<namespace>[^/]+)/(?P<cronjob>[^.]+)\\.json$"), "upsert")`,
+              `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+              `set(resource.attributes["k8s.cronjob.name"], attributes["cronjob"])`,
+              `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+              `set(resource.attributes["service.namespace"], "NAMESPACE")`,
+            ]
+          }
+
+          output {
+            logs = argument.logs_destinations.value
+          }
+        }
+      }
+  2: |
+    command:
+      - /bin/bash
+      - -c
+      - |
+        set -euo pipefail
+        pids=()
+        bash /etc/alloy/collect-manifests.sh --kind cronjobs --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind daemonsets --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind deployments --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind pod --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind statefulsets --watch-timeout "1d" &
+        pids+=("$!")
+        trap 'for pid in "${pids[@]}"; do kill "${pid}" 2>/dev/null || true; done' EXIT
+        wait -n "${pids[@]}"
+    env:
+      - name: MANIFEST_DIR
+        value: /var/kubernetes-manifests
+    image: ghcr.io/grafana/helm-chart-toolbox-kubectl:0.1.3
+    imagePullPolicy: IfNotPresent
+    name: kubernetes-manifest-collector
+    volumeMounts:
+      - mountPath: /etc/alloy
+        name: config
+      - mountPath: /var/kubernetes-manifests
+        name: kubernetes-manifests
+        readOnly: false
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/default_test.yaml b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/default_test.yaml
new file mode 100644
index 0000000000..583356fa90
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/default_test.yaml
@@ -0,0 +1,44 @@
+# yamllint disable rule:document-start rule:line-length rule:trailing-spaces
+suite: Test default values
+templates:
+  - test/configmap.yaml
+  - test/collector.yaml
+tests:
+  - it: should render the default configuration
+    set:
+      kinds:
+        pod: {gather: true}
+        deployments: {gather: true}
+        statefulsets: {gather: true}
+        daemonsets: {gather: true}
+        cronjobs: {gather: true}
+      testing: true
+      test:
+        Collector: {}
+    asserts:
+      - template: test/configmap.yaml
+        matchSnapshot:
+          path: data["module.alloy"]
+      - template: test/collector.yaml
+        matchSnapshot:
+          path: spec.containers[1]
+
+  - it: should allow filtering by namespace
+    set:
+      namespaces: [default, production]
+      kinds:
+        pod: {gather: true}
+        deployments: {gather: true}
+        statefulsets: {gather: true}
+        daemonsets: {gather: true}
+        cronjobs: {gather: true}
+      testing: true
+      test:
+        Collector: {}
+    asserts:
+      - template: test/configmap.yaml
+        matchSnapshot:
+          path: data["module.alloy"]
+      - template: test/collector.yaml
+        matchSnapshot:
+          path: spec.containers[1]
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/validation_test.yaml b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/validation_test.yaml
new file mode 100644
index 0000000000..8774866117
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/tests/validation_test.yaml
@@ -0,0 +1,18 @@
+# yamllint disable rule:document-start rule:line-length rule:trailing-spaces
+suite: Test - Kubernetes Manifests - Validation
+templates:
+  - test/configmap.yaml
+tests:
+  - it: requires at least one manifest kind
+    set:
+      testing: true
+    asserts:
+      - failedTemplate:
+          errorMessage: |-
+            At least one manifest kind must be enabled to use Kubernetes Manifest gathering.
+            Please enable one. For example:
+            kubernetesManifests:
+              kinds:
+                pods:
+                  gather: true
+            See https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-kubernetes-manifests for more details.
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/values.schema.json b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/values.schema.json
new file mode 100644
index 0000000000..0b32088548
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/values.schema.json
@@ -0,0 +1,93 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "global": {
+            "type": "object",
+            "properties": {
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "registry": {
+                            "type": "string"
+                        }
+                    }
+                }
+            }
+        },
+        "image": {
+            "type": "object",
+            "properties": {
+                "digest": {
+                    "type": "string"
+                },
+                "pullPolicy": {
+                    "type": "string"
+                },
+                "pullSecrets": {
+                    "type": "array"
+                },
+                "registry": {
+                    "type": "string"
+                },
+                "repository": {
+                    "type": "string"
+                },
+                "tag": {
+                    "type": "string"
+                }
+            }
+        },
+        "kinds": {
+            "type": "object",
+            "properties": {
+                "cronjobs": {
+                    "type": "object",
+                    "properties": {
+                        "gather": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "daemonsets": {
+                    "type": "object",
+                    "properties": {
+                        "gather": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "deployments": {
+                    "type": "object",
+                    "properties": {
+                        "gather": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "pods": {
+                    "type": "object",
+                    "properties": {
+                        "gather": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "statefulsets": {
+                    "type": "object",
+                    "properties": {
+                        "gather": {
+                            "type": "boolean"
+                        }
+                    }
+                }
+            }
+        },
+        "namespaces": {
+            "type": "array"
+        },
+        "refreshInterval": {
+            "type": "string"
+        }
+    }
+}
diff --git a/charts/k8s-monitoring/charts/feature-kubernetes-manifests/values.yaml b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/values.yaml
new file mode 100644
index 0000000000..bc00309396
--- /dev/null
+++ b/charts/k8s-monitoring/charts/feature-kubernetes-manifests/values.yaml
@@ -0,0 +1,40 @@
+---
+global:
+  image:
+    # @section -- Image
+    registry: ""
+
+# -- How frequently to refresh all manifests, regardless of if they have changed. At maximum, this should be set lower
+# Than the retention period for your log storage.
+# @section -- General Settings
+refreshInterval: 1d
+
+# -- Only gather manifests from these namespaces. If empty, gather from all. This affects the manifests gathered, but
+# Also if this chart deploys ClusterRoles and ClusterRoleBindings or Roles and RoleBindings.
+# @section -- General Settings
+namespaces: []
+
+# -- The kinds of manifests to gather.
+# @section -- General Settings
+kinds:
+  pods:
+    gather: false
+  deployments:
+    gather: false
+  statefulsets:
+    gather: false
+  daemonsets:
+    gather: false
+  cronjobs:
+    gather: false
+
+# -- The image to run to get the Kubernetes manifests from this cluster. It must contain
+# `kubectl` and `jq` at a minimum.
+# @section -- Image
+image:
+  registry: ghcr.io
+  repository: grafana/helm-chart-toolbox-kubectl
+  tag: 0.1.3
+  digest: ""
+  pullPolicy: IfNotPresent
+  pullSecrets: []
diff --git a/charts/k8s-monitoring/collectors/upstream/alloy-values.yaml b/charts/k8s-monitoring/collectors/upstream/alloy-values.yaml
index 5dc72afa51..0a7c5d8d67 100644
--- a/charts/k8s-monitoring/collectors/upstream/alloy-values.yaml
+++ b/charts/k8s-monitoring/collectors/upstream/alloy-values.yaml
@@ -41,6 +41,8 @@ alloy:
   # -- Path to where Grafana Alloy stores data (for example, the Write-Ahead Log).
   # By default, data is lost between reboots.
   storagePath: /tmp/alloy
+  # -- Enables Grafana Alloy container's http server port.
+  enableHttpServerPort: true
   # -- Address to listen for traffic on. 0.0.0.0 exposes the UI to other
   # containers.
   listenAddr: 0.0.0.0
@@ -48,6 +50,10 @@ alloy:
   listenPort: 12345
   # -- Scheme is needed for readiness probes. If enabling tls in your configs, set to "HTTPS"
   listenScheme: HTTP
+  # -- Initial delay for readiness probe.
+  initialDelaySeconds: 10
+  # -- Timeout for readiness probe.
+  timeoutSeconds: 1
   # --  Base path where the UI is exposed.
   uiPathPrefix: /
   # -- Enables sending Grafana Labs anonymous usage stats to help improve Grafana
@@ -113,6 +119,57 @@ image:
 rbac:
   # -- Whether to create RBAC resources for Alloy.
   create: true
+  # -- If set, only create Roles and RoleBindings in the given list of namespaces, rather than ClusterRoles and
+  # ClusterRoleBindings. If not using ClusterRoles, bear in mind that Alloy will not be able to discover cluster-scoped
+  # resources such as Nodes.
+  namespaces: []
+  # -- The rules to create for the ClusterRole or Role objects.
+  rules:
+    # -- Rules required for the `discovery.kubernetes` component.
+    - apiGroups: ["", "discovery.k8s.io", "networking.k8s.io"]
+      resources: ["endpoints", "endpointslices", "ingresses", "pods", "services"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `loki.source.kubernetes` component.
+    - apiGroups: [""]
+      resources: ["pods", "pods/log", "namespaces"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `loki.source.podlogs` component.
+    - apiGroups: ["monitoring.grafana.com"]
+      resources: ["podlogs"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `mimir.rules.kubernetes` component.
+    - apiGroups: ["monitoring.coreos.com"]
+      resources: ["prometheusrules"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `mimir.alerts.kubernetes` component.
+    - apiGroups: ["monitoring.coreos.com"]
+      resources: ["alertmanagerconfigs"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `prometheus.operator.*` components.
+    - apiGroups: ["monitoring.coreos.com"]
+      resources: ["podmonitors", "servicemonitors", "probes", "scrapeconfigs"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `loki.source.kubernetes_events` component.
+    - apiGroups: [""]
+      resources: ["events"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `remote.kubernetes.*` components.
+    - apiGroups: [""]
+      resources: ["configmaps", "secrets"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for the `otelcol.processor.k8sattributes` component.
+    - apiGroups: ["apps", "extensions"]
+      resources: ["replicasets"]
+      verbs: ["get", "list", "watch"]
+  # -- The rules to create for the ClusterRole objects.
+  clusterRules:
+    # -- Rules required for the `discovery.kubernetes` component.
+    - apiGroups: [""]
+      resources: ["nodes", "nodes/proxy", "nodes/metrics"]
+      verbs: ["get", "list", "watch"]
+    # -- Rules required for accessing metrics endpoint.
+    - nonResourceURLs: ["/metrics"]
+      verbs: ["get"]
 serviceAccount:
   # -- Whether to create a service account for the Grafana Alloy deployment.
   create: true
@@ -153,11 +210,15 @@ controller:
   type: 'daemonset'
   # -- Number of pods to deploy. Ignored when controller.type is 'daemonset'.
   replicas: 1
+  # -- Extra labels to add to the controller.
+  extraLabels: {}
   # -- Annotations to add to controller.
   extraAnnotations: {}
   # -- Whether to deploy pods in parallel. Only used when controller.type is
   # 'statefulset'.
   parallelRollout: true
+  # -- How many additional seconds to wait before considering a pod ready.
+  minReadySeconds: 10
   # -- Configures Pods to use the host network. When set to true, the ports that will be used must be specified.
   hostNetwork: false
   # -- Configures Pods to use the host PID namespace.
@@ -308,6 +369,19 @@ controller:
   initContainers: []
   # -- Additional containers to run alongside the Alloy container and initContainers.
   extraContainers: []
+networkPolicy:
+  enabled: false
+  flavor: kubernetes
+  policyTypes:
+    - Ingress
+    - Egress
+  # Default allow all traffic because Alloy is so configurable
+  # It is recommended to change this before deploying to production
+  # To disable each policyType, set value to `null`
+  ingress:
+    - {}
+  egress:
+    - {}
 service:
   # -- Creates a Service for the controller's pods.
   enabled: true
diff --git a/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml b/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml
index a2b83005ad..8d2d9d7a92 100644
--- a/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/auth/bearer-token/output.yaml
@@ -1027,12 +1027,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1067,6 +1069,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1128,9 +1131,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1178,8 +1183,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1220,6 +1337,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1228,6 +1346,7 @@ spec:
       value: sample-bearer-token
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1262,6 +1381,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1323,9 +1443,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1375,8 +1497,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1417,6 +1651,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1427,6 +1662,7 @@ spec:
       protocol: TCP
       targetPort: 14268
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1461,6 +1697,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1522,9 +1759,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1572,8 +1811,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml
index e612125367..160ba50f25 100644
--- a/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/auth/embedded-secrets/output.yaml
@@ -1007,12 +1007,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1047,6 +1049,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1108,9 +1111,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1158,8 +1163,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1200,12 +1317,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1240,6 +1359,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1301,9 +1421,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1353,8 +1475,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1395,6 +1629,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1405,6 +1640,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1439,6 +1675,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1500,9 +1737,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1550,8 +1789,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml b/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml
index a9ccc521c9..5e1e3936c0 100644
--- a/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/auth/external-secrets/output.yaml
@@ -1088,6 +1088,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1111,6 +1112,7 @@ spec:
       value: k8smon-$(CLUSTER_NAME)-$(NAMESPACE)-alloy-logs-$(NODE_NAME)
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1145,6 +1147,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1206,9 +1209,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1256,8 +1261,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1298,12 +1415,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1338,6 +1457,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1399,9 +1519,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1451,8 +1573,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1493,6 +1727,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1503,6 +1738,7 @@ spec:
       protocol: TCP
       targetPort: 14250
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1537,6 +1773,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1598,9 +1835,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1648,8 +1887,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/auth/oauth2/output.yaml b/charts/k8s-monitoring/docs/examples/auth/oauth2/output.yaml
index 7f31d44158..93960ed4fc 100644
--- a/charts/k8s-monitoring/docs/examples/auth/oauth2/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/auth/oauth2/output.yaml
@@ -2973,12 +2973,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3013,6 +3015,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3074,9 +3077,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3124,8 +3129,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3166,12 +3283,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3206,6 +3325,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3267,9 +3387,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3317,8 +3439,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3359,12 +3593,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3399,6 +3635,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3460,9 +3697,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3512,8 +3751,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml b/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml
index 9822ddfb52..df49cfe6bb 100644
--- a/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/auth/sigv4/output.yaml
@@ -1573,12 +1573,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1613,6 +1615,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1674,9 +1677,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1724,8 +1729,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml b/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml
index d99b2b223b..b03cccb988 100644
--- a/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/collector-storage/output.yaml
@@ -1798,12 +1798,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1840,6 +1842,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /var/lib/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1901,9 +1904,11 @@ spec:
     enableStatefulSetAutoDeletePVC: true
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1960,8 +1965,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2002,12 +2119,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2044,6 +2163,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /var/lib/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2105,9 +2225,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2161,8 +2283,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/destinations/custom/debug/output.yaml b/charts/k8s-monitoring/docs/examples/destinations/custom/debug/output.yaml
index 06eebfddc2..07474888ba 100644
--- a/charts/k8s-monitoring/docs/examples/destinations/custom/debug/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/destinations/custom/debug/output.yaml
@@ -1035,12 +1035,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1075,6 +1077,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: experimental
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1136,9 +1139,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1186,8 +1191,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1228,12 +1345,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1268,6 +1387,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1329,9 +1449,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1381,8 +1503,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/destinations/custom/kafka/output.yaml b/charts/k8s-monitoring/docs/examples/destinations/custom/kafka/output.yaml
index ebabcef7ad..8afbe34673 100644
--- a/charts/k8s-monitoring/docs/examples/destinations/custom/kafka/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/destinations/custom/kafka/output.yaml
@@ -424,12 +424,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -464,6 +466,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -525,9 +528,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -575,8 +580,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/destinations/loki-stdout/output.yaml b/charts/k8s-monitoring/docs/examples/destinations/loki-stdout/output.yaml
index 49f0d339c8..80ede5e6db 100644
--- a/charts/k8s-monitoring/docs/examples/destinations/loki-stdout/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/destinations/loki-stdout/output.yaml
@@ -584,12 +584,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -624,6 +626,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -685,9 +688,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -737,8 +742,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/destinations/otlp-endpoint/output.yaml b/charts/k8s-monitoring/docs/examples/destinations/otlp-endpoint/output.yaml
index be666115b0..8eb7aedef4 100644
--- a/charts/k8s-monitoring/docs/examples/destinations/otlp-endpoint/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/destinations/otlp-endpoint/output.yaml
@@ -2149,12 +2149,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2189,6 +2191,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2250,9 +2253,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2300,8 +2305,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2342,12 +2459,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2382,6 +2501,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2443,9 +2563,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2495,8 +2617,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/exclude-by-namespace/output.yaml b/charts/k8s-monitoring/docs/examples/exclude-by-namespace/output.yaml
index ab8555a531..7c77cc17c1 100644
--- a/charts/k8s-monitoring/docs/examples/exclude-by-namespace/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/exclude-by-namespace/output.yaml
@@ -4024,12 +4024,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4064,6 +4066,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4125,9 +4128,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4175,8 +4180,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4217,12 +4334,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4257,6 +4376,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4318,9 +4438,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4368,8 +4490,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4410,12 +4644,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4450,6 +4686,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4511,9 +4748,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4563,8 +4802,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4605,6 +4956,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -4615,6 +4967,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4649,6 +5002,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4710,9 +5064,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4760,8 +5116,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4802,12 +5270,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4845,6 +5315,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4906,9 +5377,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: true
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4958,8 +5431,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-profiles
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/extra-configuration/output.yaml b/charts/k8s-monitoring/docs/examples/extra-configuration/output.yaml
index 0c73d8c0bc..6351970c42 100644
--- a/charts/k8s-monitoring/docs/examples/extra-configuration/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/extra-configuration/output.yaml
@@ -372,12 +372,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -412,6 +414,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -473,9 +476,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -523,8 +528,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml b/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml
index d99bc9fc55..07edcec43a 100644
--- a/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/extra-rules/output.yaml
@@ -2026,6 +2026,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2034,6 +2035,7 @@ spec:
       value: northwest
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2068,6 +2070,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2129,9 +2132,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2179,8 +2184,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2221,6 +2338,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2229,6 +2347,7 @@ spec:
       value: northwest
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2263,6 +2382,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2324,9 +2444,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2374,8 +2496,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2416,6 +2650,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2426,6 +2661,7 @@ spec:
       value: blue
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2460,6 +2696,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2521,9 +2758,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2573,8 +2812,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml
index 67e4810bb7..ddc662e524 100644
--- a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/default/output.yaml
@@ -750,12 +750,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -790,6 +792,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -851,9 +854,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -901,8 +906,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml
index e80f213e2f..6d9fdb163a 100644
--- a/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/annotation-autodiscovery/prom-annotations/output.yaml
@@ -750,12 +750,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -790,6 +792,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -851,9 +854,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -901,8 +906,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/application-observability/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/application-observability/default/output.yaml
index 175d05e13a..9209ac641c 100644
--- a/charts/k8s-monitoring/docs/examples/features/application-observability/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/application-observability/default/output.yaml
@@ -673,6 +673,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -683,6 +684,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -717,6 +719,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -778,9 +781,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -828,8 +833,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/application-observability/tail-sampling/output.yaml b/charts/k8s-monitoring/docs/examples/features/application-observability/tail-sampling/output.yaml
index 9bf37d2195..f589728e15 100644
--- a/charts/k8s-monitoring/docs/examples/features/application-observability/tail-sampling/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/application-observability/tail-sampling/output.yaml
@@ -715,6 +715,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -725,6 +726,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -759,6 +761,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -820,9 +823,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -870,8 +875,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics-and-traces/output.yaml b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics-and-traces/output.yaml
index 11935818fe..1eb715fd33 100644
--- a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics-and-traces/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics-and-traces/output.yaml
@@ -1135,12 +1135,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1175,6 +1177,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1236,9 +1239,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1286,8 +1291,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1328,6 +1445,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1338,6 +1456,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1372,6 +1491,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1433,9 +1553,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1483,8 +1605,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics/output.yaml b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics/output.yaml
index 9320ccfbea..463a798f59 100644
--- a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/beyla-metrics/output.yaml
@@ -645,12 +645,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -685,6 +687,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -746,9 +749,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -796,8 +801,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/discovery-rules/output.yaml b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/discovery-rules/output.yaml
index a3edbc46db..d45f9395d1 100644
--- a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/discovery-rules/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/discovery-rules/output.yaml
@@ -646,12 +646,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -686,6 +688,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -747,9 +750,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -797,8 +802,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/span-metrics-only/output.yaml b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/span-metrics-only/output.yaml
index 86439ae0ef..d0d7ef9c07 100644
--- a/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/span-metrics-only/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/auto-instrumentation/span-metrics-only/output.yaml
@@ -930,12 +930,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -970,6 +972,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1031,9 +1034,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1081,8 +1086,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1123,6 +1240,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1133,6 +1251,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1167,6 +1286,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1228,9 +1348,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1278,8 +1400,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml
index c407e26325..a3caa8d699 100644
--- a/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/cluster-events/default/output.yaml
@@ -422,12 +422,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -462,6 +464,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -523,9 +526,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -573,8 +578,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml
index 550d01acf3..a3dd17c9b4 100644
--- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/control-plane-monitoring/output.yaml
@@ -2381,12 +2381,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2421,6 +2423,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2482,9 +2485,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2532,8 +2537,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2574,12 +2691,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2614,6 +2733,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2675,9 +2795,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2725,8 +2847,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2767,12 +3001,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2807,6 +3043,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2868,9 +3105,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2920,8 +3159,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml
index 7697750ba4..97688d82fa 100644
--- a/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/cluster-metrics/default/output.yaml
@@ -2138,12 +2138,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2178,6 +2180,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2239,9 +2242,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2289,8 +2294,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/database-observability/mysql/output.yaml b/charts/k8s-monitoring/docs/examples/features/database-observability/mysql/output.yaml
index 565a523b70..333030d981 100644
--- a/charts/k8s-monitoring/docs/examples/features/database-observability/mysql/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/database-observability/mysql/output.yaml
@@ -844,12 +844,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -884,6 +886,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: experimental
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -945,9 +948,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -995,8 +1000,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1037,12 +1154,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1077,6 +1196,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1138,9 +1258,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1190,8 +1312,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml
index a365ba23b7..50d84397e4 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/alloy/output.yaml
@@ -733,12 +733,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -773,6 +775,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -834,9 +837,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -884,8 +889,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml
index 36987d16d7..c8c74bcec9 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/cert-manager/output.yaml
@@ -535,12 +535,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -575,6 +577,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -636,9 +639,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -686,8 +691,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/dcgm-exporter/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/dcgm-exporter/output.yaml
index a6f1032fd2..661f95431c 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/dcgm-exporter/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/dcgm-exporter/output.yaml
@@ -660,12 +660,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -700,6 +702,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -761,9 +764,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -811,8 +816,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml
index c6a4435e89..69910798ad 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/etcd/output.yaml
@@ -535,12 +535,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -575,6 +577,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -636,9 +639,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -686,8 +691,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/grafana/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/grafana/output.yaml
index 0cf826139e..c0c333f89f 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/grafana/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/grafana/output.yaml
@@ -982,12 +982,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1022,6 +1024,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1083,9 +1086,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1133,8 +1138,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1175,12 +1292,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1215,6 +1334,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1276,9 +1396,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1328,8 +1450,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/loki/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/loki/output.yaml
index 1930bd4b57..71579e0775 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/loki/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/loki/output.yaml
@@ -1008,12 +1008,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1048,6 +1050,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1109,9 +1112,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1159,8 +1164,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1201,12 +1318,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1241,6 +1360,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1302,9 +1422,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1354,8 +1476,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mimir/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/mimir/output.yaml
index c92db7d55f..b7b91e37b9 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/mimir/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/mimir/output.yaml
@@ -1006,12 +1006,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1046,6 +1048,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1107,9 +1110,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1157,8 +1162,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1199,12 +1316,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1239,6 +1358,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1300,9 +1420,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1352,8 +1474,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/multiple/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/multiple/output.yaml
index 7fbeb64629..5bf6551fed 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/multiple/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/multiple/output.yaml
@@ -919,12 +919,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -959,6 +961,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1020,9 +1023,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1070,8 +1075,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1112,12 +1229,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1152,6 +1271,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1213,9 +1333,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1265,8 +1387,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml
index 5f680a871d..8fa783bfc4 100644
--- a/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/integrations/mysql/output.yaml
@@ -862,12 +862,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -902,6 +904,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -963,9 +966,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1013,8 +1018,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1055,12 +1172,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1095,6 +1214,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1156,9 +1276,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1208,8 +1330,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/README.md b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/README.md
new file mode 100644
index 0000000000..f0ab88fc96
--- /dev/null
+++ b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/README.md
@@ -0,0 +1,42 @@
+<!--
+(NOTE: Do not edit README.md directly. It is a generated file!)
+(      To make changes, please modify values.yaml or description.txt and run `make examples`)
+-->
+# Node Logs
+
+This example demonstrates how to gather logs from the Nodes in your Kubernetes cluster. It currently gathers logs from
+the journald services on the node and requires a HostPath volume mount to `/var/log/journal`.
+
+## Values
+
+<!-- textlint-disable terminology -->
+```yaml
+---
+cluster:
+  name: kubernetes-manifest-cluster
+
+destinations:
+  - name: loki
+    type: loki
+    url: http://loki.loki.svc:3100/loki/api/v1/push
+    tenantId: "1"
+    auth:
+      type: basic
+      username: loki
+      password: lokipassword
+
+kubernetesManifests:
+  enabled: true
+  namespaces: [default]
+  kinds:
+    pods:
+      gather: true
+
+alloy-singleton:
+  enabled: true
+  liveDebugging:
+    enabled: true
+  alloy:
+    stabilityLevel: public-preview
+```
+<!-- textlint-enable terminology -->
diff --git a/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/alloy-singleton.alloy b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/alloy-singleton.alloy
new file mode 100644
index 0000000000..01c04ee2de
--- /dev/null
+++ b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/alloy-singleton.alloy
@@ -0,0 +1,110 @@
+// Feature: Kubernetes Manifests
+declare "kubernetes_manifests" {
+  argument "logs_destinations" {
+    comment = "Must be a list of log destinations where collected logs should be forwarded to"
+  }
+
+
+  otelcol.receiver.filelog "pod_manifests" {
+    include = ["/var/kubernetes-manifests/pods/*/*.json"]
+    include_file_path_resolved = true
+    start_at = "beginning"
+    delete_after_read = true
+
+    output {
+      logs = [otelcol.processor.transform.pod_manifests.input]
+    }
+  }
+
+  otelcol.processor.transform "pod_manifests" {
+    error_mode = "ignore"
+
+    log_statements {
+      context = "log"
+      statements = [
+        `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/pods/(?P<namespace>[^/]+)/(?P<pod>[^.]+)\\.json$"), "upsert")`,
+        `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+        `set(resource.attributes["k8s.pod.name"], attributes["pod"])`,
+        `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+        `set(resource.attributes["service.namespace"], "default")`,
+      ]
+    }
+
+    output {
+      logs = [otelcol.processor.k8sattributes.pod_manifests.input]
+    }
+  }
+
+  otelcol.processor.k8sattributes "pod_manifests" {
+    pod_association {
+      source {
+        from = "resource_attribute"
+        name = "k8s.pod.name"
+      }
+      source {
+        from = "resource_attribute"
+        name = "k8s.namespace.name"
+      }
+    }
+
+    extract {
+      metadata = [
+        "k8s.cronjob.name",
+        "k8s.daemonset.name",
+        "k8s.deployment.name",
+        "k8s.job.name",
+        "k8s.node.name",
+        "k8s.pod.start_time",
+        "k8s.replicaset.name",
+        "k8s.statefulset.name",
+      ]
+    }
+
+    output {
+      logs = argument.logs_destinations.value
+    }
+  }
+}
+kubernetes_manifests "feature" {
+  logs_destinations = [
+    otelcol.exporter.loki.loki.input,
+  ]
+}
+
+livedebugging {
+  enabled = true
+}
+
+
+// Destination: loki (loki)
+otelcol.exporter.loki "loki" {
+  forward_to = [loki.write.loki.receiver]
+}
+
+loki.write "loki" {
+  endpoint {
+    url = "http://loki.loki.svc:3100/loki/api/v1/push"
+    retry_on_http_429 = true
+    tenant_id = convert.nonsensitive(remote.kubernetes.secret.loki.data["tenantId"])
+    basic_auth {
+      username = convert.nonsensitive(remote.kubernetes.secret.loki.data["username"])
+      password = remote.kubernetes.secret.loki.data["password"]
+    }
+    tls_config {
+      insecure_skip_verify = false
+    }
+    min_backoff_period = "500ms"
+    max_backoff_period = "5m"
+    max_backoff_retries = "10"
+  }
+  external_labels = {
+    "cluster" = "kubernetes-manifest-cluster",
+    "k8s_cluster_name" = "kubernetes-manifest-cluster",
+  }
+}
+
+remote.kubernetes.secret "loki" {
+  name      = "loki-k8smon-k8s-monitoring"
+  namespace = "default"
+}
+
diff --git a/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/description.txt b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/description.txt
new file mode 100644
index 0000000000..9b0b7a0ff4
--- /dev/null
+++ b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/description.txt
@@ -0,0 +1,4 @@
+# Node Logs
+
+This example demonstrates how to gather logs from the Nodes in your Kubernetes cluster. It currently gathers logs from
+the journald services on the node and requires a HostPath volume mount to `/var/log/journal`.
diff --git a/charts/k8s-monitoring/docs/examples/custom-destinations/debug/output.yaml b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/output.yaml
similarity index 54%
rename from charts/k8s-monitoring/docs/examples/custom-destinations/debug/output.yaml
rename to charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/output.yaml
index 53c6298852..b8f2c7d2fb 100644
--- a/charts/k8s-monitoring/docs/examples/custom-destinations/debug/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/output.yaml
@@ -6,443 +6,346 @@ metadata:
   name: k8smon-alloy-operator
   namespace: default
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 automountServiceAccountToken: true
 ---
+# Source: k8s-monitoring/templates/destination_secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "loki-k8smon-k8s-monitoring"
+  namespace: "default"
+type: Opaque
+data:
+  tenantId: "MQ=="
+  username: "bG9raQ=="
+  password: "bG9raXBhc3N3b3Jk"
+---
 # Source: k8s-monitoring/templates/alloy-config.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: k8smon-alloy-metrics
+  name: k8smon-alloy-singleton
   namespace: default
 data:
   config.alloy: |
-    // Feature: Annotation Autodiscovery
-    declare "annotation_autodiscovery" {
-      argument "metrics_destinations" {
-        comment = "Must be a list of metric destinations where collected metrics should be forwarded to"
+    // Feature: Kubernetes Manifests
+    declare "kubernetes_manifests" {
+      argument "logs_destinations" {
+        comment = "Must be a list of log destinations where collected logs should be forwarded to"
       }
     
-      discovery.kubernetes "pods" {
-        role = "pod"
-      }
     
-      discovery.relabel "annotation_autodiscovery_pods" {
-        targets = discovery.kubernetes.pods.targets
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_scrape"]
-          regex = "true"
-          action = "keep"
+      otelcol.receiver.filelog "pod_manifests" {
+        include = ["/var/kubernetes-manifests/pods/*/*.json"]
+        include_file_path_resolved = true
+        start_at = "beginning"
+        delete_after_read = true
+    
+        output {
+          logs = [otelcol.processor.transform.pod_manifests.input]
         }
-        // Only keep pods that are running, ready, and not init containers.
-        rule {
-          source_labels = [
-            "__meta_kubernetes_pod_phase",
-            "__meta_kubernetes_pod_ready",
-            "__meta_kubernetes_pod_container_init",
+      }
+    
+      otelcol.processor.transform "pod_manifests" {
+        error_mode = "ignore"
+    
+        log_statements {
+          context = "log"
+          statements = [
+            `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/pods/(?P<namespace>[^/]+)/(?P<pod>[^.]+)\\.json$"), "upsert")`,
+            `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+            `set(resource.attributes["k8s.pod.name"], attributes["pod"])`,
+            `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+            `set(resource.attributes["service.namespace"], "default")`,
           ]
-          regex = "Running;true;false"
-          action = "keep"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_name"]
-          target_label = "pod"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_container_name"]
-          target_label = "container"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_namespace"]
-          target_label = "namespace"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_job"]
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["job", "__meta_kubernetes_pod_label_app_kubernetes_io_name"]
-          regex = ";(.+)"
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["job", "__meta_kubernetes_pod_label_app"]
-          regex = ";(.+)"
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["job", "container"]
-          regex = ";(.+)"
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_instance"]
-          target_label = "instance"
         }
     
-        // Rules to choose the right container
-        rule {
-          source_labels = ["container"]
-          target_label = "__tmp_container"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_container"]
-          regex = "(.+)"
-          target_label = "__tmp_container"
-        }
-        rule {
-          source_labels = ["container"]
-          action = "keepequal"
-          target_label = "__tmp_container"
-        }
-        rule {
-          action = "labeldrop"
-          regex = "__tmp_container"
+        output {
+          logs = [otelcol.processor.k8sattributes.pod_manifests.input]
         }
+      }
     
-        // Set metrics path
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_path"]
-          regex = "(.+)"
-          target_label = "__metrics_path__"
+      otelcol.processor.k8sattributes "pod_manifests" {
+        pod_association {
+          source {
+            from = "resource_attribute"
+            name = "k8s.pod.name"
+          }
+          source {
+            from = "resource_attribute"
+            name = "k8s.namespace.name"
+          }
         }
     
-        // Set metrics scraping URL parameters
-        rule {
-          action = "labelmap"
-          regex = "__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_param_(.+)"
-          replacement = "__param_$1"
+        extract {
+          metadata = [
+            "k8s.cronjob.name",
+            "k8s.daemonset.name",
+            "k8s.deployment.name",
+            "k8s.job.name",
+            "k8s.node.name",
+            "k8s.pod.start_time",
+            "k8s.replicaset.name",
+            "k8s.statefulset.name",
+          ]
         }
     
-        // Choose the pod port
-        // The discovery generates a target for each declared container port of the pod.
-        // If the metricsPortName annotation has value, keep only the target where the port name matches the one of the annotation.
-        rule {
-          source_labels = ["__meta_kubernetes_pod_container_port_name"]
-          target_label = "__tmp_port"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_portName"]
-          regex = "(.+)"
-          target_label = "__tmp_port"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_container_port_name"]
-          action = "keepequal"
-          target_label = "__tmp_port"
-        }
-        rule {
-          action = "labeldrop"
-          regex = "__tmp_port"
+        output {
+          logs = argument.logs_destinations.value
         }
+      }
+    }
+    kubernetes_manifests "feature" {
+      logs_destinations = [
+        otelcol.exporter.loki.loki.input,
+      ]
+    }
     
-        // If the metrics port number annotation has a value, override the target address to use it, regardless whether it is
-        // one of the declared ports on that Pod.
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_portNumber", "__meta_kubernetes_pod_ip"]
-          regex = "(\\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})"
-          replacement = "[$2]:$1" // IPv6
-          target_label = "__address__"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_portNumber", "__meta_kubernetes_pod_ip"]
-          regex = "(\\d+);((([0-9]+?)(\\.|$)){4})" // IPv4, takes priority over IPv6 when both exists
-          replacement = "$2:$1"
-          target_label = "__address__"
-        }
+    livedebugging {
+      enabled = true
+    }
     
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_scheme"]
-          regex = "(.+)"
-          target_label = "__scheme__"
-        }
     
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_scrapeInterval"]
-          regex = "(.+)"
-          target_label = "__scrape_interval__"
-        }
-        rule {
-          source_labels = ["__scrape_interval__"]
-          regex = ""
-          replacement = "60s"
-          target_label = "__scrape_interval__"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_pod_annotation_k8s_grafana_com_metrics_scrapeTimeout"]
-          regex = "(.+)"
-          target_label = "__scrape_timeout__"
+    // Destination: loki (loki)
+    otelcol.exporter.loki "loki" {
+      forward_to = [loki.write.loki.receiver]
+    }
+    
+    loki.write "loki" {
+      endpoint {
+        url = "http://loki.loki.svc:3100/loki/api/v1/push"
+        retry_on_http_429 = true
+        tenant_id = convert.nonsensitive(remote.kubernetes.secret.loki.data["tenantId"])
+        basic_auth {
+          username = convert.nonsensitive(remote.kubernetes.secret.loki.data["username"])
+          password = remote.kubernetes.secret.loki.data["password"]
         }
-        rule {
-          source_labels = ["__scrape_timeout__"]
-          regex = ""
-          replacement = "10s"
-          target_label = "__scrape_timeout__"
+        tls_config {
+          insecure_skip_verify = false
         }
+        min_backoff_period = "500ms"
+        max_backoff_period = "5m"
+        max_backoff_retries = "10"
       }
-    
-      discovery.kubernetes "services" {
-        role = "service"
+      external_labels = {
+        "cluster" = "kubernetes-manifest-cluster",
+        "k8s_cluster_name" = "kubernetes-manifest-cluster",
       }
+    }
     
-      discovery.relabel "annotation_autodiscovery_services" {
-        targets = discovery.kubernetes.services.targets
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_scrape"]
-          regex = "true"
-          action = "keep"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_name"]
-          target_label = "service"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_namespace"]
-          target_label = "namespace"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_job"]
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["job", "__meta_kubernetes_service_label_app_kubernetes_io_name"]
-          regex = ";(.+)"
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["job", "__meta_kubernetes_service_label_app"]
-          regex = ";(.+)"
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["job", "service"]
-          regex = ";(.+)"
-          target_label = "job"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_instance"]
-          target_label = "instance"
-        }
+    remote.kubernetes.secret "loki" {
+      name      = "loki-k8smon-k8s-monitoring"
+      namespace = "default"
+    }
+  collect-manifests.sh: |
+    #!/bin/bash
+    set -o pipefail
     
-        // Set metrics path
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_path"]
-          target_label = "__metrics_path__"
-        }
+    script_name="${0##*/}"
+    if [[ "${script_name}" == "bash" || "${script_name}" == "-bash" ]]; then
+      script_name="script.sh"
+    fi
     
-        // Set metrics scraping URL parameters
-        rule {
-          action = "labelmap"
-          regex = "__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_param_(.+)"
-          replacement = "__param_$1"
-        }
+    DefaultWatchTimeout=30s
+    ManifestRequestThrottling=0.1s
+    WatchRestartDelay=5
     
-        // Choose the service port
-        rule {
-          source_labels = ["__meta_kubernetes_service_port_name"]
-          target_label = "__tmp_port"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_portName"]
-          regex = "(.+)"
-          target_label = "__tmp_port"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_port_name"]
-          action = "keepequal"
-          target_label = "__tmp_port"
-        }
+    usage() {
+      echo "Usage: ${script_name} [OPTIONS]"
+      echo ""
+      echo "Collects Kubernetes manifests and saves them as files."
+      echo ""
+      echo "Resource manifests are stored at \${MANIFEST_DIR}/<kind>/<namespace>/<name>.json"
+      echo ""
+      echo "Requires the MANIFEST_DIR environment variable to be set to the target directory."
+      echo ""
+      echo "Options:"
+      echo "  -k, --kind <kind>        Kubernetes resource kind passed to \"kubectl get\"."
+      echo "                           Default: pods"
+      echo "  -n, --namespace <name>   Namespace to scan. When omitted, all namespaces"
+      echo "                           are scanned."
+      echo "  -f, --filters <list>     Comma or space separated list of jq selectors to drop"
+      echo "                           from the resource JSON. Default: \".status\""
+      echo "  --watch-timeout <time>   How long to keep a watch open before restarting."
+      echo "                           Default: ${DefaultWatchTimeout}s."
+      echo "  -h, --help               Show this help message."
+    }
     
-        rule {
-          source_labels = ["__meta_kubernetes_service_port_number"]
-          target_label = "__tmp_port"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_portNumber"]
-          regex = "(.+)"
-          target_label = "__tmp_port"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_port_number"]
-          action = "keepequal"
-          target_label = "__tmp_port"
-        }
-        rule {
-          action = "labeldrop"
-          regex = "__tmp_port"
-        }
+    kind="pods"
+    kindDir="pods"
+    namespace=""
+    filters=(".status")
+    watchTimeout="${DefaultWatchTimeout}"
     
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_scheme"]
-          regex = "(.+)"
-          target_label = "__scheme__"
-        }
+    while [[ $# -gt 0 ]]; do
+      case "$1" in
+        -k|--kind)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --kind requires an argument." >&2
+            usage
+            exit 1
+          fi
+          kind="$2"
+          kindDir="${kind,,}"  # Forces lowercase
+          kindDir="${kindDir//[^a-z0-9._-]/_}"  # Replace special characters with _
+          shift 2
+          ;;
+        -n|--namespace)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --namespace requires an argument." >&2
+            usage
+            exit 1
+          fi
+          namespace="$2"
+          shift 2
+          ;;
+        -f|--filters)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --filters requires an argument." >&2
+            usage
+            exit 1
+          fi
     
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_scrapeInterval"]
-          regex = "(.+)"
-          target_label = "__scrape_interval__"
-        }
-        rule {
-          source_labels = ["__scrape_interval__"]
-          regex = ""
-          replacement = "60s"
-          target_label = "__scrape_interval__"
-        }
-        rule {
-          source_labels = ["__meta_kubernetes_service_annotation_k8s_grafana_com_metrics_scrapeTimeout"]
-          regex = "(.+)"
-          target_label = "__scrape_timeout__"
-        }
-        rule {
-          source_labels = ["__scrape_timeout__"]
-          regex = ""
-          replacement = "10s"
-          target_label = "__scrape_timeout__"
-        }
-      }
+          filters=()
+          sanitized="${2//$'\n'/ }"
+          sanitized="${sanitized//,/ }"
+          read -ra parsedFilters <<< "${sanitized}"
+          for filter in "${parsedFilters[@]}"; do
+            [[ -n "${filter}" ]] || continue
+            filters+=("${filter}")
+          done
+          jqFilters="$(build_jq_filter "${filters[@]}")"
     
-      discovery.relabel "annotation_autodiscovery_http" {
-        targets = array.concat(discovery.relabel.annotation_autodiscovery_pods.output, discovery.relabel.annotation_autodiscovery_services.output)
-        rule {
-          source_labels = ["__scheme__"]
-          regex = "https"
-          action = "drop"
-        }
-      }
+          shift 2
+          ;;
+        --watch-timeout)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --watch-timeout requires an argument." >&2
+            usage
+            exit 1
+          fi
+          watchTimeout="$2"
+          shift 2
+          ;;
+        -h|--help)
+          usage
+          exit 0
+          ;;
+        *)
+          echo "Unknown option: $1" >&2
+          usage
+          exit 1
+          ;;
+      esac
+    done
     
-      discovery.relabel "annotation_autodiscovery_https" {
-        targets = array.concat(discovery.relabel.annotation_autodiscovery_pods.output, discovery.relabel.annotation_autodiscovery_services.output)
-        rule {
-          source_labels = ["__scheme__"]
-          regex = "https"
-          action = "keep"
-        }
-      }
+    if [[ -z "${MANIFEST_DIR:-}" ]]; then
+      echo "Error: MANIFEST_DIR environment variable must be set." >&2
+      exit 1
+    fi
     
-      prometheus.scrape "annotation_autodiscovery_http" {
-        targets = discovery.relabel.annotation_autodiscovery_http.output
-        honor_labels = true
-        bearer_token_file = "/var/run/secrets/kubernetes.io/serviceaccount/token"
-        scrape_protocols = ["OpenMetricsText1.0.0","OpenMetricsText0.0.1","PrometheusText0.0.4"]
-        scrape_classic_histograms = false
-        scrape_native_histograms = false
-        clustering {
-          enabled = true
-        }
+    mkdir -p "${MANIFEST_DIR}"
     
-        forward_to = [prometheus.relabel.annotation_autodiscovery.receiver]
-      }
+    build_jq_filter() {
+      local program="."
+      for filter in "$@"; do
+        [[ -n "${filter}" ]] || continue
+        program+=" | del(${filter})"
+      done
+      printf '%s' "${program}"
+    }
     
-      prometheus.scrape "annotation_autodiscovery_https" {
-        targets = discovery.relabel.annotation_autodiscovery_https.output
-        honor_labels = true
-        bearer_token_file = "/var/run/secrets/kubernetes.io/serviceaccount/token"
-        tls_config {
-          insecure_skip_verify = true
-        }
-        scrape_protocols = ["OpenMetricsText1.0.0","OpenMetricsText0.0.1","PrometheusText0.0.4"]
-        scrape_classic_histograms = false
-        scrape_native_histograms = false
-        clustering {
-          enabled = true
-        }
+    jqFilters="$(build_jq_filter "${filters[@]}")"
     
-        forward_to = [prometheus.relabel.annotation_autodiscovery.receiver]
-      }
+    collect_manifest() {
+      local namespace="$1"
+      local resourceName="$2"
     
-      prometheus.relabel "annotation_autodiscovery" {
-        max_cache_size = 100000
-        rule {
-          source_labels = ["__name__"]
-          regex = "up|scrape_samples_scraped|alloy_build_info"
-          action = "keep"
-        }
-        rule {
-          action = "labeldrop"
-          regex = "temp_source"
-        }
-        forward_to = argument.metrics_destinations.value
-      }
-    }
-    annotation_autodiscovery "feature" {
-      metrics_destinations = [
-        otelcol.receiver.prometheus.debug.receiver,
-      ]
-    }
-    // Self Reporting
-    prometheus.exporter.unix "kubernetes_monitoring_telemetry" {
-      set_collectors = ["textfile"]
-      textfile {
-        directory = "/etc/alloy"
-      }
-    }
+      [[ -n "${namespace}" && -n "${resourceName}" ]] || return 0
     
-    discovery.relabel "kubernetes_monitoring_telemetry" {
-      targets = prometheus.exporter.unix.kubernetes_monitoring_telemetry.targets
-      rule {
-        target_label = "instance"
-        action = "replace"
-        replacement = "k8smon"
-      }
-      rule {
-        target_label = "job"
-        action = "replace"
-        replacement = "integrations/kubernetes/kubernetes_monitoring_telemetry"
-      }
-    }
+      local namespaceDir="${MANIFEST_DIR}/${kindDir}/${namespace}"
+      mkdir -p "${namespaceDir}"
     
-    prometheus.scrape "kubernetes_monitoring_telemetry" {
-      job_name   = "integrations/kubernetes/kubernetes_monitoring_telemetry"
-      targets    = discovery.relabel.kubernetes_monitoring_telemetry.output
-      scrape_interval = "60s"
-      clustering {
-        enabled = true
-      }
-      forward_to = [prometheus.relabel.kubernetes_monitoring_telemetry.receiver]
-    }
+      local outputFile="${namespaceDir}/${resourceName}.json"
+      local tmpFile="${outputFile}.tmp"
     
-    prometheus.relabel "kubernetes_monitoring_telemetry" {
-      rule {
-        source_labels = ["__name__"]
-        regex = "grafana_kubernetes_monitoring_.*"
-        action = "keep"
-      }
-      forward_to = [
-        otelcol.receiver.prometheus.debug.receiver,
-      ]
+      if kubectl get "${kind}" --namespace "${namespace}" "${resourceName}" -o json \
+        | jq --compact-output "${jqFilters}" > "${tmpFile}"; then
+        if [[ ! -f "${outputFile}" ]] || ! cmp -s "${tmpFile}" "${outputFile}"; then
+          echo "[INFO] ${kind}: Saving manifest for \"${namespace}/${resourceName}\""
+          mv "${tmpFile}" "${outputFile}"
+        else
+          echo "[DEBUG] ${kind}: No changes to manifest for \"${namespace}/${resourceName}\""
+          rm -f "${tmpFile}"
+        fi
+      else
+        echo "[ERROR] ${kind}: Failed to collect manifest for ${kind} ${namespace}/${resourceName}" >&2
+        rm -f "${tmpFile}"
+      fi
     }
     
+    remove_manifest() {
+      local namespace="$1"
+      local resourceName="$2"
     
+      [[ -n "${namespace}" && -n "${resourceName}" ]] || return
     
-    
-    // Destination: debug (custom)
-    otelcol.receiver.prometheus "debug" {
-      output {
-        metrics = [otelcol.exporter.debug.default.input]
-      }
+      local outputFile="${MANIFEST_DIR}/${kindDir}/${namespace}/${resourceName}.json"
+      if [[ -f "${outputFile}" ]]; then
+        rm -f "${outputFile}"
+        echo "[INFO] ${kind}: Removed manifest for \"${namespace}/${resourceName}\""
+      fi
     }
-    otelcol.receiver.loki "debug" {
-      output {
-        logs = [otelcol.exporter.debug.default.input]
-      }
+    
+    handle_watch_event() {
+      local eventType="$1"
+      local namespace="$2"
+      local resourceName="$3"
+    
+      [[ -n "${eventType}" && -n "${namespace}" && -n "${resourceName}" ]] || return
+    
+      echo "[DEBUG] ${kind}: ${eventType} event for ${namespace}/${resourceName}"
+      case "${eventType}" in
+        ADDED|MODIFIED)
+          collect_manifest "${namespace}" "${resourceName}"
+          ;;
+        DELETED)
+          remove_manifest "${namespace}" "${resourceName}"
+          ;;
+        *)
+          ;;
+      esac
     }
     
-    otelcol.exporter.debug "default" {
-      verbosity = "detailed"
+    watch_resources() {
+      local kubectlArgs=()
+      if [[ -n "${namespace}" ]]; then
+        kubectlArgs=(--namespace "${namespace}")
+        echo "[INFO] ${kind}: Watching namespace ${namespace}"
+      else
+        kubectlArgs=(--all-namespaces)
+        echo "[INFO] ${kind}: Watching all namespaces"
+      fi
+    
+      while true; do
+        if ! timeout --foreground "${watchTimeout}" kubectl get "${kind}" "${kubectlArgs[@]}" --watch --output-watch-events -o json \
+          | jq --unbuffered -r 'select(.object.metadata.namespace != null and .object.metadata.name != null and .type != null) | "\(.type) \(.object.metadata.namespace) \(.object.metadata.name)"' \
+          | while read -r eventType namespace resourceName; do
+              handle_watch_event "${eventType}" "${namespace}" "${resourceName}"
+              sleep "${ManifestRequestThrottling}"  # Throttle the requests
+            done; then
+          echo "[WARN] ${kind}: Watch ended. Restarting in ${WatchRestartDelay} seconds." >&2
+          sleep "${WatchRestartDelay}"
+        fi
+      done
     }
-  self-reporting-metric.prom: |
-    # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart
-    # TYPE grafana_kubernetes_monitoring_build_info gauge
-    grafana_kubernetes_monitoring_build_info{version="3.6.0", namespace="default"} 1
-    # HELP grafana_kubernetes_monitoring_feature_info A metric to report the enabled features of the Kubernetes Monitoring Helm chart
-    # TYPE grafana_kubernetes_monitoring_feature_info gauge
-    grafana_kubernetes_monitoring_feature_info{feature="annotationAutodiscovery", version="1.0.0"} 1
-    # EOF
+    
+    watch_resources
 ---
 # Source: k8s-monitoring/charts/alloy-operator/templates/rbac/alloy-manager.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -450,10 +353,10 @@ kind: ClusterRole
 metadata:
   name: k8smon-alloy-operator-alloy-manager
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -508,10 +411,10 @@ kind: ClusterRoleBinding
 metadata:
   name: k8smon-alloy-operator-alloy-manager
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -528,10 +431,10 @@ kind: ClusterRoleBinding
 metadata:
   name: k8smon-alloy-operator
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -549,10 +452,10 @@ metadata:
   name: k8smon-alloy-operator-leader-election-role
   namespace: default
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -587,6 +490,22 @@ rules:
       - create
       - patch
 ---
+# Source: k8s-monitoring/templates/kubernetes-manifest-rules.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: k8smon-alloy-singleton-kubernetes-manifests
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+---
 # Source: k8s-monitoring/charts/alloy-operator/templates/rbac/leader-election.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -594,10 +513,10 @@ metadata:
   name: k8smon-alloy-operator-leader-election-rolebinding
   namespace: default
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -608,6 +527,21 @@ subjects:
     name: k8smon-alloy-operator
     namespace: default
 ---
+# Source: k8s-monitoring/templates/kubernetes-manifest-rules.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: k8smon-alloy-singleton-kubernetes-manifests
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: k8smon-alloy-singleton-kubernetes-manifests
+subjects:
+  - kind: ServiceAccount
+    name: k8smon-alloy-singleton
+    namespace: default
+---
 # Source: k8s-monitoring/charts/alloy-operator/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -615,10 +549,10 @@ metadata:
   name: k8smon-alloy-operator
   namespace: default
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 spec:
   type: ClusterIP
@@ -642,10 +576,10 @@ metadata:
   name: k8smon-alloy-operator
   namespace: default
   labels:
-    helm.sh/chart: alloy-operator-0.3.12
+    helm.sh/chart: alloy-operator-0.3.14
     app.kubernetes.io/name: alloy-operator
     app.kubernetes.io/instance: k8smon
-    app.kubernetes.io/version: "1.4.0"
+    app.kubernetes.io/version: "1.5.0"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -656,10 +590,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: alloy-operator-0.3.12
+        helm.sh/chart: alloy-operator-0.3.14
         app.kubernetes.io/name: alloy-operator
         app.kubernetes.io/instance: k8smon
-        app.kubernetes.io/version: "1.4.0"
+        app.kubernetes.io/version: "1.5.0"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: k8smon-alloy-operator
@@ -672,7 +606,7 @@ spec:
           type: RuntimeDefault
       containers:
         - name: alloy-operator
-          image: "ghcr.io/grafana/alloy-operator:1.4.0"
+          image: "ghcr.io/grafana/alloy-operator:1.5.0"
           imagePullPolicy: IfNotPresent
           args:
             - --health-probe-bind-address=:8081
@@ -715,27 +649,29 @@ spec:
 apiVersion: collectors.grafana.com/v1alpha1
 kind: Alloy
 metadata:
-  name: k8smon-alloy-metrics
+  name: k8smon-alloy-singleton
   namespace: default
   annotations:
     helm.sdk.operatorframework.io/uninstall-wait: "true"
 spec:
   alloy:
     clustering:
-      enabled: true
-      name: alloy-metrics
+      enabled: false
+      name: ""
       portName: http
     configMap:
       content: ""
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -743,7 +679,10 @@ spec:
     livenessProbe: {}
     mounts:
       dockercontainers: false
-      extra: []
+      extra:
+      - mountPath: /var/kubernetes-manifests
+        name: kubernetes-manifests
+        readOnly: false
       varlog: false
     resources: {}
     securityContext:
@@ -768,8 +707,9 @@ spec:
         - ALL
       seccompProfile:
         type: RuntimeDefault
-    stabilityLevel: experimental
+    stabilityLevel: public-preview
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -830,17 +770,39 @@ spec:
     dnsPolicy: ClusterFirst
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
-    extraContainers: []
+    extraContainers:
+    - command:
+      - /bin/bash
+      - -c
+      - |
+        set -euo pipefail
+        pids=()
+        bash /etc/alloy/collect-manifests.sh --kind pods --namespace "default" --watch-timeout "1d" &
+        pids+=("$!")
+        trap 'for pid in "${pids[@]}"; do kill "${pid}" 2>/dev/null || true; done' EXIT
+        wait -n "${pids[@]}"
+      env:
+      - name: MANIFEST_DIR
+        value: /var/kubernetes-manifests
+      image: ghcr.io/grafana/helm-chart-toolbox-kubectl:0.1.3
+      imagePullPolicy: IfNotPresent
+      name: kubernetes-manifest-collector
+      volumeMounts:
+      - mountPath: /etc/alloy
+        name: config
+      - mountPath: /var/kubernetes-manifests
+        name: kubernetes-manifests
+        readOnly: false
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
     podAnnotations:
       k8s.grafana.com/logs.job: integrations/alloy
-      k8s.grafana.com/metrics.container: alloy
-      k8s.grafana.com/scrape: "true"
     podDisruptionBudget:
       enabled: false
       maxUnavailable: null
@@ -851,11 +813,14 @@ spec:
     terminationGracePeriodSeconds: null
     tolerations: []
     topologySpreadConstraints: []
-    type: statefulset
+    type: deployment
     updateStrategy: {}
     volumeClaimTemplates: []
     volumes:
-      extra: []
+      extra:
+      - emptyDir:
+          medium: Memory
+        name: kubernetes-manifests
   crds:
     create: false
   extraObjects: []
@@ -882,9 +847,121 @@ spec:
     path: /
     pathType: Prefix
     tls: []
-  nameOverride: alloy-metrics
+  nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1005,7 +1082,7 @@ metadata:
   labels:
     app.kubernetes.io/name: k8smon-k8s-monitoring-add-finalizer
     app.kubernetes.io/instance: k8smon
-    helm.sh/chart: k8s-monitoring-3.6.0
+    helm.sh/chart: k8s-monitoring-3.6.2
   annotations:
     helm.sh/hook: post-install,post-upgrade
     helm.sh/hook-weight: "15"
@@ -1058,7 +1135,7 @@ metadata:
   labels:
     app.kubernetes.io/name: k8smon-k8s-monitoring-remove-alloy-and-finalizer
     app.kubernetes.io/instance: k8smon
-    helm.sh/chart: k8s-monitoring-3.6.0
+    helm.sh/chart: k8s-monitoring-3.6.2
   annotations:
     helm.sh/hook: pre-delete
     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
@@ -1086,9 +1163,9 @@ spec:
             - /bin/bash
             - -ce
             - |
-              echo "Deleting Alloy instance: alloy/k8smon-alloy-metrics..."
-              kubectl delete alloy/k8smon-alloy-metrics --ignore-not-found=true --wait
-              kubectl wait --for=delete alloy/k8smon-alloy-metrics --timeout=60s || echo "Timed out waiting for deletion of alloy/k8smon-alloy-metrics or it may not exist."
+              echo "Deleting Alloy instance: alloy/k8smon-alloy-singleton..."
+              kubectl delete alloy/k8smon-alloy-singleton --ignore-not-found=true --wait
+              kubectl wait --for=delete alloy/k8smon-alloy-singleton --timeout=60s || echo "Timed out waiting for deletion of alloy/k8smon-alloy-singleton or it may not exist."
 
               kubectl patch \
                 --namespace=default \
diff --git a/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/test/test-plan.yaml b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/test/test-plan.yaml
new file mode 100644
index 0000000000..777794a144
--- /dev/null
+++ b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/test/test-plan.yaml
@@ -0,0 +1,51 @@
+---
+# yamllint disable rule:line-length
+apiVersion: helm-chart-toolbox.grafana.com/v1
+kind: TestPlan
+name: kubernetes-manifests
+
+subject:
+  releaseName: k8smon
+  path: ../../../../../../
+  valuesFile: ../values.yaml
+
+cluster:
+  type: kind
+
+dependencies:
+  - preset: test-parameters
+    namespace: toolbox
+  - preset: loki
+  - preset: grafana
+    overrides:
+      datasources:
+        datasources.yaml:
+          apiVersion: 1
+          datasources:
+            - name: Loki
+              type: loki
+              url: http://loki-gateway.loki.svc:8080
+              isDefault: true
+              basicAuth: true
+              basicAuthUser: loki
+              jsonData:
+                httpHeaderName1: X-Scope-OrgID
+              secureJsonData:
+                basicAuthPassword: lokipassword
+                httpHeaderValue1: "1"
+
+tests:
+  - type: query-test
+    values:
+      tests:
+        - env:
+            LOKI_URL: http://loki.loki.svc:3100/loki/api/v1/query
+            LOKI_TENANTID: 1
+            LOKI_USER: loki
+            LOKI_PASS: lokipassword
+          envFrom:
+            - configMapRef: {name: test-parameters}
+          queries:
+            # Pod logs
+            - query: count_over_time({cluster="kubernetes-manifest-cluster", service_name="default/k8s.grafana.com/manifest-collector"}[1h] | json | resources_k8s_deployment_name="k8smon-alloy-operator")
+              type: logql
diff --git a/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/values.yaml b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/values.yaml
new file mode 100644
index 0000000000..9b11c6a688
--- /dev/null
+++ b/charts/k8s-monitoring/docs/examples/features/kubernetes-manifests/default/values.yaml
@@ -0,0 +1,27 @@
+---
+cluster:
+  name: kubernetes-manifest-cluster
+
+destinations:
+  - name: loki
+    type: loki
+    url: http://loki.loki.svc:3100/loki/api/v1/push
+    tenantId: "1"
+    auth:
+      type: basic
+      username: loki
+      password: lokipassword
+
+kubernetesManifests:
+  enabled: true
+  namespaces: [default]
+  kinds:
+    pods:
+      gather: true
+
+alloy-singleton:
+  enabled: true
+  liveDebugging:
+    enabled: true
+  alloy:
+    stabilityLevel: public-preview
diff --git a/charts/k8s-monitoring/docs/examples/features/node-logs/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/node-logs/default/output.yaml
index c48fb400e3..fa5ab6d17c 100644
--- a/charts/k8s-monitoring/docs/examples/features/node-logs/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/node-logs/default/output.yaml
@@ -490,12 +490,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -530,6 +532,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -591,9 +594,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -643,8 +648,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/pod-logs-via-kubernetes-api/output.yaml b/charts/k8s-monitoring/docs/examples/features/pod-logs-via-kubernetes-api/output.yaml
index 073569ede3..bff17ae9bf 100644
--- a/charts/k8s-monitoring/docs/examples/features/pod-logs-via-kubernetes-api/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/pod-logs-via-kubernetes-api/output.yaml
@@ -528,12 +528,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -568,6 +570,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -629,9 +632,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -681,8 +686,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml
index 08d4ba9b6c..53693dce32 100644
--- a/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/pod-logs/default/output.yaml
@@ -544,12 +544,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -584,6 +586,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -645,9 +648,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -697,8 +702,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/pod-logs/multiline/output.yaml b/charts/k8s-monitoring/docs/examples/features/pod-logs/multiline/output.yaml
index f8edb0559d..50e3aba59d 100644
--- a/charts/k8s-monitoring/docs/examples/features/pod-logs/multiline/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/pod-logs/multiline/output.yaml
@@ -572,12 +572,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -612,6 +614,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -673,9 +676,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -725,8 +730,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/profiles-receiver/output.yaml b/charts/k8s-monitoring/docs/examples/features/profiles-receiver/output.yaml
index 02722ddfe9..1bdbcce1e9 100644
--- a/charts/k8s-monitoring/docs/examples/features/profiles-receiver/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/profiles-receiver/output.yaml
@@ -351,6 +351,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -361,6 +362,7 @@ spec:
       protocol: TCP
       targetPort: 4040
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -395,6 +397,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -456,9 +459,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -506,8 +511,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/profiling/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/profiling/default/output.yaml
index 0b8df16589..114e001c3d 100644
--- a/charts/k8s-monitoring/docs/examples/features/profiling/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/profiling/default/output.yaml
@@ -1351,12 +1351,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1394,6 +1396,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1455,9 +1458,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: true
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1507,8 +1512,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-profiles
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml b/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml
index df9af31b7f..c7902f5c0e 100644
--- a/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/features/prometheus-operator-objects/default/output.yaml
@@ -476,12 +476,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -516,6 +518,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -577,9 +580,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -627,8 +632,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/images/images-by-digest/output.yaml b/charts/k8s-monitoring/docs/examples/images/images-by-digest/output.yaml
index 1f2e4e77ef..e03e8246f6 100644
--- a/charts/k8s-monitoring/docs/examples/images/images-by-digest/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/images/images-by-digest/output.yaml
@@ -2151,12 +2151,14 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2191,6 +2193,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2252,9 +2255,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2304,8 +2309,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2346,12 +2463,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2386,6 +2505,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2447,9 +2567,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2497,8 +2619,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2539,6 +2773,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2549,6 +2784,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2583,6 +2819,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2644,9 +2881,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2694,8 +2933,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/include-by-namespace/output.yaml b/charts/k8s-monitoring/docs/examples/include-by-namespace/output.yaml
index 0ad34f3b4a..f7e97c011d 100644
--- a/charts/k8s-monitoring/docs/examples/include-by-namespace/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/include-by-namespace/output.yaml
@@ -3977,12 +3977,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4017,6 +4019,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4078,9 +4081,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4128,8 +4133,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4170,12 +4287,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4210,6 +4329,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4271,9 +4391,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4321,8 +4443,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4363,12 +4597,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4403,6 +4639,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4464,9 +4701,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4516,8 +4755,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4558,6 +4909,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -4568,6 +4920,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4602,6 +4955,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4663,9 +5017,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4713,8 +5069,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4755,12 +5223,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4798,6 +5268,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4859,9 +5330,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: true
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4911,8 +5384,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-profiles
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/istio-service-mesh/output.yaml b/charts/k8s-monitoring/docs/examples/istio-service-mesh/output.yaml
index 4d0917600c..45bd6af841 100644
--- a/charts/k8s-monitoring/docs/examples/istio-service-mesh/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/istio-service-mesh/output.yaml
@@ -2150,12 +2150,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2190,6 +2192,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2251,9 +2254,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2301,8 +2306,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2343,6 +2460,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2357,6 +2475,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2391,6 +2510,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2452,9 +2572,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2503,8 +2625,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/log-metrics/output.yaml b/charts/k8s-monitoring/docs/examples/log-metrics/output.yaml
index 0f1cc18eee..6b93e6eff6 100644
--- a/charts/k8s-monitoring/docs/examples/log-metrics/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/log-metrics/output.yaml
@@ -990,12 +990,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1030,6 +1032,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1091,9 +1094,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1141,8 +1146,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1183,12 +1300,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1223,6 +1342,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1284,9 +1404,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1336,8 +1458,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/meta-monitoring/output.yaml b/charts/k8s-monitoring/docs/examples/meta-monitoring/output.yaml
index dfe6cffb77..34b38ec8e8 100644
--- a/charts/k8s-monitoring/docs/examples/meta-monitoring/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/meta-monitoring/output.yaml
@@ -3458,12 +3458,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3498,6 +3500,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3559,9 +3562,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3609,8 +3614,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3651,6 +3768,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -3661,6 +3779,7 @@ spec:
       protocol: TCP
       targetPort: 14268
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3695,6 +3814,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3756,9 +3876,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3806,8 +3928,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml b/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml
index e6913b9979..40416d6385 100644
--- a/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/metrics-tuning/output.yaml
@@ -1896,12 +1896,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1936,6 +1938,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1997,9 +2000,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2047,8 +2052,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/name-overrides/fullname-overrides/output.yaml b/charts/k8s-monitoring/docs/examples/name-overrides/fullname-overrides/output.yaml
index 07cef6c1e6..362fd4cd3f 100644
--- a/charts/k8s-monitoring/docs/examples/name-overrides/fullname-overrides/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/name-overrides/fullname-overrides/output.yaml
@@ -2138,12 +2138,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2178,6 +2180,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2239,9 +2242,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2290,8 +2295,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/name-overrides/name-overrides/output.yaml b/charts/k8s-monitoring/docs/examples/name-overrides/name-overrides/output.yaml
index f8267a1902..1ff7644379 100644
--- a/charts/k8s-monitoring/docs/examples/name-overrides/name-overrides/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/name-overrides/name-overrides/output.yaml
@@ -2138,12 +2138,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2178,6 +2180,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2239,9 +2242,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2289,8 +2294,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/namespace-labels-and-annotations/output.yaml b/charts/k8s-monitoring/docs/examples/namespace-labels-and-annotations/output.yaml
index abf6a1c31c..a966cded30 100644
--- a/charts/k8s-monitoring/docs/examples/namespace-labels-and-annotations/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/namespace-labels-and-annotations/output.yaml
@@ -2098,12 +2098,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2138,6 +2140,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2199,9 +2202,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2249,8 +2254,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2291,12 +2408,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2331,6 +2450,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2392,9 +2512,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2444,8 +2566,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2486,6 +2720,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2496,6 +2731,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2530,6 +2766,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2591,9 +2828,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2641,8 +2880,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/node-labels/output.yaml b/charts/k8s-monitoring/docs/examples/node-labels/output.yaml
index 7cd0540f35..c6a7fd49dc 100644
--- a/charts/k8s-monitoring/docs/examples/node-labels/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/node-labels/output.yaml
@@ -2367,12 +2367,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2407,6 +2409,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2468,9 +2471,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2518,8 +2523,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2560,12 +2677,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2600,6 +2719,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2661,9 +2781,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2713,8 +2835,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml
index 6fde3e07e3..9079e617e4 100644
--- a/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/platforms/azure-aks/output.yaml
@@ -1972,12 +1972,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2012,6 +2014,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2073,9 +2076,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2124,8 +2129,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2166,12 +2283,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2206,6 +2325,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2267,9 +2387,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2318,8 +2440,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2360,12 +2594,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2400,6 +2636,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2461,9 +2698,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2514,8 +2753,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml
index eff8c5e8b7..55b1c8d9c9 100644
--- a/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/platforms/eks-fargate/output.yaml
@@ -1615,12 +1615,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1655,6 +1657,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1716,9 +1719,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1766,8 +1771,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1808,12 +1925,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1848,6 +1967,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1909,9 +2029,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1959,8 +2081,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2001,12 +2235,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2041,6 +2277,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2102,9 +2339,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2154,8 +2393,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml
index 70498f385f..087ff11383 100644
--- a/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/platforms/gke-autopilot/output.yaml
@@ -1753,12 +1753,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1793,6 +1795,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1854,9 +1857,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1904,8 +1909,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1946,12 +2063,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1986,6 +2105,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2047,9 +2167,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2097,8 +2219,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2139,12 +2373,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2179,6 +2415,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2240,9 +2477,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2292,8 +2531,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml b/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml
index 024de1d603..92d10cf090 100644
--- a/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/platforms/openshift/output.yaml
@@ -2167,12 +2167,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2207,6 +2209,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2268,9 +2271,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2318,8 +2323,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2360,12 +2477,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2400,6 +2519,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2461,9 +2581,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2511,8 +2633,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2553,12 +2787,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2593,6 +2829,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2654,9 +2891,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2708,8 +2947,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/pod-labels-and-annotations/output.yaml b/charts/k8s-monitoring/docs/examples/pod-labels-and-annotations/output.yaml
index 7270cf1f24..07c8a9ba65 100644
--- a/charts/k8s-monitoring/docs/examples/pod-labels-and-annotations/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/pod-labels-and-annotations/output.yaml
@@ -2099,12 +2099,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2139,6 +2141,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2200,9 +2203,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2250,8 +2255,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2292,12 +2409,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2332,6 +2451,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2393,9 +2513,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2445,8 +2567,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2487,6 +2721,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2497,6 +2732,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2531,6 +2767,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2592,9 +2829,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2642,8 +2881,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/private-image-registries/globally/output.yaml b/charts/k8s-monitoring/docs/examples/private-image-registries/globally/output.yaml
index d710287c60..15656abaaa 100644
--- a/charts/k8s-monitoring/docs/examples/private-image-registries/globally/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/private-image-registries/globally/output.yaml
@@ -2175,12 +2175,14 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2215,6 +2217,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2276,9 +2279,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2329,8 +2334,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2371,12 +2488,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2411,6 +2530,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2472,9 +2592,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2523,8 +2645,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2565,12 +2799,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2605,6 +2841,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2666,9 +2903,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2719,8 +2958,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2761,6 +3112,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2771,6 +3123,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2805,6 +3158,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2866,9 +3220,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2917,8 +3273,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/private-image-registries/individual/output.yaml b/charts/k8s-monitoring/docs/examples/private-image-registries/individual/output.yaml
index d911c957c3..0ebeb2f820 100644
--- a/charts/k8s-monitoring/docs/examples/private-image-registries/individual/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/private-image-registries/individual/output.yaml
@@ -2162,12 +2162,14 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2202,6 +2204,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2263,9 +2266,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2316,8 +2321,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2358,12 +2475,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2398,6 +2517,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2459,9 +2579,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2510,8 +2632,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2552,6 +2786,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2562,6 +2797,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2596,6 +2832,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2657,9 +2894,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2708,8 +2947,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/proxies/output.yaml b/charts/k8s-monitoring/docs/examples/proxies/output.yaml
index 9f2d46e4d9..da6d92c155 100644
--- a/charts/k8s-monitoring/docs/examples/proxies/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/proxies/output.yaml
@@ -3769,12 +3769,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3809,6 +3811,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3870,9 +3873,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3920,8 +3925,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3962,12 +4079,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4002,6 +4121,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4063,9 +4183,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4113,8 +4235,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4155,12 +4389,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4195,6 +4431,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4256,9 +4493,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4308,8 +4547,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4350,6 +4701,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -4364,6 +4716,7 @@ spec:
       protocol: TCP
       targetPort: 9411
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4398,6 +4751,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4459,9 +4813,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4509,8 +4865,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4551,12 +5019,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4594,6 +5064,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4655,9 +5126,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: true
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4707,8 +5180,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-profiles
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/remote-config/output.yaml b/charts/k8s-monitoring/docs/examples/remote-config/output.yaml
index 9b397f47a3..13df6fa82d 100644
--- a/charts/k8s-monitoring/docs/examples/remote-config/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/remote-config/output.yaml
@@ -397,6 +397,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -420,6 +421,7 @@ spec:
       value: k8smon-$(CLUSTER_NAME)-$(NAMESPACE)-$(POD_NAME)
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -454,6 +456,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -515,9 +518,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -565,8 +570,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -607,6 +724,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -630,6 +748,7 @@ spec:
       value: k8smon-$(CLUSTER_NAME)-$(NAMESPACE)-alloy-logs-$(NODE_NAME)
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -664,6 +783,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -725,9 +845,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -777,8 +899,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/resource-requests-and-limits/output.yaml b/charts/k8s-monitoring/docs/examples/resource-requests-and-limits/output.yaml
index 8b994fcce2..1b80fcb50d 100644
--- a/charts/k8s-monitoring/docs/examples/resource-requests-and-limits/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/resource-requests-and-limits/output.yaml
@@ -2079,12 +2079,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2125,6 +2127,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2189,9 +2192,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2239,8 +2244,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/scalability/autoscaling/output.yaml b/charts/k8s-monitoring/docs/examples/scalability/autoscaling/output.yaml
index a7d27d14e8..a6ecce7839 100644
--- a/charts/k8s-monitoring/docs/examples/scalability/autoscaling/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/scalability/autoscaling/output.yaml
@@ -1552,12 +1552,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1595,6 +1597,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1656,9 +1659,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1706,8 +1711,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/scalability/high-availability-kube-state-metrics/output.yaml b/charts/k8s-monitoring/docs/examples/scalability/high-availability-kube-state-metrics/output.yaml
index 8d5aafa9a2..546ed961c8 100644
--- a/charts/k8s-monitoring/docs/examples/scalability/high-availability-kube-state-metrics/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/scalability/high-availability-kube-state-metrics/output.yaml
@@ -1552,12 +1552,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1592,6 +1594,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1653,9 +1656,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1703,8 +1708,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/scalability/sharded-kube-state-metrics/output.yaml b/charts/k8s-monitoring/docs/examples/scalability/sharded-kube-state-metrics/output.yaml
index 78d702c075..488e034a7f 100644
--- a/charts/k8s-monitoring/docs/examples/scalability/sharded-kube-state-metrics/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/scalability/sharded-kube-state-metrics/output.yaml
@@ -1622,12 +1622,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1662,6 +1664,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1723,9 +1726,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1773,8 +1778,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/service-integrations/mongodb-atlas/output.yaml b/charts/k8s-monitoring/docs/examples/service-integrations/mongodb-atlas/output.yaml
index 9fae2d0105..7a74799650 100644
--- a/charts/k8s-monitoring/docs/examples/service-integrations/mongodb-atlas/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/service-integrations/mongodb-atlas/output.yaml
@@ -447,12 +447,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -487,6 +489,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -548,9 +551,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -598,8 +603,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/service-integrations/timescaledb/output.yaml b/charts/k8s-monitoring/docs/examples/service-integrations/timescaledb/output.yaml
index e5362018cb..46de3eafc3 100644
--- a/charts/k8s-monitoring/docs/examples/service-integrations/timescaledb/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/service-integrations/timescaledb/output.yaml
@@ -440,12 +440,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -480,6 +482,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -541,9 +544,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -591,8 +596,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/tail-sampling/output.yaml b/charts/k8s-monitoring/docs/examples/tail-sampling/output.yaml
index 4e1b1b7b7b..c931a8fa8c 100644
--- a/charts/k8s-monitoring/docs/examples/tail-sampling/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/tail-sampling/output.yaml
@@ -2204,12 +2204,14 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2244,6 +2246,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2305,9 +2308,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2357,8 +2362,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2399,12 +2516,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2439,6 +2558,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2500,9 +2620,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2550,8 +2672,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2592,12 +2826,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2632,6 +2868,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2693,9 +2930,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2745,8 +2984,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2787,6 +3138,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2797,6 +3149,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2831,6 +3184,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2892,9 +3246,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2942,8 +3298,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/docs/examples/tolerations/output.yaml b/charts/k8s-monitoring/docs/examples/tolerations/output.yaml
index 7eb53477bc..ebf8413f6d 100644
--- a/charts/k8s-monitoring/docs/examples/tolerations/output.yaml
+++ b/charts/k8s-monitoring/docs/examples/tolerations/output.yaml
@@ -2293,12 +2293,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2333,6 +2335,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2394,9 +2397,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2447,8 +2452,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2489,12 +2606,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2529,6 +2648,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2590,9 +2710,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2643,8 +2765,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/templates/alloy-config.yaml b/charts/k8s-monitoring/templates/alloy-config.yaml
index a80c66e07e..aaae02e850 100644
--- a/charts/k8s-monitoring/templates/alloy-config.yaml
+++ b/charts/k8s-monitoring/templates/alloy-config.yaml
@@ -1,11 +1,15 @@
 {{- range $collectorName := include "collectors.list.enabled" . | fromYamlArray }}
 {{- $selfReportingEnabled := false }}
+{{- $kubernetesManifestsEnabled := false }}
 {{- $destinations := (index $.Values $collectorName).includeDestinations | default list }}
 {{- range $feature := include "features.list" $ | fromYamlArray }}
   {{- if has $collectorName (include (printf "features.%s.collectors" $feature) $ | fromYamlArray ) }}
     {{- if eq $feature "selfReporting" }}
       {{- $selfReportingEnabled = true }}
     {{- end }}
+    {{- if eq $feature "kubernetesManifests" }}
+      {{- $kubernetesManifestsEnabled = true }}
+    {{- end }}
     {{- $destinations = concat $destinations ((include (printf "features.%s.destinations" $feature) $) | fromYamlArray) }}
   {{- end }}
 {{- end }}
@@ -38,4 +42,7 @@ data:
 {{- if $selfReportingEnabled }}
   self-reporting-metric.prom: |{{ printf "%s\n" (include "features.selfReporting.metrics" $values | trim) | nindent 4 }}
 {{- end }}
+{{- if $kubernetesManifestsEnabled }}
+  collect-manifests.sh: |{{ $.Subcharts.kubernetesManifests.Files.Get "collect-manifests.sh" | trim | nindent 4 }}
+{{- end }}
 {{- end }}
diff --git a/charts/k8s-monitoring/templates/features/_feature_helpers.tpl b/charts/k8s-monitoring/templates/features/_feature_helpers.tpl
index 1a1f55485f..5dd7246906 100644
--- a/charts/k8s-monitoring/templates/features/_feature_helpers.tpl
+++ b/charts/k8s-monitoring/templates/features/_feature_helpers.tpl
@@ -4,6 +4,7 @@
 - autoInstrumentation
 - clusterMetrics
 - clusterEvents
+- kubernetesManifests
 - nodeLogs
 - podLogs
 - podLogsViaKubernetesApi
diff --git a/charts/k8s-monitoring/templates/features/_feature_kubernetes_manifests.tpl b/charts/k8s-monitoring/templates/features/_feature_kubernetes_manifests.tpl
new file mode 100644
index 0000000000..36088473f8
--- /dev/null
+++ b/charts/k8s-monitoring/templates/features/_feature_kubernetes_manifests.tpl
@@ -0,0 +1,69 @@
+{{- define "features.kubernetesManifests.enabled" }}{{ .Values.kubernetesManifests.enabled }}{{- end }}
+
+{{- define "features.kubernetesManifests.collectors" }}
+{{- if .Values.kubernetesManifests.enabled -}}
+- {{ .Values.kubernetesManifests.collector }}
+{{- end }}
+{{- end }}
+
+{{- define "features.kubernetesManifests.include" }}
+{{- if .Values.kubernetesManifests.enabled -}}
+{{- $destinations := include "features.kubernetesManifests.destinations" . | fromYamlArray }}
+
+// Feature: Kubernetes Manifests
+{{- include "feature.kubernetesManifests.module" (dict "Values" .Values.kubernetesManifests "Files" $.Subcharts.kubernetesManifests.Files "Release" $.Release) }}
+kubernetes_manifests "feature" {
+  logs_destinations = [
+    {{ include "destinations.alloy.targets" (dict "destinations" $.Values.destinations "names" $destinations "type" "logs" "ecosystem" "otlp") | indent 4 | trim }}
+  ]
+}
+{{- end -}}
+{{- end -}}
+
+{{- define "features.kubernetesManifests.destinations" }}
+{{- if .Values.kubernetesManifests.enabled -}}
+{{- include "destinations.get" (dict "destinations" $.Values.destinations "type" "logs" "ecosystem" "otlp" "filter" $.Values.kubernetesManifests.destinations) -}}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "features.kubernetesManifests.destinations.isTranslating" }}
+{{- $isTranslating := false -}}
+{{- $destinations := include "features.kubernetesManifests.destinations" . | fromYamlArray -}}
+{{ range $destination := $destinations -}}
+  {{- $destinationEcosystem := include "destination.getEcosystem" (deepCopy $ | merge (dict "destination" $destination)) -}}
+  {{- if ne $destinationEcosystem "otlp" -}}
+    {{- $isTranslating = true -}}
+  {{- end -}}
+{{- end -}}
+{{- $isTranslating -}}
+{{- end -}}
+
+{{- define "features.kubernetesManifests.collector.values" }}
+{{- if .Values.kubernetesManifests.enabled -}}
+{{- $values := dict }}
+{{- range $collector := include "features.kubernetesManifests.collectors" . | fromYamlArray }}
+  {{- $featureValues := dict "Values" $.Values.kubernetesManifests "Files" $.Subcharts.kubernetesManifests.Files "Release" $.Release "CollectorName" $collector }}
+  {{- $extraContainers := include "feature.kubernetesManifests.sidecarContainer" $featureValues | fromYamlArray }}
+  {{- $extraVolumes := include "feature.kubernetesManifests.volume" $featureValues | fromYamlArray }}
+  {{- $extraVolumeMounts := include "feature.kubernetesManifests.volumeMount" $featureValues | fromYamlArray }}
+
+  {{- $values = $values | merge (dict $collector (dict "alloy" (dict "mounts" (dict "extra" $extraVolumeMounts)) "controller" (dict "extraContainers" $extraContainers "volumes" (dict "extra" $extraVolumes)))) }}
+{{- end -}}
+{{- $values | toYaml }}
+{{- end -}}
+{{- end -}}
+
+{{- define "features.kubernetesManifests.validate" }}
+{{- if .Values.kubernetesManifests.enabled -}}
+{{- $featureName := "Kubernetes Manifests" }}
+{{- $destinations := include "features.kubernetesManifests.destinations" . | fromYamlArray }}
+{{- include "destinations.validate_destination_list" (dict "destinations" $destinations "type" "logs" "ecosystem" "otlp" "feature" $featureName) }}
+
+{{- range $collectorName := include "features.kubernetesManifests.collectors" . | fromYamlArray }}
+  {{- $collectorValues := include "collector.alloy.values" (deepCopy $ | merge (dict "collectorName" $collectorName)) | fromYaml }}
+  {{- include "collectors.require_collector" (dict "Values" $.Values "name" $collectorName "feature" $featureName) }}
+  {{- include "feature.kubernetesManifests.collector.validate" (dict "Values" $.Values.kubernetesManifests "Collector" $collectorValues "CollectorName" $collectorName) }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/k8s-monitoring/templates/kubernetes-manifest-rules.yaml b/charts/k8s-monitoring/templates/kubernetes-manifest-rules.yaml
new file mode 100644
index 0000000000..930233e3f2
--- /dev/null
+++ b/charts/k8s-monitoring/templates/kubernetes-manifest-rules.yaml
@@ -0,0 +1,82 @@
+{{- if .Values.kubernetesManifests.enabled }}
+{{- $apiGroups := list }}
+{{- $resources := list }}
+{{- $verbs := list "get" "list" "watch" }}
+{{- if .Values.kubernetesManifests.kinds.pods.gather }}
+  {{- $apiGroups = append $apiGroups "" }}
+  {{- $resources = append $resources "pods" }}
+{{- end }}
+{{- if .Values.kubernetesManifests.kinds.deployments.gather }}
+  {{- $apiGroups = append $apiGroups "apps" }}
+  {{- $resources = append $resources "deployments" }}
+{{- end }}
+{{- if .Values.kubernetesManifests.kinds.statefulsets.gather }}
+  {{- $apiGroups = append $apiGroups "apps" }}
+  {{- $resources = append $resources "statefulsets" }}
+{{- end }}
+{{- if .Values.kubernetesManifests.kinds.daemonsets.gather }}
+  {{- $apiGroups = append $apiGroups "apps" }}
+  {{- $resources = append $resources "daemonsets" }}
+{{- end }}
+{{- if .Values.kubernetesManifests.kinds.cronjobs.gather }}
+  {{- $apiGroups = append $apiGroups "batch" }}
+  {{- $resources = append $resources "cronjobs" }}
+{{- end }}
+
+{{- range $collectorName := include "features.kubernetesManifests.collectors" . | fromYamlArray }}
+  {{- $collectorContext := dict "Values" $.Values "Release" $.Release "collectorName" $collectorName }}
+  {{- $serviceAccount := include "collector.alloy.fullname" $collectorContext }}
+  {{- $rbacName := (printf "%s-kubernetes-manifests" $serviceAccount) | trunc 63 | trimSuffix "-" }}
+  {{- if $.Values.kubernetesManifests.namespaces }}
+    {{- range $namespace := $.Values.kubernetesManifests.namespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ $rbacName }}
+  namespace: {{ $namespace }}
+rules:
+  - apiGroups:{{ $apiGroups | uniq | toYaml | nindent 6 }}
+    resources:{{ $resources | uniq | toYaml | nindent 6 }}
+    verbs:{{ $verbs | uniq | toYaml | nindent 6 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $rbacName }}
+  namespace: {{ $namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $rbacName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $serviceAccount }}
+    namespace: {{ $.Release.Namespace }}
+    {{- end }}
+  {{- else }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ $rbacName }}
+rules:
+  - apiGroups:{{ $apiGroups | uniq | toYaml | nindent 6 }}
+    resources:{{ $resources | uniq | toYaml | nindent 6 }}
+    verbs:{{ $verbs | uniq | toYaml | nindent 6 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ $rbacName }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $rbacName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $serviceAccount }}
+    namespace: {{ $.Release.Namespace }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/k8s-monitoring/tests/integration/annotation-autodiscovery/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/annotation-autodiscovery/.rendered/output.yaml
index 608e459b5f..04bd52a58e 100644
--- a/charts/k8s-monitoring/tests/integration/annotation-autodiscovery/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/annotation-autodiscovery/.rendered/output.yaml
@@ -1042,12 +1042,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1082,6 +1084,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1143,9 +1146,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1193,8 +1198,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1235,12 +1352,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1275,6 +1394,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1336,9 +1456,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1388,8 +1510,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/application-observability/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/application-observability/.rendered/output.yaml
index 08d93a7815..8b8e07687c 100644
--- a/charts/k8s-monitoring/tests/integration/application-observability/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/application-observability/.rendered/output.yaml
@@ -1013,6 +1013,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1027,6 +1028,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1061,6 +1063,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1122,9 +1125,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1172,8 +1177,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/auth/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/auth/.rendered/output.yaml
index ddf41e81c2..0ad4e60a24 100644
--- a/charts/k8s-monitoring/tests/integration/auth/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/auth/.rendered/output.yaml
@@ -1483,12 +1483,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1523,6 +1525,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1584,9 +1587,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1634,8 +1639,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1676,12 +1793,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1716,6 +1835,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1777,9 +1897,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1829,8 +1951,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/auto-instrumentation/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/auto-instrumentation/.rendered/output.yaml
index 9b1dcf4e72..1ca780d83a 100644
--- a/charts/k8s-monitoring/tests/integration/auto-instrumentation/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/auto-instrumentation/.rendered/output.yaml
@@ -957,12 +957,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -997,6 +999,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1058,9 +1061,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1108,8 +1113,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1150,6 +1267,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1160,6 +1278,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1194,6 +1313,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1255,9 +1375,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1305,8 +1427,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/cluster-monitoring/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/cluster-monitoring/.rendered/output.yaml
index 23e7beea21..c28b304498 100644
--- a/charts/k8s-monitoring/tests/integration/cluster-monitoring/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/cluster-monitoring/.rendered/output.yaml
@@ -2629,12 +2629,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2669,6 +2671,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2730,9 +2733,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2780,8 +2785,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2822,12 +2939,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2862,6 +2981,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2923,9 +3043,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2973,8 +3095,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3015,12 +3249,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3055,6 +3291,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3116,9 +3353,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3168,8 +3407,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/control-plane-monitoring/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/control-plane-monitoring/.rendered/output.yaml
index 01319b9ee7..96099f3f19 100644
--- a/charts/k8s-monitoring/tests/integration/control-plane-monitoring/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/control-plane-monitoring/.rendered/output.yaml
@@ -2339,12 +2339,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2379,6 +2381,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2440,9 +2443,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2490,8 +2495,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2532,12 +2649,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2572,6 +2691,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2633,9 +2753,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2683,8 +2805,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2725,12 +2959,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2765,6 +3001,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2826,9 +3063,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2878,8 +3117,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/istio-service-mesh/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/istio-service-mesh/.rendered/output.yaml
index 4bd74e3704..1f0b48c7c1 100644
--- a/charts/k8s-monitoring/tests/integration/istio-service-mesh/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/istio-service-mesh/.rendered/output.yaml
@@ -2673,12 +2673,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2713,6 +2715,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2774,9 +2777,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2824,8 +2829,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2866,12 +2983,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2906,6 +3025,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2967,9 +3087,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3017,8 +3139,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3059,12 +3293,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3099,6 +3335,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3160,9 +3397,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3212,8 +3451,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3254,6 +3605,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -3268,6 +3620,7 @@ spec:
       protocol: TCP
       targetPort: 4318
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3302,6 +3655,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3363,9 +3717,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3414,8 +3770,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/pod-logs/default/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/pod-logs/default/.rendered/output.yaml
index 0291990087..9bc74daf19 100644
--- a/charts/k8s-monitoring/tests/integration/pod-logs/default/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/pod-logs/default/.rendered/output.yaml
@@ -568,12 +568,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -608,6 +610,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -669,9 +672,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -721,8 +726,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/pod-logs/filelog/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/pod-logs/filelog/.rendered/output.yaml
index 9bb52401f5..d05e9e17dd 100644
--- a/charts/k8s-monitoring/tests/integration/pod-logs/filelog/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/pod-logs/filelog/.rendered/output.yaml
@@ -539,12 +539,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -579,6 +581,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: public-preview
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -640,9 +643,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -692,8 +697,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/pod-logs/log-metrics/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/pod-logs/log-metrics/.rendered/output.yaml
index cd40624b25..5eaffa779d 100644
--- a/charts/k8s-monitoring/tests/integration/pod-logs/log-metrics/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/pod-logs/log-metrics/.rendered/output.yaml
@@ -1012,12 +1012,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1052,6 +1054,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1113,9 +1116,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1163,8 +1168,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1205,12 +1322,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1245,6 +1364,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1306,9 +1426,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1358,8 +1480,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/pod-logs/secret-filter/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/pod-logs/secret-filter/.rendered/output.yaml
index 19bf42cba9..98cef7ae14 100644
--- a/charts/k8s-monitoring/tests/integration/pod-logs/secret-filter/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/pod-logs/secret-filter/.rendered/output.yaml
@@ -572,12 +572,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -612,6 +614,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: experimental
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -673,9 +676,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -725,8 +730,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/profiles-receiver/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/profiles-receiver/.rendered/output.yaml
index df44c052b0..2d2e411c86 100644
--- a/charts/k8s-monitoring/tests/integration/profiles-receiver/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/profiles-receiver/.rendered/output.yaml
@@ -360,6 +360,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -370,6 +371,7 @@ spec:
       protocol: TCP
       targetPort: 4040
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -404,6 +406,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -465,9 +468,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -515,8 +520,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/profiling/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/profiling/.rendered/output.yaml
index 6cefd9ffd5..cbe9c60dcd 100644
--- a/charts/k8s-monitoring/tests/integration/profiling/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/profiling/.rendered/output.yaml
@@ -1351,12 +1351,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1394,6 +1396,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1455,9 +1458,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: true
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1507,8 +1512,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-profiles
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/prom-and-loki-to-otlp/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/prom-and-loki-to-otlp/.rendered/output.yaml
index d422e97eec..6c27abdbc6 100644
--- a/charts/k8s-monitoring/tests/integration/prom-and-loki-to-otlp/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/prom-and-loki-to-otlp/.rendered/output.yaml
@@ -2291,12 +2291,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2331,6 +2333,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2392,9 +2395,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2442,8 +2447,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2484,12 +2601,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2524,6 +2643,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2585,9 +2705,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2635,8 +2757,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2677,12 +2911,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2717,6 +2953,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2778,9 +3015,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2830,8 +3069,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/prometheus-io-annotations/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/prometheus-io-annotations/.rendered/output.yaml
index e9c8c8b479..d34f2702a7 100644
--- a/charts/k8s-monitoring/tests/integration/prometheus-io-annotations/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/prometheus-io-annotations/.rendered/output.yaml
@@ -1892,12 +1892,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1932,6 +1934,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1993,9 +1996,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2043,8 +2048,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/prometheus-operator-objects/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/prometheus-operator-objects/.rendered/output.yaml
index b1ac038612..95a62308ec 100644
--- a/charts/k8s-monitoring/tests/integration/prometheus-operator-objects/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/prometheus-operator-objects/.rendered/output.yaml
@@ -485,12 +485,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -525,6 +527,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: experimental
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -586,9 +589,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -636,8 +641,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/proxies/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/proxies/.rendered/output.yaml
index 882c5667de..ae5608e893 100644
--- a/charts/k8s-monitoring/tests/integration/proxies/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/proxies/.rendered/output.yaml
@@ -1489,12 +1489,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1529,6 +1531,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1590,9 +1593,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1640,8 +1645,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1682,12 +1799,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1722,6 +1841,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1783,9 +1903,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1833,8 +1955,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1875,12 +2109,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1915,6 +2151,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1976,9 +2213,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2028,8 +2267,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2070,6 +2421,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2080,6 +2432,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2114,6 +2467,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2175,9 +2529,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2225,8 +2581,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-graph-metrics/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-graph-metrics/.rendered/output.yaml
index 450a3df226..1b3e6b86f5 100644
--- a/charts/k8s-monitoring/tests/integration/service-graph-metrics/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-graph-metrics/.rendered/output.yaml
@@ -1428,6 +1428,7 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1439,6 +1440,7 @@ spec:
           fieldPath: metadata.name
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1473,6 +1475,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1534,9 +1537,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1586,8 +1591,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1628,12 +1745,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1668,6 +1787,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1729,9 +1849,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1779,8 +1901,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1821,12 +2055,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1861,6 +2097,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: public-preview
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1922,9 +2159,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1974,8 +2213,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2016,6 +2367,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -2030,6 +2382,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2064,6 +2417,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2125,9 +2479,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2175,8 +2531,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/alloy/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/alloy/.rendered/output.yaml
index 7f81b6adcd..1e197214fb 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/alloy/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/alloy/.rendered/output.yaml
@@ -733,12 +733,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -773,6 +775,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -834,9 +837,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -884,8 +889,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/cert-manager/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/cert-manager/.rendered/output.yaml
index 66f7e303b9..1622801696 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/cert-manager/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/cert-manager/.rendered/output.yaml
@@ -545,12 +545,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -585,6 +587,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -646,9 +649,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -696,8 +701,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/coredns/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/coredns/.rendered/output.yaml
index 8ae20ec639..87e76a44d8 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/coredns/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/coredns/.rendered/output.yaml
@@ -1663,12 +1663,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1703,6 +1705,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1764,9 +1767,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1814,8 +1819,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/etcd/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/etcd/.rendered/output.yaml
index 5b225f8376..5b3adc7d32 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/etcd/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/etcd/.rendered/output.yaml
@@ -538,12 +538,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -578,6 +580,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -639,9 +642,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -689,8 +694,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/grafana/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/grafana/.rendered/output.yaml
index 4fc0de8e79..1687fd3c45 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/grafana/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/grafana/.rendered/output.yaml
@@ -2359,12 +2359,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2399,6 +2401,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2460,9 +2463,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2510,8 +2515,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2552,12 +2669,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2592,6 +2711,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2653,9 +2773,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2703,8 +2825,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2745,12 +2979,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2785,6 +3021,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2846,9 +3083,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2898,8 +3137,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/loki/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/loki/.rendered/output.yaml
index c3d781fbf0..6542bc3999 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/loki/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/loki/.rendered/output.yaml
@@ -2385,12 +2385,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2425,6 +2427,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2486,9 +2489,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2536,8 +2541,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2578,12 +2695,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2618,6 +2737,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2679,9 +2799,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2729,8 +2851,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2771,12 +3005,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2811,6 +3047,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2872,9 +3109,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2924,8 +3163,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/mysql/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/mysql/.rendered/output.yaml
index 8ac8995329..553d44f47b 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/mysql/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/mysql/.rendered/output.yaml
@@ -815,12 +815,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -855,6 +857,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -916,9 +919,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -966,8 +971,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1008,12 +1125,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1048,6 +1167,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1109,9 +1229,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1161,8 +1283,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/service-integrations/tempo/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/service-integrations/tempo/.rendered/output.yaml
index f0533a416c..454b3a4004 100644
--- a/charts/k8s-monitoring/tests/integration/service-integrations/tempo/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/service-integrations/tempo/.rendered/output.yaml
@@ -2385,12 +2385,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2425,6 +2427,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2486,9 +2489,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2536,8 +2541,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2578,12 +2695,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2618,6 +2737,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2679,9 +2799,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2729,8 +2851,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2771,12 +3005,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2811,6 +3047,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2872,9 +3109,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2924,8 +3163,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/sharded-kube-state-metrics/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/sharded-kube-state-metrics/.rendered/output.yaml
index 06e0a49e29..d4b9b6c167 100644
--- a/charts/k8s-monitoring/tests/integration/sharded-kube-state-metrics/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/sharded-kube-state-metrics/.rendered/output.yaml
@@ -1965,12 +1965,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2005,6 +2007,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2066,9 +2069,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2116,8 +2121,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/split-destinations/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/split-destinations/.rendered/output.yaml
index 6e7f2a40bf..f989617638 100644
--- a/charts/k8s-monitoring/tests/integration/split-destinations/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/split-destinations/.rendered/output.yaml
@@ -2703,12 +2703,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2743,6 +2745,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2804,9 +2807,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2854,8 +2859,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2896,12 +3013,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2936,6 +3055,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2997,9 +3117,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3049,8 +3171,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3091,6 +3325,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -3101,6 +3336,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3135,6 +3371,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3196,9 +3433,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3246,8 +3485,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/statsd/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/statsd/.rendered/output.yaml
index 09f4132a14..f208ffc838 100644
--- a/charts/k8s-monitoring/tests/integration/statsd/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/statsd/.rendered/output.yaml
@@ -438,6 +438,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -452,6 +453,7 @@ spec:
       protocol: TCP
       targetPort: 8125
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -486,6 +488,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -547,9 +550,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -597,8 +602,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/tail-sampling/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/tail-sampling/.rendered/output.yaml
index 1a7fc99e61..f8be668b34 100644
--- a/charts/k8s-monitoring/tests/integration/tail-sampling/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/tail-sampling/.rendered/output.yaml
@@ -1139,12 +1139,14 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1179,6 +1181,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1240,9 +1243,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1292,8 +1297,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1334,12 +1451,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1374,6 +1493,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1435,9 +1555,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1485,8 +1607,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1527,6 +1761,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1537,6 +1772,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1571,6 +1807,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1632,9 +1869,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1682,8 +1921,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/uninstall/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/uninstall/.rendered/output.yaml
index 8f709fdf9f..48a8de832f 100644
--- a/charts/k8s-monitoring/tests/integration/uninstall/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/uninstall/.rendered/output.yaml
@@ -2629,12 +2629,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2669,6 +2671,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2730,9 +2733,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2780,8 +2785,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2822,12 +2939,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2862,6 +2981,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2923,9 +3043,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2973,8 +3095,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3015,12 +3249,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3055,6 +3291,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3116,9 +3353,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3168,8 +3407,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/upgrade/major/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/upgrade/major/.rendered/output.yaml
index bbf12b8f69..06bc91cc97 100644
--- a/charts/k8s-monitoring/tests/integration/upgrade/major/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/upgrade/major/.rendered/output.yaml
@@ -2655,12 +2655,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2695,6 +2697,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2756,9 +2759,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2806,8 +2811,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2848,12 +2965,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2888,6 +3007,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2949,9 +3069,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2999,8 +3121,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3041,12 +3275,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3081,6 +3317,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3142,9 +3379,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3194,8 +3433,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/upgrade/minor/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/upgrade/minor/.rendered/output.yaml
index a487dfd69a..9cd13cab3c 100644
--- a/charts/k8s-monitoring/tests/integration/upgrade/minor/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/upgrade/minor/.rendered/output.yaml
@@ -2655,12 +2655,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2695,6 +2697,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2756,9 +2759,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2806,8 +2811,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2848,12 +2965,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2888,6 +3007,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2949,9 +3069,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2999,8 +3121,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3041,12 +3275,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3081,6 +3317,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3142,9 +3379,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3194,8 +3433,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/integration/upgrade/patch/.rendered/output.yaml b/charts/k8s-monitoring/tests/integration/upgrade/patch/.rendered/output.yaml
index f35ac864f5..53870b62c5 100644
--- a/charts/k8s-monitoring/tests/integration/upgrade/patch/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/integration/upgrade/patch/.rendered/output.yaml
@@ -2655,12 +2655,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2695,6 +2697,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2756,9 +2759,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2806,8 +2811,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2848,12 +2965,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2888,6 +3007,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2949,9 +3069,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2999,8 +3121,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3041,12 +3275,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3081,6 +3317,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3142,9 +3379,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3194,8 +3433,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/aks/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/aks/.rendered/output.yaml
index ce2a9d8206..a5c081c227 100644
--- a/charts/k8s-monitoring/tests/platform/aks/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/aks/.rendered/output.yaml
@@ -2348,12 +2348,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2388,6 +2390,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2449,9 +2452,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2500,8 +2505,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2542,12 +2659,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2582,6 +2701,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2643,9 +2763,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2694,8 +2816,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2736,12 +2970,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2776,6 +3012,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2837,9 +3074,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2890,8 +3129,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/eks-fargate/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/eks-fargate/.rendered/output.yaml
index d431ee6ff1..e5f4686d10 100644
--- a/charts/k8s-monitoring/tests/platform/eks-fargate/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/eks-fargate/.rendered/output.yaml
@@ -2525,12 +2525,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2565,6 +2567,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2626,9 +2629,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2676,8 +2681,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2718,12 +2835,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2758,6 +2877,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2819,9 +2939,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2869,8 +2991,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2911,12 +3145,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2951,6 +3187,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3012,9 +3249,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       alpha.eksctl.io/nodegroup-name: ng-linux
       kubernetes.io/arch: amd64
@@ -3066,8 +3305,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/eks-with-windows/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/eks-with-windows/.rendered/output.yaml
index 015878117d..ad3c75c943 100644
--- a/charts/k8s-monitoring/tests/platform/eks-with-windows/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/eks-with-windows/.rendered/output.yaml
@@ -2671,12 +2671,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2711,6 +2713,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2772,9 +2775,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2822,8 +2827,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2864,12 +2981,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2904,6 +3023,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2965,9 +3085,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3015,8 +3137,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3057,12 +3291,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3097,6 +3333,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3158,9 +3395,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3210,8 +3449,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/gke-autopilot/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/gke-autopilot/.rendered/output.yaml
index a389b78d95..273d663789 100644
--- a/charts/k8s-monitoring/tests/platform/gke-autopilot/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/gke-autopilot/.rendered/output.yaml
@@ -1806,12 +1806,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1846,6 +1848,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1907,9 +1910,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1957,8 +1962,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1999,12 +2116,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2039,6 +2158,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2100,9 +2220,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2150,8 +2272,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2192,12 +2426,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2232,6 +2468,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2293,9 +2530,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2345,8 +2584,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/gke/.envrc b/charts/k8s-monitoring/tests/platform/gke/.envrc
index e13ee02ffc..2181660e2f 100644
--- a/charts/k8s-monitoring/tests/platform/gke/.envrc
+++ b/charts/k8s-monitoring/tests/platform/gke/.envrc
@@ -3,7 +3,9 @@ op --account grafana.1password.com read --out-file sak.json "op://Kubernetes Mon
 gcloud auth activate-service-account "${GCP_SERVICE_ACCOUNT}" --key-file=sak.json
 rm sak.json
 
-export GRAFANA_CLOUD_METRICS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Prometheus/username")
-export GRAFANA_CLOUD_LOGS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Loki/username")
-export GRAFANA_CLOUD_RW_POLICY_TOKEN=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/helmchart Prometheus/password")
+# TODO: Change these back to the old secret path
+export GRAFANA_CLOUD_METRICS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/k8sprod Mimir/username")
+export GRAFANA_CLOUD_LOGS_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/k8sprod Loki/username")
+export GRAFANA_CLOUD_OTLP_USERNAME=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/k8sprod OTLP/username")
+export GRAFANA_CLOUD_RW_POLICY_TOKEN=$(op --account grafana.1password.com read "op://Kubernetes Monitoring/k8sprod Mimir/password")
 export RANDOM_NUMBER=$(shuf -i 100000-999999 -n 1)
diff --git a/charts/k8s-monitoring/tests/platform/gke/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/gke/.rendered/output.yaml
index 6d80747e61..7d89749d58 100644
--- a/charts/k8s-monitoring/tests/platform/gke/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/gke/.rendered/output.yaml
@@ -994,7 +994,7 @@ data:
         }
         basic_auth {
           username = convert.nonsensitive(remote.kubernetes.secret.grafana_cloud_metrics.data["PROMETHEUS_USER"])
-          password = remote.kubernetes.secret.grafana_cloud_metrics.data["PROMETHEUS_PASS"]
+          password = remote.kubernetes.secret.grafana_cloud_metrics.data["ACCESS_POLICY_TOKEN"]
         }
         tls_config {
           insecure_skip_verify = false
@@ -1139,6 +1139,202 @@ data:
         loki.write.grafana_cloud_logs.receiver,
       ]
     }
+    // Feature: Kubernetes Manifests
+    declare "kubernetes_manifests" {
+      argument "logs_destinations" {
+        comment = "Must be a list of log destinations where collected logs should be forwarded to"
+      }
+    
+    
+      otelcol.receiver.filelog "pod_manifests" {
+        include = ["/var/kubernetes-manifests/pods/*/*.json"]
+        include_file_path_resolved = true
+        start_at = "beginning"
+        delete_after_read = true
+    
+        output {
+          logs = [otelcol.processor.transform.pod_manifests.input]
+        }
+      }
+    
+      otelcol.processor.transform "pod_manifests" {
+        error_mode = "ignore"
+    
+        log_statements {
+          context = "log"
+          statements = [
+            `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/pods/(?P<namespace>[^/]+)/(?P<pod>[^.]+)\\.json$"), "upsert")`,
+            `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+            `set(resource.attributes["k8s.pod.name"], attributes["pod"])`,
+            `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+            `set(resource.attributes["service.namespace"], "default")`,
+          ]
+        }
+    
+        output {
+          logs = [otelcol.processor.k8sattributes.pod_manifests.input]
+        }
+      }
+    
+      otelcol.processor.k8sattributes "pod_manifests" {
+        pod_association {
+          source {
+            from = "resource_attribute"
+            name = "k8s.pod.name"
+          }
+          source {
+            from = "resource_attribute"
+            name = "k8s.namespace.name"
+          }
+        }
+    
+        extract {
+          metadata = [
+            "k8s.cronjob.name",
+            "k8s.daemonset.name",
+            "k8s.deployment.name",
+            "k8s.job.name",
+            "k8s.node.name",
+            "k8s.pod.start_time",
+            "k8s.replicaset.name",
+            "k8s.statefulset.name",
+          ]
+        }
+    
+        output {
+          logs = argument.logs_destinations.value
+        }
+      }
+    
+    
+      otelcol.receiver.filelog "deployment_manifests" {
+        include = ["/var/kubernetes-manifests/deployments/*/*.json"]
+        include_file_path_resolved = true
+        start_at = "beginning"
+        delete_after_read = true
+    
+        output {
+          logs = [otelcol.processor.transform.deployment_manifests.input]
+        }
+      }
+    
+      otelcol.processor.transform "deployment_manifests" {
+        error_mode = "ignore"
+    
+        log_statements {
+          context = "log"
+          statements = [
+            `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/deployments/(?P<namespace>[^/]+)/(?P<deployment>[^.]+)\\.json$"), "upsert")`,
+            `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+            `set(resource.attributes["k8s.deployment.name"], attributes["deployment"])`,
+            `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+            `set(resource.attributes["service.namespace"], "default")`,
+          ]
+        }
+    
+        output {
+          logs = argument.logs_destinations.value
+        }
+      }
+    
+    
+      otelcol.receiver.filelog "statefulset_manifests" {
+        include = ["/var/kubernetes-manifests/statefulsets/*/*.json"]
+        include_file_path_resolved = true
+        start_at = "beginning"
+        delete_after_read = true
+    
+        output {
+          logs = [otelcol.processor.transform.statefulset_manifests.input]
+        }
+      }
+    
+      otelcol.processor.transform "statefulset_manifests" {
+        error_mode = "ignore"
+    
+        log_statements {
+          context = "log"
+          statements = [
+            `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/statefulsets/(?P<namespace>[^/]+)/(?P<statefulset>[^.]+)\\.json$"), "upsert")`,
+            `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+            `set(resource.attributes["k8s.statefulset.name"], attributes["statefulset"])`,
+            `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+            `set(resource.attributes["service.namespace"], "default")`,
+          ]
+        }
+    
+        output {
+          logs = argument.logs_destinations.value
+        }
+      }
+    
+    
+      otelcol.receiver.filelog "daemonset_manifests" {
+        include = ["/var/kubernetes-manifests/daemonsets/*/*.json"]
+        include_file_path_resolved = true
+        start_at = "beginning"
+        delete_after_read = true
+    
+        output {
+          logs = [otelcol.processor.transform.daemonset_manifests.input]
+        }
+      }
+    
+      otelcol.processor.transform "daemonset_manifests" {
+        error_mode = "ignore"
+    
+        log_statements {
+          context = "log"
+          statements = [
+            `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/daemonsets/(?P<namespace>[^/]+)/(?P<daemonset>[^.]+)\\.json$"), "upsert")`,
+            `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+            `set(resource.attributes["k8s.daemonset.name"], attributes["daemonset"])`,
+            `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+            `set(resource.attributes["service.namespace"], "default")`,
+          ]
+        }
+    
+        output {
+          logs = argument.logs_destinations.value
+        }
+      }
+    
+    
+      otelcol.receiver.filelog "cronjob_manifests" {
+        include = ["/var/kubernetes-manifests/cronjobs/*/*.json"]
+        include_file_path_resolved = true
+        start_at = "beginning"
+        delete_after_read = true
+    
+        output {
+          logs = [otelcol.processor.transform.cronjob_manifests.input]
+        }
+      }
+    
+      otelcol.processor.transform "cronjob_manifests" {
+        error_mode = "ignore"
+    
+        log_statements {
+          context = "log"
+          statements = [
+            `merge_maps(attributes, ExtractPatterns(log.attributes["log.file.path_resolved"], "^/var/kubernetes-manifests/cronjobs/(?P<namespace>[^/]+)/(?P<cronjob>[^.]+)\\.json$"), "upsert")`,
+            `set(resource.attributes["k8s.namespace.name"], attributes["namespace"])`,
+            `set(resource.attributes["k8s.cronjob.name"], attributes["cronjob"])`,
+            `set(resource.attributes["service.name"], "k8s.grafana.com/manifest-collector")`,
+            `set(resource.attributes["service.namespace"], "default")`,
+          ]
+        }
+    
+        output {
+          logs = argument.logs_destinations.value
+        }
+      }
+    }
+    kubernetes_manifests "feature" {
+      logs_destinations = [
+        otelcol.processor.attributes.gc_otlp_endpoint.input,
+      ]
+    }
     // Self Reporting
     prometheus.exporter.unix "kubernetes_monitoring_telemetry" {
       set_collectors = ["textfile"]
@@ -1200,7 +1396,7 @@ data:
         }
         basic_auth {
           username = convert.nonsensitive(remote.kubernetes.secret.grafana_cloud_metrics.data["PROMETHEUS_USER"])
-          password = remote.kubernetes.secret.grafana_cloud_metrics.data["PROMETHEUS_PASS"]
+          password = remote.kubernetes.secret.grafana_cloud_metrics.data["ACCESS_POLICY_TOKEN"]
         }
         tls_config {
           insecure_skip_verify = false
@@ -1260,7 +1456,7 @@ data:
         tenant_id = convert.nonsensitive(remote.kubernetes.secret.grafana_cloud_logs.data["tenantId"])
         basic_auth {
           username = convert.nonsensitive(remote.kubernetes.secret.grafana_cloud_logs.data["LOKI_USER"])
-          password = remote.kubernetes.secret.grafana_cloud_logs.data["LOKI_PASS"]
+          password = remote.kubernetes.secret.grafana_cloud_logs.data["ACCESS_POLICY_TOKEN"]
         }
         tls_config {
           insecure_skip_verify = false
@@ -1282,6 +1478,205 @@ data:
       name      = "grafana-cloud-credentials"
       namespace = "default"
     }
+    
+    // Destination: gc-otlp-endpoint (otlp)
+    otelcol.receiver.prometheus "gc_otlp_endpoint" {
+      output {
+        metrics = [otelcol.processor.attributes.gc_otlp_endpoint.input]
+      }
+    }
+    otelcol.receiver.loki "gc_otlp_endpoint" {
+      output {
+        logs = [otelcol.processor.attributes.gc_otlp_endpoint.input]
+      }
+    }
+    
+    otelcol.processor.attributes "gc_otlp_endpoint" {
+      output {
+        metrics = [otelcol.processor.transform.gc_otlp_endpoint.input]
+        logs = [otelcol.processor.transform.gc_otlp_endpoint.input]
+        traces = [otelcol.processor.transform.gc_otlp_endpoint.input]
+      }
+    }
+    
+    otelcol.processor.transform "gc_otlp_endpoint" {
+      error_mode = "ignore"
+      metric_statements {
+        context = "resource"
+        statements = [
+          `set(attributes["cluster"], "gke-test")`,
+          `set(attributes["k8s.cluster.name"], "gke-test")`,
+          `delete_key(attributes, "process.pid")`,
+          `delete_key(attributes, "process.parent_pid")`,
+          `delete_key(attributes, "process.executable.path")`,
+          `delete_key(attributes, "process.command_line")`,
+          `delete_key(attributes, "process.command_args")`,
+          `delete_key(attributes, "process.owner")`,
+          `delete_key(attributes, "process.runtime.version")`,
+          `delete_key(attributes, "process.runtime.description")`,
+          `delete_key(attributes, "host.ip")`,
+          `delete_key(attributes, "host.mac")`,
+          `delete_key(attributes, "k8s.pod.start_time")`,
+          `delete_key(attributes, "k8s.pod.uid")`,
+          `delete_key(attributes, "container.image.id")`,
+          `delete_key(attributes, "container.image.repo_digests")`,
+          `delete_key(attributes, "os.description")`,
+          `delete_key(attributes, "os.build_id")`,
+        ]
+      }
+    
+      metric_statements {
+        context = "datapoint"
+        statements = [
+          `set(attributes["cluster"], "gke-test")`,
+          `set(attributes["k8s.cluster.name"], "gke-test")`,
+          `set(resource.attributes["deployment.environment"], attributes["deployment_environment"] ) where resource.attributes["deployment.environment"] == nil and attributes["deployment_environment"] != nil`,
+          `delete_key(attributes, "deployment_environment") where attributes["deployment_environment"] == resource.attributes["deployment.environment"]`,
+          `set(resource.attributes["deployment.environment.name"], attributes["deployment_environment_name"] ) where resource.attributes["deployment.environment.name"] == nil and attributes["deployment_environment_name"] != nil`,
+          `delete_key(attributes, "deployment_environment_name") where attributes["deployment_environment_name"] == resource.attributes["deployment.environment.name"]`,
+          `set(resource.attributes["service.name"], attributes["service_name"] ) where resource.attributes["service.name"] == nil and attributes["service_name"] != nil`,
+          `delete_key(attributes, "service_name") where attributes["service_name"] == resource.attributes["service.name"]`,
+          `set(resource.attributes["service.namespace"], attributes["service_namespace"] ) where resource.attributes["service.namespace"] == nil and attributes["service_namespace"] != nil`,
+          `delete_key(attributes, "service_namespace") where attributes["service_namespace"] == resource.attributes["service.namespace"]`,
+        ]
+      }
+      log_statements {
+        context = "resource"
+        statements = [
+          `set(attributes["cluster"], "gke-test")`,
+          `set(attributes["k8s.cluster.name"], "gke-test")`,
+          `delete_key(attributes, "process.pid")`,
+          `delete_key(attributes, "process.parent_pid")`,
+          `delete_key(attributes, "process.executable.path")`,
+          `delete_key(attributes, "process.command_line")`,
+          `delete_key(attributes, "process.command_args")`,
+          `delete_key(attributes, "process.owner")`,
+          `delete_key(attributes, "process.runtime.version")`,
+          `delete_key(attributes, "process.runtime.description")`,
+          `delete_key(attributes, "host.ip")`,
+          `delete_key(attributes, "host.mac")`,
+          `delete_key(attributes, "k8s.pod.start_time")`,
+          `delete_key(attributes, "k8s.pod.uid")`,
+          `delete_key(attributes, "container.image.id")`,
+          `delete_key(attributes, "container.image.repo_digests")`,
+          `delete_key(attributes, "os.description")`,
+          `delete_key(attributes, "os.build_id")`,
+        ]
+      }
+    
+      log_statements {
+        context = "log"
+        statements = [
+          `delete_key(attributes, "loki.attribute.labels")`,
+          `delete_key(attributes, "loki.resource.labels")`,
+          `set(resource.attributes["k8s.container.name"], attributes["container"] ) where resource.attributes["k8s.container.name"] == nil and attributes["container"] != nil`,
+          `delete_key(attributes, "container") where attributes["container"] == resource.attributes["k8s.container.name"]`,
+          `set(resource.attributes["k8s.cronjob.name"], attributes["cronjob"] ) where resource.attributes["k8s.cronjob.name"] == nil and attributes["cronjob"] != nil`,
+          `delete_key(attributes, "cronjob") where attributes["cronjob"] == resource.attributes["k8s.cronjob.name"]`,
+          `set(resource.attributes["k8s.daemonset.name"], attributes["daemonset"] ) where resource.attributes["k8s.daemonset.name"] == nil and attributes["daemonset"] != nil`,
+          `delete_key(attributes, "daemonset") where attributes["daemonset"] == resource.attributes["k8s.daemonset.name"]`,
+          `set(resource.attributes["k8s.deployment.name"], attributes["deployment"] ) where resource.attributes["k8s.deployment.name"] == nil and attributes["deployment"] != nil`,
+          `delete_key(attributes, "deployment") where attributes["deployment"] == resource.attributes["k8s.deployment.name"]`,
+          `set(resource.attributes["deployment.environment"], attributes["deployment_environment"] ) where resource.attributes["deployment.environment"] == nil and attributes["deployment_environment"] != nil`,
+          `delete_key(attributes, "deployment_environment") where attributes["deployment_environment"] == resource.attributes["deployment.environment"]`,
+          `set(resource.attributes["deployment.environment.name"], attributes["deployment_environment_name"] ) where resource.attributes["deployment.environment.name"] == nil and attributes["deployment_environment_name"] != nil`,
+          `delete_key(attributes, "deployment_environment_name") where attributes["deployment_environment_name"] == resource.attributes["deployment.environment.name"]`,
+          `set(resource.attributes["k8s.job.name"], attributes["job_name"] ) where resource.attributes["k8s.job.name"] == nil and attributes["job_name"] != nil`,
+          `delete_key(attributes, "job_name") where attributes["job_name"] == resource.attributes["k8s.job.name"]`,
+          `set(resource.attributes["k8s.namespace.name"], attributes["namespace"] ) where resource.attributes["k8s.namespace.name"] == nil and attributes["namespace"] != nil`,
+          `delete_key(attributes, "namespace") where attributes["namespace"] == resource.attributes["k8s.namespace.name"]`,
+          `set(resource.attributes["k8s.pod.name"], attributes["pod"] ) where resource.attributes["k8s.pod.name"] == nil and attributes["pod"] != nil`,
+          `delete_key(attributes, "pod") where attributes["pod"] == resource.attributes["k8s.pod.name"]`,
+          `set(resource.attributes["k8s.replicaset.name"], attributes["replicaset"] ) where resource.attributes["k8s.replicaset.name"] == nil and attributes["replicaset"] != nil`,
+          `delete_key(attributes, "replicaset") where attributes["replicaset"] == resource.attributes["k8s.replicaset.name"]`,
+          `set(resource.attributes["service.name"], attributes["service_name"] ) where resource.attributes["service.name"] == nil and attributes["service_name"] != nil`,
+          `delete_key(attributes, "service_name") where attributes["service_name"] == resource.attributes["service.name"]`,
+          `set(resource.attributes["service.namespace"], attributes["service_namespace"] ) where resource.attributes["service.namespace"] == nil and attributes["service_namespace"] != nil`,
+          `delete_key(attributes, "service_namespace") where attributes["service_namespace"] == resource.attributes["service.namespace"]`,
+          `set(resource.attributes["k8s.statefulset.name"], attributes["statefulset"] ) where resource.attributes["k8s.statefulset.name"] == nil and attributes["statefulset"] != nil`,
+          `delete_key(attributes, "statefulset") where attributes["statefulset"] == resource.attributes["k8s.statefulset.name"]`,
+        ]
+      }
+    
+      trace_statements {
+        context = "resource"
+        statements = [
+          `set(attributes["cluster"], "gke-test")`,
+          `set(attributes["k8s.cluster.name"], "gke-test")`,
+          `delete_key(attributes, "process.pid")`,
+          `delete_key(attributes, "process.parent_pid")`,
+          `delete_key(attributes, "process.executable.path")`,
+          `delete_key(attributes, "process.command_line")`,
+          `delete_key(attributes, "process.command_args")`,
+          `delete_key(attributes, "process.owner")`,
+          `delete_key(attributes, "process.runtime.version")`,
+          `delete_key(attributes, "process.runtime.description")`,
+          `delete_key(attributes, "host.ip")`,
+          `delete_key(attributes, "host.mac")`,
+          `delete_key(attributes, "k8s.pod.start_time")`,
+          `delete_key(attributes, "k8s.pod.uid")`,
+          `delete_key(attributes, "container.image.id")`,
+          `delete_key(attributes, "container.image.repo_digests")`,
+          `delete_key(attributes, "os.description")`,
+          `delete_key(attributes, "os.build_id")`,
+        ]
+      }
+    
+      output {
+        metrics = [otelcol.processor.batch.gc_otlp_endpoint.input]
+        logs = [otelcol.processor.batch.gc_otlp_endpoint.input]
+        traces = [otelcol.processor.batch.gc_otlp_endpoint.input]
+      }
+    }
+    
+    otelcol.processor.batch "gc_otlp_endpoint" {
+      timeout = "2s"
+      send_batch_size = 8192
+      send_batch_max_size = 0
+    
+      output {
+        metrics = [otelcol.exporter.otlphttp.gc_otlp_endpoint.input]
+        logs = [otelcol.exporter.otlphttp.gc_otlp_endpoint.input]
+        traces = [otelcol.exporter.otlphttp.gc_otlp_endpoint.input]
+      }
+    }
+    otelcol.exporter.otlphttp "gc_otlp_endpoint" {
+      client {
+        endpoint = "https://otlp-gateway-prod-us-east-0.grafana.net/otlp"
+        auth = otelcol.auth.basic.gc_otlp_endpoint.handler
+        headers = {
+          "X-Scope-OrgID" = convert.nonsensitive(remote.kubernetes.secret.gc_otlp_endpoint.data["tenantId"]),
+        }
+        tls {
+          insecure = false
+          insecure_skip_verify = false
+          ca_pem = convert.nonsensitive(remote.kubernetes.secret.gc_otlp_endpoint.data["ca"])
+          cert_pem = convert.nonsensitive(remote.kubernetes.secret.gc_otlp_endpoint.data["cert"])
+          key_pem = remote.kubernetes.secret.gc_otlp_endpoint.data["key"]
+        }
+      }
+    
+      retry_on_failure {
+        enabled = true
+        initial_interval = "5s"
+        max_interval = "30s"
+        max_elapsed_time = "5m"
+      }
+    
+      sending_queue {
+        enabled = true
+      }
+    }
+    
+    otelcol.auth.basic "gc_otlp_endpoint" {
+      username = convert.nonsensitive(remote.kubernetes.secret.gc_otlp_endpoint.data["OTLP_USER"])
+      password = remote.kubernetes.secret.gc_otlp_endpoint.data["ACCESS_POLICY_TOKEN"]
+    }
+    
+    remote.kubernetes.secret "gc_otlp_endpoint" {
+      name      = "grafana-cloud-credentials"
+      namespace = "default"
+    }
   self-reporting-metric.prom: |
     # HELP grafana_kubernetes_monitoring_build_info A metric to report the version of the Kubernetes Monitoring Helm chart
     # TYPE grafana_kubernetes_monitoring_build_info gauge
@@ -1290,9 +1685,215 @@ data:
     # TYPE grafana_kubernetes_monitoring_feature_info gauge
     grafana_kubernetes_monitoring_feature_info{deployments="kube-state-metrics,node-exporter,windows-exporter", feature="clusterMetrics", sources="kubelet,kubeletResource,cadvisor,kube-state-metrics,node-exporter,windows-exporter", version="1.0.0"} 1
     grafana_kubernetes_monitoring_feature_info{feature="clusterEvents", version="1.0.0"} 1
+    grafana_kubernetes_monitoring_feature_info{feature="kubernetesManifests", version="1.0.0"} 1
     grafana_kubernetes_monitoring_feature_info{feature="podLogs", method="volumes", version="1.0.0"} 1
     grafana_kubernetes_monitoring_feature_info{feature="integrations", sources="alloy", version="1.0.0"} 1
     # EOF
+    
+  collect-manifests.sh: |
+    #!/bin/bash
+    set -o pipefail
+    
+    script_name="${0##*/}"
+    if [[ "${script_name}" == "bash" || "${script_name}" == "-bash" ]]; then
+      script_name="script.sh"
+    fi
+    
+    DefaultWatchTimeout=30s
+    ManifestRequestThrottling=0.1s
+    WatchRestartDelay=5
+    
+    usage() {
+      echo "Usage: ${script_name} [OPTIONS]"
+      echo ""
+      echo "Collects Kubernetes manifests and saves them as files."
+      echo ""
+      echo "Resource manifests are stored at \${MANIFEST_DIR}/<kind>/<namespace>/<name>.json"
+      echo ""
+      echo "Requires the MANIFEST_DIR environment variable to be set to the target directory."
+      echo ""
+      echo "Options:"
+      echo "  -k, --kind <kind>        Kubernetes resource kind passed to \"kubectl get\"."
+      echo "                           Default: pods"
+      echo "  -n, --namespace <name>   Namespace to scan. When omitted, all namespaces"
+      echo "                           are scanned."
+      echo "  -f, --filters <list>     Comma or space separated list of jq selectors to drop"
+      echo "                           from the resource JSON. Default: \".status\""
+      echo "  --watch-timeout <time>   How long to keep a watch open before restarting."
+      echo "                           Default: ${DefaultWatchTimeout}s."
+      echo "  -h, --help               Show this help message."
+    }
+    
+    kind="pods"
+    kindDir="pods"
+    namespace=""
+    filters=(".status")
+    watchTimeout="${DefaultWatchTimeout}"
+    
+    while [[ $# -gt 0 ]]; do
+      case "$1" in
+        -k|--kind)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --kind requires an argument." >&2
+            usage
+            exit 1
+          fi
+          kind="$2"
+          kindDir="${kind,,}"  # Forces lowercase
+          kindDir="${kindDir//[^a-z0-9._-]/_}"  # Replace special characters with _
+          shift 2
+          ;;
+        -n|--namespace)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --namespace requires an argument." >&2
+            usage
+            exit 1
+          fi
+          namespace="$2"
+          shift 2
+          ;;
+        -f|--filters)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --filters requires an argument." >&2
+            usage
+            exit 1
+          fi
+    
+          filters=()
+          sanitized="${2//$'\n'/ }"
+          sanitized="${sanitized//,/ }"
+          read -ra parsedFilters <<< "${sanitized}"
+          for filter in "${parsedFilters[@]}"; do
+            [[ -n "${filter}" ]] || continue
+            filters+=("${filter}")
+          done
+          jqFilters="$(build_jq_filter "${filters[@]}")"
+    
+          shift 2
+          ;;
+        --watch-timeout)
+          if [[ $# -lt 2 ]]; then
+            echo "Error: --watch-timeout requires an argument." >&2
+            usage
+            exit 1
+          fi
+          watchTimeout="$2"
+          shift 2
+          ;;
+        -h|--help)
+          usage
+          exit 0
+          ;;
+        *)
+          echo "Unknown option: $1" >&2
+          usage
+          exit 1
+          ;;
+      esac
+    done
+    
+    if [[ -z "${MANIFEST_DIR:-}" ]]; then
+      echo "Error: MANIFEST_DIR environment variable must be set." >&2
+      exit 1
+    fi
+    
+    mkdir -p "${MANIFEST_DIR}"
+    
+    build_jq_filter() {
+      local program="."
+      for filter in "$@"; do
+        [[ -n "${filter}" ]] || continue
+        program+=" | del(${filter})"
+      done
+      printf '%s' "${program}"
+    }
+    
+    jqFilters="$(build_jq_filter "${filters[@]}")"
+    
+    collect_manifest() {
+      local namespace="$1"
+      local resourceName="$2"
+    
+      [[ -n "${namespace}" && -n "${resourceName}" ]] || return 0
+    
+      local namespaceDir="${MANIFEST_DIR}/${kindDir}/${namespace}"
+      mkdir -p "${namespaceDir}"
+    
+      local outputFile="${namespaceDir}/${resourceName}.json"
+      local tmpFile="${outputFile}.tmp"
+    
+      if kubectl get "${kind}" --namespace "${namespace}" "${resourceName}" -o json \
+        | jq --compact-output "${jqFilters}" > "${tmpFile}"; then
+        if [[ ! -f "${outputFile}" ]] || ! cmp -s "${tmpFile}" "${outputFile}"; then
+          echo "[INFO] ${kind}: Saving manifest for \"${namespace}/${resourceName}\""
+          mv "${tmpFile}" "${outputFile}"
+        else
+          echo "[DEBUG] ${kind}: No changes to manifest for \"${namespace}/${resourceName}\""
+          rm -f "${tmpFile}"
+        fi
+      else
+        echo "[ERROR] ${kind}: Failed to collect manifest for ${kind} ${namespace}/${resourceName}" >&2
+        rm -f "${tmpFile}"
+      fi
+    }
+    
+    remove_manifest() {
+      local namespace="$1"
+      local resourceName="$2"
+    
+      [[ -n "${namespace}" && -n "${resourceName}" ]] || return
+    
+      local outputFile="${MANIFEST_DIR}/${kindDir}/${namespace}/${resourceName}.json"
+      if [[ -f "${outputFile}" ]]; then
+        rm -f "${outputFile}"
+        echo "[INFO] ${kind}: Removed manifest for \"${namespace}/${resourceName}\""
+      fi
+    }
+    
+    handle_watch_event() {
+      local eventType="$1"
+      local namespace="$2"
+      local resourceName="$3"
+    
+      [[ -n "${eventType}" && -n "${namespace}" && -n "${resourceName}" ]] || return
+    
+      echo "[DEBUG] ${kind}: ${eventType} event for ${namespace}/${resourceName}"
+      case "${eventType}" in
+        ADDED|MODIFIED)
+          collect_manifest "${namespace}" "${resourceName}"
+          ;;
+        DELETED)
+          remove_manifest "${namespace}" "${resourceName}"
+          ;;
+        *)
+          ;;
+      esac
+    }
+    
+    watch_resources() {
+      local kubectlArgs=()
+      if [[ -n "${namespace}" ]]; then
+        kubectlArgs=(--namespace "${namespace}")
+        echo "[INFO] ${kind}: Watching namespace ${namespace}"
+      else
+        kubectlArgs=(--all-namespaces)
+        echo "[INFO] ${kind}: Watching all namespaces"
+      fi
+    
+      while true; do
+        if ! timeout --foreground "${watchTimeout}" kubectl get "${kind}" "${kubectlArgs[@]}" --watch --output-watch-events -o json \
+          | jq --unbuffered -r 'select(.object.metadata.namespace != null and .object.metadata.name != null and .type != null) | "\(.type) \(.object.metadata.namespace) \(.object.metadata.name)"' \
+          | while read -r eventType namespace resourceName; do
+              handle_watch_event "${eventType}" "${namespace}" "${resourceName}"
+              sleep "${ManifestRequestThrottling}"  # Throttle the requests
+            done; then
+          echo "[WARN] ${kind}: Watch ended. Restarting in ${WatchRestartDelay} seconds." >&2
+          sleep "${WatchRestartDelay}"
+        fi
+      done
+    }
+    
+    watch_resources
 ---
 # Source: k8s-monitoring/templates/alloy-config.yaml
 apiVersion: v1
@@ -1529,7 +2130,7 @@ data:
         tenant_id = convert.nonsensitive(remote.kubernetes.secret.grafana_cloud_logs.data["tenantId"])
         basic_auth {
           username = convert.nonsensitive(remote.kubernetes.secret.grafana_cloud_logs.data["LOKI_USER"])
-          password = remote.kubernetes.secret.grafana_cloud_logs.data["LOKI_PASS"]
+          password = remote.kubernetes.secret.grafana_cloud_logs.data["ACCESS_POLICY_TOKEN"]
         }
         tls_config {
           insecure_skip_verify = false
@@ -1854,6 +2455,27 @@ rules:
       - list
       - watch
 ---
+# Source: k8s-monitoring/templates/kubernetes-manifest-rules.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k8smon-alloy-singleton-kubernetes-manifests
+rules:
+  - apiGroups:
+      - ""
+      - apps
+      - batch
+    resources:
+      - pods
+      - deployments
+      - statefulsets
+      - daemonsets
+      - cronjobs
+    verbs:
+      - get
+      - list
+      - watch
+---
 # Source: k8s-monitoring/charts/alloy-operator/templates/rbac/alloy-manager.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -1938,6 +2560,20 @@ subjects:
     name: k8smon-opencost
     namespace: default
 ---
+# Source: k8s-monitoring/templates/kubernetes-manifest-rules.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k8smon-alloy-singleton-kubernetes-manifests
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k8smon-alloy-singleton-kubernetes-manifests
+subjects:
+  - kind: ServiceAccount
+    name: k8smon-alloy-singleton
+    namespace: default
+---
 # Source: k8s-monitoring/charts/alloy-operator/templates/rbac/leader-election.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -2644,7 +3280,7 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: grafana-cloud-credentials
-                  key: PROMETHEUS_PASS
+                  key: ACCESS_POLICY_TOKEN
             - name: RESOLUTION_1D_RETENTION
               value: "15"
             - name: RESOLUTION_1H_RETENTION
@@ -2695,12 +3331,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2735,6 +3373,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2796,9 +3435,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2846,8 +3487,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2888,12 +3641,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2901,7 +3656,10 @@ spec:
     livenessProbe: {}
     mounts:
       dockercontainers: false
-      extra: []
+      extra:
+      - mountPath: /var/kubernetes-manifests
+        name: kubernetes-manifests
+        readOnly: false
       varlog: false
     resources: {}
     securityContext:
@@ -2926,8 +3684,9 @@ spec:
         - ALL
       seccompProfile:
         type: RuntimeDefault
-    stabilityLevel: generally-available
+    stabilityLevel: public-preview
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2988,10 +3747,42 @@ spec:
     dnsPolicy: ClusterFirst
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
-    extraContainers: []
+    extraContainers:
+    - command:
+      - /bin/bash
+      - -c
+      - |
+        set -euo pipefail
+        pids=()
+        bash /etc/alloy/collect-manifests.sh --kind cronjobs --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind daemonsets --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind deployments --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind pods --watch-timeout "1d" &
+        pids+=("$!")
+        bash /etc/alloy/collect-manifests.sh --kind statefulsets --watch-timeout "1d" &
+        pids+=("$!")
+        trap 'for pid in "${pids[@]}"; do kill "${pid}" 2>/dev/null || true; done' EXIT
+        wait -n "${pids[@]}"
+      env:
+      - name: MANIFEST_DIR
+        value: /var/kubernetes-manifests
+      image: ghcr.io/grafana/helm-chart-toolbox-kubectl:0.1.3
+      imagePullPolicy: IfNotPresent
+      name: kubernetes-manifest-collector
+      volumeMounts:
+      - mountPath: /etc/alloy
+        name: config
+      - mountPath: /var/kubernetes-manifests
+        name: kubernetes-manifests
+        readOnly: false
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3011,7 +3802,10 @@ spec:
     updateStrategy: {}
     volumeClaimTemplates: []
     volumes:
-      extra: []
+      extra:
+      - emptyDir:
+          medium: Memory
+        name: kubernetes-manifests
   crds:
     create: false
   extraObjects: []
@@ -3039,8 +3833,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3081,12 +3987,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3121,6 +4029,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3182,9 +4091,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3234,8 +4145,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/gke/Makefile b/charts/k8s-monitoring/tests/platform/gke/Makefile
index be81d263da..ab9b7d7894 100644
--- a/charts/k8s-monitoring/tests/platform/gke/Makefile
+++ b/charts/k8s-monitoring/tests/platform/gke/Makefile
@@ -10,9 +10,9 @@ grafana-cloud-credentials.yaml:
 	echo "# yamllint disable rule:line-length" >> $@
 	kubectl create secret generic grafana-cloud-credentials \
 		--from-literal=PROMETHEUS_USER="$$GRAFANA_CLOUD_METRICS_USERNAME" \
-		--from-literal=PROMETHEUS_PASS="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
 		--from-literal=LOKI_USER="$$GRAFANA_CLOUD_LOGS_USERNAME" \
-		--from-literal=LOKI_PASS="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
+		--from-literal=OTLP_USER="$$GRAFANA_CLOUD_OTLP_USERNAME" \
+		--from-literal=ACCESS_POLICY_TOKEN="$$GRAFANA_CLOUD_RW_POLICY_TOKEN" \
 		-o yaml --dry-run=client >> $@
 	echo "---" >> $@
 	echo "# yamllint disable rule:line-length" >> $@
diff --git a/charts/k8s-monitoring/tests/platform/gke/values.yaml b/charts/k8s-monitoring/tests/platform/gke/values.yaml
index 3683925f90..2d8b082271 100644
--- a/charts/k8s-monitoring/tests/platform/gke/values.yaml
+++ b/charts/k8s-monitoring/tests/platform/gke/values.yaml
@@ -9,7 +9,7 @@ destinations:
     auth:
       type: basic
       usernameKey: PROMETHEUS_USER
-      passwordKey: PROMETHEUS_PASS
+      passwordKey: ACCESS_POLICY_TOKEN
     secret:
       create: false
       name: grafana-cloud-credentials
@@ -20,7 +20,19 @@ destinations:
     auth:
       type: basic
       usernameKey: LOKI_USER
-      passwordKey: LOKI_PASS
+      passwordKey: ACCESS_POLICY_TOKEN
+    secret:
+      create: false
+      name: grafana-cloud-credentials
+      namespace: default
+  - name: gc-otlp-endpoint
+    type: otlp
+    url: https://otlp-gateway-prod-us-east-0.grafana.net/otlp
+    protocol: http
+    auth:
+      type: basic
+      usernameKey: OTLP_USER
+      passwordKey: ACCESS_POLICY_TOKEN
     secret:
       create: false
       name: grafana-cloud-credentials
@@ -39,7 +51,7 @@ clusterMetrics:
           url: https://prometheus-prod-13-prod-us-east-0.grafana.net/api/prom
         existingSecretName: grafana-cloud-credentials
         username_key: PROMETHEUS_USER
-        password_key: PROMETHEUS_PASS
+        password_key: ACCESS_POLICY_TOKEN
 
 clusterEvents:
   enabled: true
@@ -47,6 +59,20 @@ clusterEvents:
 podLogs:
   enabled: true
 
+kubernetesManifests:
+  enabled: true
+  kinds:
+    pods:
+      gather: true
+    deployments:
+      gather: true
+    statefulsets:
+      gather: true
+    daemonsets:
+      gather: true
+    cronjobs:
+      gather: true
+
 integrations:
   alloy:
     instances:
@@ -58,5 +84,7 @@ alloy-metrics:
   enabled: true
 alloy-singleton:
   enabled: true
+  alloy:
+    stabilityLevel: public-preview
 alloy-logs:
   enabled: true
diff --git a/charts/k8s-monitoring/tests/platform/gpu/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/gpu/.rendered/output.yaml
index 7f60768027..8bef45585f 100644
--- a/charts/k8s-monitoring/tests/platform/gpu/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/gpu/.rendered/output.yaml
@@ -1815,12 +1815,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1855,6 +1857,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1916,9 +1919,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1966,8 +1971,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/grafana-cloud/app-observability/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/grafana-cloud/app-observability/.rendered/output.yaml
index 62af1d88c3..b688d3e7fe 100644
--- a/charts/k8s-monitoring/tests/platform/grafana-cloud/app-observability/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/grafana-cloud/app-observability/.rendered/output.yaml
@@ -1127,12 +1127,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1167,6 +1169,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1228,9 +1231,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1280,8 +1285,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1322,6 +1439,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -1336,6 +1454,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1370,6 +1489,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1431,9 +1551,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1481,8 +1603,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/grafana-cloud/database-observability/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/grafana-cloud/database-observability/.rendered/output.yaml
index e773524af9..7076001203 100644
--- a/charts/k8s-monitoring/tests/platform/grafana-cloud/database-observability/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/grafana-cloud/database-observability/.rendered/output.yaml
@@ -810,12 +810,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -850,6 +852,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: experimental
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -911,9 +914,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -961,8 +966,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/grafana-cloud/k8s-monitoring/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/grafana-cloud/k8s-monitoring/.rendered/output.yaml
index 306a06fcc8..4a23d0d6fd 100644
--- a/charts/k8s-monitoring/tests/platform/grafana-cloud/k8s-monitoring/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/grafana-cloud/k8s-monitoring/.rendered/output.yaml
@@ -3634,12 +3634,14 @@ spec:
       create: true
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3674,6 +3676,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3735,9 +3738,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3788,8 +3793,120 @@ spec:
     tls: []
   nameOverride: null
   namespaceOverride: null
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -3830,12 +3947,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -3870,6 +3989,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -3931,9 +4051,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -3982,8 +4104,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4024,12 +4258,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4064,6 +4300,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4125,9 +4362,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4176,8 +4415,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4218,12 +4569,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4258,6 +4611,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4319,9 +4673,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4372,8 +4728,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -4414,6 +4882,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -4424,6 +4893,7 @@ spec:
       protocol: TCP
       targetPort: 4317
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -4458,6 +4928,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -4519,9 +4990,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -4570,8 +5043,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-receiver
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/openshift/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/openshift/.rendered/output.yaml
index fba19a90e8..98604a154c 100644
--- a/charts/k8s-monitoring/tests/platform/openshift/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/openshift/.rendered/output.yaml
@@ -2207,12 +2207,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2249,6 +2251,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /var/lib/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2310,9 +2313,11 @@ spec:
     enableStatefulSetAutoDeletePVC: true
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2369,8 +2374,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2411,12 +2528,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2451,6 +2570,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2512,9 +2632,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2562,8 +2684,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -2604,12 +2838,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2644,6 +2880,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2705,9 +2942,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2759,8 +2998,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/otlp-gateway/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/otlp-gateway/.rendered/output.yaml
index c4a961b06d..b99500f70f 100644
--- a/charts/k8s-monitoring/tests/platform/otlp-gateway/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/otlp-gateway/.rendered/output.yaml
@@ -1604,12 +1604,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1644,6 +1646,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1705,9 +1708,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1755,8 +1760,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1797,12 +1914,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -1837,6 +1956,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -1898,9 +2018,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -1948,8 +2070,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-singleton
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -1990,12 +2224,14 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
     extraEnv: []
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -2030,6 +2266,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -2091,9 +2328,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -2143,8 +2382,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/tests/platform/remote-config/.rendered/output.yaml b/charts/k8s-monitoring/tests/platform/remote-config/.rendered/output.yaml
index a7a5b7f961..5de21c3a38 100644
--- a/charts/k8s-monitoring/tests/platform/remote-config/.rendered/output.yaml
+++ b/charts/k8s-monitoring/tests/platform/remote-config/.rendered/output.yaml
@@ -381,6 +381,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -407,6 +408,7 @@ spec:
       value: k8smon-$(CLUSTER_NAME)-$(NAMESPACE)-$(POD_NAME)
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -441,6 +443,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -502,9 +505,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -552,8 +557,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-metrics
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
@@ -594,6 +711,7 @@ spec:
       create: false
       key: null
       name: null
+    enableHttpServerPort: true
     enableReporting: true
     envFrom: []
     extraArgs: []
@@ -620,6 +738,7 @@ spec:
       value: k8smon-$(CLUSTER_NAME)-$(NAMESPACE)-alloy-logs-$(NODE_NAME)
     extraPorts: []
     hostAliases: []
+    initialDelaySeconds: 10
     lifecycle: {}
     listenAddr: 0.0.0.0
     listenPort: 12345
@@ -654,6 +773,7 @@ spec:
         type: RuntimeDefault
     stabilityLevel: generally-available
     storagePath: /tmp/alloy
+    timeoutSeconds: 1
     uiPathPrefix: /
   configReloader:
     customArgs: []
@@ -715,9 +835,11 @@ spec:
     enableStatefulSetAutoDeletePVC: false
     extraAnnotations: {}
     extraContainers: []
+    extraLabels: {}
     hostNetwork: false
     hostPID: false
     initContainers: []
+    minReadySeconds: 10
     nodeSelector:
       kubernetes.io/os: linux
     parallelRollout: true
@@ -767,8 +889,120 @@ spec:
     pathType: Prefix
     tls: []
   nameOverride: alloy-logs
+  networkPolicy:
+    egress:
+    - {}
+    enabled: false
+    flavor: kubernetes
+    ingress:
+    - {}
+    policyTypes:
+    - Ingress
+    - Egress
   rbac:
+    clusterRules:
+    - apiGroups:
+      - ""
+      resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      verbs:
+      - get
+      - list
+      - watch
+    - nonResourceURLs:
+      - /metrics
+      verbs:
+      - get
     create: true
+    namespaces: []
+    rules:
+    - apiGroups:
+      - ""
+      - discovery.k8s.io
+      - networking.k8s.io
+      resources:
+      - endpoints
+      - endpointslices
+      - ingresses
+      - pods
+      - services
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - pods/log
+      - namespaces
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.grafana.com
+      resources:
+      - podlogs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - prometheusrules
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - alertmanagerconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - monitoring.coreos.com
+      resources:
+      - podmonitors
+      - servicemonitors
+      - probes
+      - scrapeconfigs
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - ""
+      resources:
+      - configmaps
+      - secrets
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - apps
+      - extensions
+      resources:
+      - replicasets
+      verbs:
+      - get
+      - list
+      - watch
   service:
     annotations: {}
     clusterIP: ""
diff --git a/charts/k8s-monitoring/values.schema.json b/charts/k8s-monitoring/values.schema.json
index 1c16ac6320..484dd5963e 100644
--- a/charts/k8s-monitoring/values.schema.json
+++ b/charts/k8s-monitoring/values.schema.json
@@ -281,6 +281,20 @@
                 }
             }
         },
+        "kubernetesManifests": {
+            "type": "object",
+            "properties": {
+                "collector": {
+                    "type": "string"
+                },
+                "destinations": {
+                    "type": "array"
+                },
+                "enabled": {
+                    "type": "boolean"
+                }
+            }
+        },
         "nodeLogs": {
             "type": "object",
             "properties": {
diff --git a/charts/k8s-monitoring/values.yaml b/charts/k8s-monitoring/values.yaml
index 7dffc01c3b..64a10e4675 100644
--- a/charts/k8s-monitoring/values.yaml
+++ b/charts/k8s-monitoring/values.yaml
@@ -165,6 +165,21 @@ podLogsViaKubernetesApi:
 
   # To see additional options, please see the [Pod Logs via Kubernetes API feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-pod-logs-via-kubernetes-api).
 
+# TODO: Feature intro
+kubernetesManifests:
+  # -- Enable gathering Kubernetes Manifests.
+  # @section -- Features - Kubernetes Manifests
+  enabled: false
+
+  # -- The destinations where logs will be sent. If empty, all logs-capable destinations will be used.
+  # @section -- Features - Kubernetes Manifests
+  destinations: []
+
+  # -- Which collector to assign this feature to. Do not change this unless you are sure of what you are doing.
+  # @section -- Features - Kubernetes Manifests
+  # @ignored
+  collector: alloy-singleton
+
 # -- Application Observability.
 # Requires destinations that supports metrics, logs, and traces.
 # To see the valid options, please see the [Application Observability feature documentation](https://github.com/grafana/k8s-monitoring-helm/tree/main/charts/k8s-monitoring/charts/feature-application-observability).