From 6525d3f4ee9c9a711d35b1a3e7aba348a3440d0a Mon Sep 17 00:00:00 2001 From: Teddy Andrieux Date: Fri, 6 May 2022 14:54:21 +0200 Subject: [PATCH] charts,salt,build: Bump kube-prometheus-stack chart to 35.0.3 Bump the kube-prometheus-stack chart to 35.0.3 and also bump images: - alertmanager to v0.24.0 - grafana to 8.4.7-ubuntu - k8s-sidecar to 1.15.6 - kube-state-metrics to v2.4.1 - prometheus to v2.35.0 - prometheus-config-reloader to v0.56.0 - prometheus-operator to v0.56.0 - thanos to v0.25.2 Upgrade the kube-prometheus-stack chart using: ``` rm -rf charts/kube-prometheus-stack helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update helm fetch -d charts --untar prometheus-community/kube-prometheus-stack ``` Re-render prometheus-operator salt state using: ``` ./charts/render.py prometheus-operator \ charts/kube-prometheus-stack.yaml \ charts/kube-prometheus-stack/ \ --namespace metalk8s-monitoring \ --service-config grafana \ metalk8s-grafana-config \ metalk8s/addons/prometheus-operator/config/grafana.yaml.j2 \ metalk8s-monitoring \ --service-config prometheus \ metalk8s-prometheus-config \ metalk8s/addons/prometheus-operator/config/prometheus.yaml \ metalk8s-monitoring \ --service-config alertmanager \ metalk8s-alertmanager-config \ metalk8s/addons/prometheus-operator/config/alertmanager.yaml \ metalk8s-monitoring \ --drop-prometheus-rules charts/drop-prometheus-rules.yaml \ --patch 'PrometheusRule,metalk8s-monitoring,prometheus-operator-kubernetes-system-kubelet,spec:groups:0:rules:1:for,"5m"' \ --remove-manifest ConfigMap prometheus-operator-grafana \ > salt/metalk8s/addons/prometheus-operator/deployed/chart.sls ``` We also bump the thanos image in thanos chart and re-render the chart with the following command: ``` ./charts/render.py thanos charts/thanos.yaml \ charts/thanos/ --namespace metalk8s-monitoring \ > salt/metalk8s/addons/prometheus-operator/deployed/thanos-chart.sls ``` Extract again all Prometheus rules using: ``` ./tools/rule_extractor/rule_extractor.py \ -i -p 8443 -t rules ``` --- CHANGELOG.md | 19 +- buildchain/buildchain/versions.py | 32 +- charts/kube-prometheus-stack.yaml | 2 +- charts/kube-prometheus-stack/Chart.lock | 10 +- charts/kube-prometheus-stack/Chart.yaml | 10 +- charts/kube-prometheus-stack/README.md | 66 +- .../charts/grafana/Chart.yaml | 4 +- .../charts/grafana/README.md | 10 +- .../charts/grafana/templates/_pod.tpl | 140 +- .../charts/grafana/templates/secret.yaml | 4 +- .../grafana/templates/servicemonitor.yaml | 12 +- .../charts/grafana/templates/tests/test.yaml | 1 + .../charts/grafana/values.yaml | 77 +- .../charts/kube-state-metrics/Chart.yaml | 4 +- .../templates/deployment.yaml | 3 + .../kube-state-metrics/templates/service.yaml | 3 + .../charts/kube-state-metrics/values.yaml | 7 +- .../prometheus-node-exporter/Chart.yaml | 4 +- .../charts/prometheus-node-exporter/README.md | 16 + .../templates/daemonset.yaml | 20 +- .../prometheus-node-exporter/values.yaml | 20 +- .../crds/crd-alertmanagerconfigs.yaml | 875 ++++- .../crds/crd-alertmanagers.yaml | 107 +- .../crds/crd-podmonitors.yaml | 34 +- .../crds/crd-probes.yaml | 56 +- .../crds/crd-prometheuses.yaml | 319 +- .../crds/crd-prometheusrules.yaml | 7 +- .../crds/crd-servicemonitors.yaml | 38 +- .../crds/crd-thanosrulers.yaml | 121 +- .../templates/_helpers.tpl | 2 +- .../templates/alertmanager/alertmanager.yaml | 4 + .../grafana/configmaps-datasources.yaml | 2 + .../grafana/dashboards-1.14/apiserver.yaml | 4 +- .../k8s-resources-cluster.yaml | 20 +- .../k8s-resources-namespace.yaml | 18 +- .../dashboards-1.14/k8s-resources-pod.yaml | 26 +- .../grafana/dashboards-1.14/kubelet.yaml | 2 +- .../node-cluster-rsrc-use.yaml | 4 +- .../dashboards-1.14/node-rsrc-use.yaml | 4 +- .../grafana/dashboards-1.14/nodes.yaml | 4 +- .../grafana/dashboards-1.14/statefulset.yaml | 928 ----- .../aggregate-clusterroles.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 1 + .../prometheus-operator/deployment.yaml | 3 +- .../templates/prometheus/_rules.tpl | 2 + .../prometheus/additionalScrapeConfigs.yaml | 4 + .../templates/prometheus/prometheus.yaml | 5 + .../kube-apiserver-availability.rules.yaml | 40 +- .../kube-apiserver-burnrate.rules.yaml | 86 +- .../kube-apiserver-histogram.rules.yaml | 22 +- .../kube-prometheus-node-recording.rules.yaml | 2 +- .../prometheus/rules-1.14/kubelet.rules.yaml | 6 +- .../rules-1.14/kubernetes-apps.yaml | 14 +- .../rules-1.14/kubernetes-storage.yaml | 52 + .../rules-1.14/kubernetes-system-kubelet.yaml | 8 +- .../rules-1.14/kubernetes-system.yaml | 4 +- .../prometheus/rules-1.14/node-exporter.yaml | 4 +- .../prometheus/rules-1.14/node.rules.yaml | 8 +- .../rules-1.14/prometheus-operator.yaml | 2 +- .../prometheus/rules-1.14/prometheus.yaml | 28 + charts/kube-prometheus-stack/values.yaml | 66 +- charts/thanos.yaml | 2 +- .../prometheus-operator/deployed/chart.sls | 3426 ++++++++--------- .../deployed/thanos-chart.sls | 2 +- .../steps/files/grafana_dashboard_uids.json | 1 - tools/rule_extractor/alerting_rules.json | 46 +- tools/rule_extractor/rules.json | 1776 ++++----- 67 files changed, 4515 insertions(+), 4165 deletions(-) delete mode 100644 charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 charts/kube-prometheus-stack/templates/prometheus-operator/aggregate-clusterroles.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index dffa1a125e..d76a960a74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,17 +34,20 @@ (PR[#3690](https://github.com/scality/metalk8s/pull/3690)) - Bump kube-prometheus-stack charts version to - [32.2.0](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-32.2.0) + [35.0.3](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-35.0.3) The following images have also been bumped accordingly: - - k8s-sidecar to [1.15.1](https://github.com/kiwigrid/k8s-sidecar/releases/tag/1.15.1) - - kube-state-metrics to [v2.3.0](https://github.com/kubernetes/kube-state-metrics/releases/tag/v2.3.0) + - alertmanager to [v0.24.0](https://github.com/prometheus/alertmanager/releases/tag/v0.24.0) + - k8s-sidecar to [1.15.6](https://github.com/kiwigrid/k8s-sidecar/releases/tag/1.15.6) + - grafana to [8.4.7-ubuntu](https://github.com/grafana/grafana/releases/tag/v8.4.7) + - kube-state-metrics to [v2.4.1](https://github.com/kubernetes/kube-state-metrics/releases/tag/v2.4.1) - node-exporter to [v1.3.1](https://github.com/prometheus/node_exporter/releases/tag/v1.3.1) - - prometheus to [v2.33.1](https://github.com/prometheus/prometheus/releases/tag/v2.33.1) - - prometheus-config-reloader to [v0.54.0](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.54.0) - - prometheus-operator to [v0.54.0](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.54.0) + - prometheus to [v2.35.0](https://github.com/prometheus/prometheus/releases/tag/v2.35.0) + - prometheus-config-reloader to [v0.56.0](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.56.0) + - prometheus-operator to [v0.56.0](https://github.com/prometheus-operator/prometheus-operator/releases/tag/v0.56.0) + - thanos to [v0.25.2](https://github.com/thanos-io/thanos/releases/tag/v0.25.2) This new version also come with Grafana metrics and a dashboard to - monitor Grafana - (PR[#3701](https://github.com/scality/metalk8s/pull/3701)) + monitor Grafana, the `Statefulsets` dashboard has been removed + (PR[#3759](https://github.com/scality/metalk8s/pull/3759)) - Bump Prometheus Adapter chart version to [3.2.2](https://github.com/prometheus-community/helm-charts/releases/tag/prometheus-adapter-3.2.2) diff --git a/buildchain/buildchain/versions.py b/buildchain/buildchain/versions.py index f3ce51f1b9..34153626d2 100644 --- a/buildchain/buildchain/versions.py +++ b/buildchain/buildchain/versions.py @@ -91,8 +91,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str: # Remote images Image( name="alertmanager", - version="v0.23.0", - digest="sha256:9ab73a421b65b80be072f96a88df756fc5b52a1bc8d983537b8ec5be8b624c5a", + version="v0.24.0", + digest="sha256:088464f949de8065b9da7dfce7302a633d700e9d598e2bebc03310712f083b31", ), Image( name="calico-node", @@ -121,13 +121,13 @@ def _version_prefix(version: str, prefix: str = "v") -> str: ), Image( name="grafana", - version="8.3.4-ubuntu", - digest="sha256:c51dfff572f8f87f374d44e621e7f02e5f963335051cff03a3438872a2036542", + version="8.4.7-ubuntu", + digest="sha256:1409a98424082acb296cdb0c6c5903754d29e0b0a6412b2d5c396dfe7f0aed30", ), Image( name="k8s-sidecar", - version="1.15.1", - digest="sha256:a25886092fa4dae9de14825366a1ded3dcfa170c4335e104b7c11830936339c3", + version="1.15.6", + digest="sha256:1f025ae37b7b20d63bffd179e5e6f972039dd53d9646388c0a8c456229c7bbcb", ), Image( name="kube-apiserver", @@ -151,8 +151,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str: ), Image( name="kube-state-metrics", - version="v2.3.0", - digest="sha256:c9137505edaef138cc23479c73e46e9a3ef7ec6225b64789a03609c973b99030", + version="v2.4.1", + digest="sha256:69a18fa1e0d0c9f972a64e69ca13b65451b8c5e79ae8dccf3a77968be4a301df", ), Image( name="nginx", @@ -191,8 +191,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str: ), Image( name="prometheus", - version="v2.33.1", - digest="sha256:3a75763d209af6ef82aca8fb202a76092a690d25f24d2def7f4eff64e79b7ed9", + version="v2.35.0", + digest="sha256:2acfab1966f0dbecc6afbead13eca7f47062cfe8726bb9db25e39e0c0b88e9c3", ), Image( name="prometheus-adapter", @@ -201,18 +201,18 @@ def _version_prefix(version: str, prefix: str = "v") -> str: ), Image( name="prometheus-config-reloader", - version="v0.54.0", - digest="sha256:90935d5dbd61cf9c7f3061ef3c359f58029af66a378fd1ce3e88052851e4a865", + version="v0.56.0", + digest="sha256:2ca7942fa5a7ac9b2f565ac5b2c1622a6c884019ad82bcc6f07a4454df012d58", ), Image( name="prometheus-operator", - version="v0.54.0", - digest="sha256:be2aef39a2f8b7ad1186ca52070475dd9ac6c23d6cb6b0d11ebe49cfd71f91bc", + version="v0.56.0", + digest="sha256:5a37a4cb8bb60c6bac537146d8cff759f10e0af180f4ddf9867374076f0c8fb7", ), Image( name="thanos", - version="v0.23.1", - digest="sha256:2f7d1ddc7877b076efbc3fa626b5003f7f197efbd777cff0eec2b20c2cd68d20", + version="v0.25.2", + digest="sha256:43bfca02f322e4c719f4a373dd4618685fa806ce6d8094e1e2ff4a6ba4260cc2", ), # Local images Image( diff --git a/charts/kube-prometheus-stack.yaml b/charts/kube-prometheus-stack.yaml index bdff7f3eef..81b0c247f4 100644 --- a/charts/kube-prometheus-stack.yaml +++ b/charts/kube-prometheus-stack.yaml @@ -160,7 +160,7 @@ grafana: image: repository: '__image__(grafana)' - tag: '8.3.4-ubuntu' + tag: '8.4.7-ubuntu' sidecar: image: diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index 7e8f878d73..a301cb453d 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 4.4.3 + version: 4.7.0 - name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 2.5.0 + version: 3.1.1 - name: grafana repository: https://grafana.github.io/helm-charts - version: 6.21.2 -digest: sha256:a269c9b0db3d51919159cc5f001b6bd77ab0c0a518b5082d95bd62dd1e9ffb1e -generated: "2022-02-07T13:03:04.53094609+01:00" + version: 6.26.5 +digest: sha256:0e6ea942dc95be70ac849f7a4f0e967de774bd5d2fba2676e26446ecd234f838 +generated: "2022-04-22T15:58:03.872863215+02:00" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index e8a864fc8f..93a869bf9a 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -6,20 +6,20 @@ annotations: url: https://github.com/prometheus-operator/kube-prometheus artifacthub.io/operator: "true" apiVersion: v2 -appVersion: 0.54.0 +appVersion: 0.56.0 dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 4.4.* + version: 4.7.* - condition: nodeExporter.enabled name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 2.5.* + version: 3.1.* - condition: grafana.enabled name: grafana repository: https://grafana.github.io/helm-charts - version: 6.21.* + version: 6.26.* description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus @@ -52,4 +52,4 @@ sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus type: application -version: 32.2.0 +version: 35.0.3 diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index baf3c4d186..2464ba778a 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -11,20 +11,19 @@ _Note: This chart was formerly named `prometheus-operator` chart, now renamed to - Kubernetes 1.16+ - Helm 3+ -## Get Repo Info +## Get Helm Repository Info ```console helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update ``` -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ +_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ -## Install Chart +## Install Helm Chart ```console -# Helm -$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack ``` _See [configuration](#configuration) below._ @@ -43,11 +42,10 @@ To disable dependencies during installation, see [multiple releases](#multiple-r _See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ -## Uninstall Chart +## Uninstall Helm Chart ```console -# Helm -$ helm uninstall [RELEASE_NAME] +helm uninstall [RELEASE_NAME] ``` This removes all the Kubernetes components associated with the chart and deletes the release. @@ -70,8 +68,7 @@ kubectl delete crd thanosrulers.monitoring.coreos.com ## Upgrading Chart ```console -# Helm -$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack ``` With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. @@ -83,10 +80,50 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. +### From 34.x to 35.x + +This upgraded prometheus-operator to v0.56.0 and prometheus to v2.35.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 33.x to 34.x + +This upgrades to prometheus-operator to v0.55.0 and prometheus to v2.33.5. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 32.x to 33.x + +This upgrades the prometheus-node-exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation. + ### From 31.x to 32.x + This upgrades to prometheus-operator to v0.54.0 and prometheus to v2.33.1. It also changes the default for `grafana.serviceMonitor.enabled` to `true. Run these commands to update the CRDs before applying the upgrade. + ```console kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml @@ -98,7 +135,6 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-oper kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml ``` - ### From 30.x to 31.x This version removes the built-in grafana ServiceMonitor and instead relies on the ServiceMonitor of the sub-chart. @@ -126,7 +162,7 @@ If you are using PodSecurityPolicies you can enable the previous behaviour by se ### From 26.x to 27.x -This version splits Node Exporter recording and altering rules in separate config values. +This version splits prometheus-node-exporter chart recording and altering rules in separate config values. Instead of `defaultRules.rules.node` the 2 new variables `defaultRules.rules.nodeExporterAlerting` and `defaultRules.rules.nodeExporterRecording` are used. Also the following defaultRules.rules has been removed as they had no effect: `kubeApiserverError`, `kubePrometheusNodeAlerting`, `kubernetesAbsent`, `time`. @@ -154,7 +190,7 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-oper ### From 23.x to 24.x -The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. +The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built-in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. For _kube-state-metrics_ the `ServiceMonitor` customisation is now set via `kube-state-metrics.prometheus.monitor` and the `kubeStateMetrics.serviceMonitor.selfMonitor.enabled` value has moved to `kube-state-metrics.selfMonitor.enabled`. @@ -376,7 +412,7 @@ With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. -1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits. +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. 3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations @@ -393,7 +429,7 @@ Because the operator can only run as a single pod, there is potential for this c ## Developing Prometheus Rules and Grafana Dashboards -This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. +This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. ## Further Information diff --git a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml index d2f77793d1..1edddb3d96 100644 --- a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 8.3.4 +appVersion: 8.4.6 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png @@ -19,4 +19,4 @@ name: grafana sources: - https://github.com/grafana/grafana type: application -version: 6.21.2 +version: 6.26.5 diff --git a/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kube-prometheus-stack/charts/grafana/README.md index a32af05a65..97a608a9ce 100644 --- a/charts/kube-prometheus-stack/charts/grafana/README.md +++ b/charts/kube-prometheus-stack/charts/grafana/README.md @@ -114,8 +114,10 @@ This version requires Helm >= 3.1.0. | `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | | `schedulerName` | Alternate scheduler name | `nil` | | `env` | Extra environment variables passed to pods | `{}` | -| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | | `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | +| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | | `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | | `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | @@ -137,8 +139,9 @@ This version requires Helm >= 3.1.0. | `podAnnotations` | Pod annotations | `{}` | | `podLabels` | Pod labels | `{}` | | `podPortName` | Name of the grafana port on the pod | `grafana` | +| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.15.1` | +| `sidecar.image.tag` | Sidecar image tag | `1.15.6` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | @@ -237,6 +240,9 @@ This version requires Helm >= 3.1.0. | `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | | `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | | `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | +| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | +| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` | +| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` | | `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | | `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl index 4d53c175a9..5f35d276c3 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl @@ -16,7 +16,7 @@ hostAliases: {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} -{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources)) }} initContainers: {{- end }} {{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} @@ -77,6 +77,49 @@ initContainers: readOnly: {{ .readOnly }} {{- end }} {{- end }} +{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} + - name: {{ template "grafana.name" . }}-init-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: "LIST" + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end }} {{- if .Values.sidecar.notifiers.enabled }} - name: {{ template "grafana.name" . }}-sc-notifiers {{- if .Values.sidecar.image.sha }} @@ -117,7 +160,7 @@ initContainers: mountPath: "/etc/grafana/provisioning/notifiers" {{- end}} {{- if .Values.extraInitContainers }} -{{ toYaml .Values.extraInitContainers | indent 2 }} +{{ tpl (toYaml .Values.extraInitContainers) . | indent 2 }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: @@ -170,6 +213,14 @@ containers: - name: SCRIPT value: "{{ .Values.sidecar.dashboards.script }}" {{- end }} + {{- if .Values.sidecar.dashboards.watchServerTimeout }} + - name: WATCH_SERVER_TIMEOUT + value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}" + {{- end }} + {{- if .Values.sidecar.dashboards.watchClientTimeout }} + - name: WATCH_CLIENT_TIMEOUT + value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}" + {{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} {{- if .Values.sidecar.securityContext }} @@ -245,6 +296,69 @@ containers: volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.plugins.enabled }} + - name: {{ template "grafana.name" . }}-sc-plugins + {{- if .Values.sidecar.image.sha }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.plugins.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.plugins.label }}" + {{- if .Values.sidecar.plugins.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.plugins.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/plugins" + - name: RESOURCE + value: {{ quote .Values.sidecar.plugins.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.plugins.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.plugins.searchNamespace | join "," }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.plugins.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.plugins.reloadURL }} + - name: REQ_METHOD + value: POST + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: sc-plugins-volume + mountPath: "/etc/grafana/provisioning/plugins" {{- end}} - name: {{ .Chart.Name }} {{- if .Values.image.sha }} @@ -334,6 +448,10 @@ containers: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" {{- end}} +{{- if .Values.sidecar.plugins.enabled }} + - name: sc-plugins-volume + mountPath: "/etc/grafana/provisioning/plugins" +{{- end}} {{- if .Values.sidecar.notifiers.enabled }} - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" @@ -412,13 +530,13 @@ containers: {{- range $key, $value := .Values.envValueFrom }} - name: {{ $key | quote }} valueFrom: -{{ toYaml $value | indent 10 }} +{{ tpl (toYaml $value) $ | indent 10 }} {{- end }} {{- range $key, $value := .Values.env }} - name: "{{ tpl $key $ }}" value: "{{ tpl (print $value) $ }}" {{- end }} - {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) }} + {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }} envFrom: {{- if .Values.envFromSecret }} - secretRef: @@ -430,7 +548,12 @@ containers: {{- end }} {{- range .Values.envFromSecrets }} - secretRef: - name: {{ .name }} + name: {{ tpl .name $ }} + optional: {{ .optional | default false }} + {{- end }} + {{- range .Values.envFromConfigMaps }} + - configMapRef: + name: {{ tpl .name $ }} optional: {{ .optional | default false }} {{- end }} {{- end }} @@ -438,6 +561,9 @@ containers: {{ toYaml .Values.livenessProbe | indent 6 }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 6 }} +{{- if .Values.lifecycleHooks }} + lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }} +{{- end }} resources: {{ toYaml .Values.resources | indent 6 }} {{- with .Values.extraContainers }} @@ -522,6 +648,10 @@ volumes: - name: sc-datasources-volume emptyDir: {} {{- end -}} +{{- if .Values.sidecar.plugins.enabled }} + - name: sc-plugins-volume + emptyDir: {} +{{- end -}} {{- if .Values.sidecar.notifiers.enabled }} - name: sc-notifiers-volume emptyDir: {} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml index 6d06cf584f..c8aa750acb 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} apiVersion: v1 kind: Secret metadata: @@ -12,7 +12,7 @@ metadata: {{- end }} type: Opaque data: - {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} admin-user: {{ .Values.adminUser | b64enc | quote }} {{- if .Values.adminPassword }} admin-password: {{ .Values.adminPassword | b64enc | quote }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml index 23288523f7..a18c6d3369 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml @@ -6,6 +6,8 @@ metadata: name: {{ template "grafana.fullname" . }} {{- if .Values.serviceMonitor.namespace }} namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ template "grafana.namespace" . }} {{- end }} labels: {{- include "grafana.labels" . | nindent 4 }} @@ -14,12 +16,14 @@ metadata: {{- end }} spec: endpoints: - - interval: {{ .Values.serviceMonitor.interval }} - {{- if .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + - port: {{ .Values.service.portName }} + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} {{- end }} honorLabels: true - port: {{ .Values.service.portName }} path: {{ .Values.serviceMonitor.path }} scheme: {{ .Values.serviceMonitor.scheme }} {{- if .Values.serviceMonitor.tlsConfig }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml index cdc86e5f2d..638132e9eb 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml @@ -7,6 +7,7 @@ metadata: {{- include "grafana.labels" . | nindent 4 }} annotations: "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" namespace: {{ template "grafana.namespace" . }} spec: serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} diff --git a/charts/kube-prometheus-stack/charts/grafana/values.yaml b/charts/kube-prometheus-stack/charts/grafana/values.yaml index 77acde31f9..6c34386d93 100644 --- a/charts/kube-prometheus-stack/charts/grafana/values.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/values.yaml @@ -73,7 +73,7 @@ livenessProbe: image: repository: grafana/grafana - tag: 8.3.4 + tag: 8.4.6 sha: "" pullPolicy: IfNotPresent @@ -241,6 +241,9 @@ tolerations: [] ## affinity: {} +## Additional init containers (evaluated as template) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## extraInitContainers: [] ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod @@ -369,8 +372,8 @@ admin: env: {} -## "valueFrom" environment variable references that will be added to deployment pods -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core ## Renders in container spec as: ## env: ## ... @@ -378,6 +381,10 @@ env: {} ## valueFrom: ## envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment ## This can be useful for auth tokens, etc. Value is templated. @@ -389,10 +396,19 @@ envRenderSecret: {} ## The names of secrets in the same kubernetes namespace which contain values to be added to the environment ## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. +## Name is templated. envFromSecrets: [] ## - name: secret-name ## optional: true +## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment +## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. +## Name is templated. +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core +envFromConfigMaps: [] +## - name: configmap-name +## optional: true + # Inject Kubernetes services as environment variables. # See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables enableServiceLinks: true @@ -442,6 +458,12 @@ extraVolumeMounts: [] # readOnly: true # hostPath: /usr/shared/ +## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request +lifecycleHooks: {} + # postStart: + # exec: + # command: [] + ## Pass the plugins you want installed as a list. ## plugins: [] @@ -618,7 +640,7 @@ smtp: sidecar: image: repository: quay.io/kiwigrid/k8s-sidecar - tag: 1.15.1 + tag: 1.15.6 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -656,6 +678,16 @@ sidecar: folderAnnotation: null # Absolute path to shell script to execute after a configmap got reloaded script: null + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # # provider configuration that lets grafana manage the dashboards provider: # name of the provider, should be unique @@ -691,6 +723,29 @@ sidecar: # Endpoint to send request to reload datasources reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any datasources defined at startup time. + initDatasources: false + plugins: + enabled: false + # label that the configmaps with plugins are marked with + label: grafana_plugin + # value of label that the configmaps with plugins are set to + labelValue: null + # If specified, the sidecar will search for plugin config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # Endpoint to send request to reload plugins + reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" + skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any plugins defined at startup time. + initPlugins: false notifiers: enabled: false # label that the configmaps with notifiers are marked with @@ -766,6 +821,20 @@ imageRenderer: # requests: # cpu: 50m # memory: 50Mi + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml index e9e40c7191..2ee1909457 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.3.0 +appVersion: 2.4.1 description: Install kube-state-metrics to generate and expose cluster-level metrics home: https://github.com/kubernetes/kube-state-metrics/ keywords: @@ -18,4 +18,4 @@ name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 4.4.3 +version: 4.7.0 diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml index 5e666c5529..60f5d59b3a 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml @@ -78,6 +78,9 @@ spec: {{- if .Values.namespaces }} - --namespaces={{ tpl (.Values.namespaces | join ",") $ }} {{- end }} + {{- if .Values.namespacesDenylist }} + - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }} + {{- end }} {{- if .Values.autosharding.enabled }} - --pod=$(POD_NAME) - --pod-namespace=$(POD_NAMESPACE) diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml index 853cf469e3..5a2d8eab0e 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml @@ -30,6 +30,9 @@ spec: {{ end }} {{- if .Values.service.loadBalancerIP }} loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.service.clusterIP }} + clusterIP: "{{ .Values.service.clusterIP }}" {{- end }} selector: {{- include "kube-state-metrics.selectorLabels" . | indent 4 }} diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml index aced5cf4f7..89e0da79f9 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml @@ -2,7 +2,7 @@ prometheusScrape: true image: repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics - tag: v2.3.0 + tag: v2.4.1 pullPolicy: IfNotPresent imagePullSecrets: [] @@ -28,6 +28,7 @@ service: type: ClusterIP nodePort: 0 loadBalancerIP: "" + clusterIP: "" annotations: {} ## Additional labels to add to all resources @@ -195,6 +196,10 @@ kubeconfig: # Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. namespaces: "" +# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, +# only namespaces that are excluded in namespaces-denylist will be used. +namespacesDenylist: "" + ## Override the deployment namespace ## namespaceOverride: "" diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml index 2612f8ff9d..432515eb57 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml @@ -10,8 +10,10 @@ maintainers: - email: gianrubio@gmail.com name: gianrubio - name: bismarck +- email: zanhsieh@gmail.com + name: zanhsieh name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 2.5.0 +version: 3.1.1 diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md index 467c3cf44e..59d78e712f 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/README.md @@ -41,6 +41,22 @@ helm upgrade [RELEASE_NAME] [CHART] --install _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ +### From 2.x to 3.x + +Change the following: + +```yaml +hostRootFsMount: true +``` + +to: + +```yaml +hostRootFsMount: + enabled: true + mountPropagation: HostToContainer +``` + ## Configuring See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml index 2ace6c53eb..d5c82623d2 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -41,10 +41,10 @@ spec: args: - --path.procfs=/host/proc - --path.sysfs=/host/sys - {{- if .Values.hostRootFsMount }} + {{- if .Values.hostRootFsMount.enabled }} - --path.rootfs=/host/root {{- end }} - - --web.listen-address=$(HOST_IP):{{ .Values.service.port }} + - --web.listen-address=[$(HOST_IP)]:{{ .Values.service.port }} {{- if .Values.extraArgs }} {{ toYaml .Values.extraArgs | indent 12 }} {{- end }} @@ -61,6 +61,10 @@ spec: apiVersion: v1 fieldPath: status.hostIP {{- end }} + {{- range $key, $value := .Values.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} ports: - name: {{ .Values.service.portName }} containerPort: {{ .Values.service.port }} @@ -82,10 +86,12 @@ spec: - name: sys mountPath: /host/sys readOnly: true - {{- if .Values.hostRootFsMount }} + {{- if .Values.hostRootFsMount.enabled }} - name: root mountPath: /host/root - mountPropagation: HostToContainer + {{- with .Values.hostRootFsMount.mountPropagation }} + mountPropagation: {{ . }} + {{- end }} readOnly: true {{- end }} {{- if .Values.extraHostVolumeMounts }} @@ -128,6 +134,10 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} hostNetwork: {{ .Values.hostNetwork }} hostPID: {{ .Values.hostPID }} {{- if .Values.affinity }} @@ -153,7 +163,7 @@ spec: - name: sys hostPath: path: /sys - {{- if .Values.hostRootFsMount }} + {{- if .Values.hostRootFsMount.enabled }} - name: root hostPath: path: / diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml index adcf6b59bc..2f30374794 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml @@ -7,6 +7,9 @@ image: tag: "" pullPolicy: IfNotPresent +imagePullSecrets: [] +# - name: "image-pull-secret" + service: type: ClusterIP port: 9100 @@ -17,6 +20,11 @@ service: annotations: prometheus.io/scrape: "true" +# Additional environment variables that will be passed to the daemonset +env: {} +## env: +## VARIABLE: value + prometheus: monitor: enabled: false @@ -100,9 +108,15 @@ hostNetwork: true # Share the host process ID namespace hostPID: true -## If true, node-exporter pods mounts host / at /host/root -## -hostRootFsMount: true +# Mount the node's root file system (/) at /host/root in the container +hostRootFsMount: + enabled: true + # Defines how new mounts in existing mounts on the node or in the container + # are propagated to the container or node, respectively. Possible values are + # None, HostToContainer, and Bidirectional. If this field is omitted, then + # None is used. More information on: + # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + mountPropagation: HostToContainer ## Assign a group of affinity scheduling rules ## diff --git a/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml index ba1d603ed2..d508ea8585 100644 --- a/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: alertmanagerconfigs.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: AlertmanagerConfig listKind: AlertmanagerConfigList plural: alertmanagerconfigs + shortNames: + - amcfg singular: alertmanagerconfig scope: Namespaced versions: @@ -447,6 +448,10 @@ spec: description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string apiKey: description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace @@ -493,6 +498,10 @@ spec: - value type: object type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string httpConfig: description: HTTP client configuration. properties: @@ -600,6 +609,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string @@ -926,6 +1032,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string @@ -1274,6 +1477,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string @@ -1700,15 +2000,17 @@ spec: required: - key type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. properties: - ca: - description: Struct containing the CA cert to - use for the targets. + clientId: + description: The secret or configmap containing + the OAuth2 client id properties: configMap: description: ConfigMap containing data to @@ -1753,41 +2055,136 @@ spec: - key type: object type: object - cert: - description: Struct containing the client cert - file for the targets. + clientSecret: + description: The secret containing the OAuth2 + client secret properties: - configMap: - description: ConfigMap containing data to - use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use - for the targets. - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - description: 'Name of the referent. More + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' @@ -1984,6 +2381,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string @@ -2361,6 +2855,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string @@ -2624,6 +3215,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string @@ -2937,6 +3625,103 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyURL: description: Optional proxy URL. type: string diff --git a/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml index d4a8823753..28ff631e24 100644 --- a/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml +++ b/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: alertmanagers.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: Alertmanager listKind: AlertmanagerList plural: alertmanagers + shortNames: + - am singular: alertmanager scope: Namespaced versions: @@ -973,6 +974,20 @@ spec: are ANDed. type: object type: object + alertmanagerConfiguration: + description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the + global Alertmanager configuration. If defined, it takes precedence + over the `configSecret` field. This field may change in future releases.' + properties: + name: + description: The name of the AlertmanagerConfig resource which + is used to generate the global configuration. It must be defined + in the same namespace as the Alertmanager object. The operator + will not enforce a `namespace` label for routes and inhibition + rules. + minLength: 1 + type: string + type: object baseImage: description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' @@ -999,10 +1014,15 @@ spec: type: string type: array configSecret: - description: ConfigSecret is the name of a Kubernetes Secret in the - same namespace as the Alertmanager object, which contains configuration - for this Alertmanager instance. Defaults to 'alertmanager-' - The secret is mounted into /etc/alertmanager/config. + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to 'alertmanager-'. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret. \n If either the secret or the + `alertmanager.yaml` key is missing, the operator provisions an Alertmanager + configuration with one empty receiver (effectively dropping alert + notifications)." type: string containers: description: 'Containers allows injecting additional containers. This @@ -3491,9 +3511,19 @@ spec: type: boolean logFormat: description: Log format for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json type: string logLevel: description: Log level for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error type: string minReadySeconds: description: Minimum number of seconds for which a newly created pod @@ -3896,13 +3926,13 @@ spec: automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef allows - any non-core object, as well as PersistentVolumeClaim + only allows two specific types of objects, DataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Alpha) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -4119,11 +4149,11 @@ spec: and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef preserves + DataSourceRef allows any non-core object, as well as + PersistentVolumeClaim objects. * While DataSource ignores + disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Alpha) Using this field requires the + is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -4453,10 +4483,10 @@ spec: description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but + tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node assignment + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -4908,18 +4938,17 @@ spec: pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity - \ tracking are needed, c) the storage driver is specified - through a storage class, and d) the storage driver supports - dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on the - connection between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that way - see - the documentation of the driver for more information. \n A - pod can use both types of ephemeral volumes and persistent - volumes at the same time." + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to @@ -5007,13 +5036,13 @@ spec: other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as - well as PersistentVolumeClaim objects. * While - DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef + preserves all values, and generates an error if + a disallowed value is specified. (Alpha) Using + this field requires the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource diff --git a/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml index 07ed668cf3..46cf1015b9 100644 --- a/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml +++ b/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: podmonitors.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: PodMonitor listKind: PodMonitorList plural: podmonitors + shortNames: + - pmon singular: podmonitor scope: Namespaced versions: @@ -69,7 +70,7 @@ spec: in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names. + description: List of namespace names to select from. items: type: string type: array @@ -170,6 +171,10 @@ spec: required: - key type: object + followRedirects: + description: FollowRedirects configures whether scrape requests + follow HTTP 3xx redirects. + type: boolean honorLabels: description: HonorLabels chooses the metric's labels on collisions with target labels. @@ -179,7 +184,9 @@ spec: the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: description: MetricRelabelConfigs to apply to samples before @@ -227,6 +234,10 @@ spec: separator and matched against the configured regular expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: @@ -341,8 +352,9 @@ spec: relabelings: description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields and replaces original scrape job - name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + standard Kubernetes fields. The original scrape job''s name + is available via the `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It @@ -386,6 +398,10 @@ spec: separator and matched against the configured regular expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: @@ -399,7 +415,9 @@ spec: description: HTTP scheme to use for scraping. type: string scrapeTimeout: - description: Timeout after which the scrape is ended + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: diff --git a/charts/kube-prometheus-stack/crds/crd-probes.yaml b/charts/kube-prometheus-stack/crds/crd-probes.yaml index 5218ca4439..7fbbd92400 100644 --- a/charts/kube-prometheus-stack/crds/crd-probes.yaml +++ b/charts/kube-prometheus-stack/crds/crd-probes.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: probes.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: Probe listKind: ProbeList plural: probes + shortNames: + - prb singular: probe scope: Namespaced versions: @@ -132,6 +133,7 @@ spec: interval: description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: description: The job name assigned to scraped metrics by default. @@ -197,6 +199,9 @@ spec: and matched against the configured regular expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: @@ -319,6 +324,8 @@ spec: type: integer scrapeTimeout: description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: description: TargetLimit defines a limit on the number of scraped @@ -326,29 +333,34 @@ spec: format: int64 type: integer targets: - description: Targets defines a set of static and/or dynamically discovered - targets to be probed using the prober. + description: Targets defines a set of static or dynamically discovered + targets to probe. properties: ingress: - description: Ingress defines the set of dynamically discovered - ingress objects which hosts are considered for probing. + description: ingress defines the Ingress objects to probe and + the relabeling configuration. If `staticConfig` is also defined, + `staticConfig` takes precedence. properties: namespaceSelector: - description: Select Ingress objects by namespace. + description: From which namespaces to select Ingress objects. properties: any: description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names. + description: List of namespace names to select from. items: type: string type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to samples before ingestion. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to the label set of + the target before it gets scraped. The original ingress + address is available via the `__tmp_prometheus_ingress_address` + label. It can be used to customize the probed URL. The original + scrape job''s name is available via the `__tmp_prometheus_job_name` + label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. @@ -392,6 +404,10 @@ spec: separator and matched against the configured regular expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: @@ -402,7 +418,7 @@ spec: type: object type: array selector: - description: Select Ingress objects by labels. + description: Selector to select the Ingress objects. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -448,8 +464,9 @@ spec: type: object type: object staticConfig: - description: 'StaticConfig defines static targets which are considers - for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + description: 'staticConfig defines the static list of targets + to probe and the relabeling configuration. If `ingress` is also + defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: @@ -458,8 +475,8 @@ spec: targets. type: object relabelingConfigs: - description: 'RelabelConfigs to apply to samples before ingestion. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to the label set of + the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. @@ -503,6 +520,10 @@ spec: separator and matched against the configured regular expression for the replace, keep, and drop actions. items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: @@ -513,8 +534,7 @@ spec: type: object type: array static: - description: Targets is a list of URLs to probe using the - configured prober. + description: The list of hosts to probe. items: type: string type: array diff --git a/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml index ce8fe989fb..77fd844663 100644 --- a/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml +++ b/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: prometheuses.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: Prometheus listKind: PrometheusList plural: prometheuses + shortNames: + - prom singular: prometheus scope: Namespaced versions: @@ -2663,6 +2664,16 @@ spec: items: type: string type: array + enableRemoteWriteReceiver: + description: 'Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. Defaults to the value of `false`. WARNING: + This is not considered an efficient way of ingesting samples. Use + it with caution for specific low-volume use cases. It is not suitable + for replacing the ingestion via scraping and turning Prometheus + into a push-based metrics collection system. For more information + see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + Only valid in Prometheus versions 2.33.0 and newer.' + type: boolean enforcedBodySizeLimit: description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding @@ -2671,6 +2682,7 @@ spec: monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.' + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string enforcedLabelLimit: description: Per-scrape limit on number of labels that will be accepted @@ -2696,11 +2708,11 @@ spec: enforcedNamespaceLabel: description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` - and `ProbeConfig` object) and 2. in all `PrometheusRule` objects - (except the ones excluded in `prometheusRulesExcludedFromEnforce`) - to * alerting & recording rules and * the metrics used in - their expressions (`expr`). \n Label name is this field's value. - Label value is the namespace of the created object (mentioned above)." + and `Probe` objects) and 2. in all `PrometheusRule` objects (except + the ones excluded in `prometheusRulesExcludedFromEnforce`) to * + alerting & recording rules and * the metrics used in their expressions + (`expr`). \n Label name is this field's value. Label value is the + namespace of the created object (mentioned above)." type: string enforcedSampleLimit: description: EnforcedSampleLimit defines global limit on number of @@ -2723,8 +2735,46 @@ spec: format: int64 type: integer evaluationInterval: - description: 'Interval between consecutive evaluations. Default: `1m`' + default: 30s + description: 'Interval between consecutive evaluations. Default: `30s`' + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + excludedFromEnforcement: + description: List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. Applies only if enforcedNamespaceLabel set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + type: string + required: + - namespace + - resource + type: object + type: array externalLabels: additionalProperties: type: string @@ -2738,9 +2788,9 @@ spec: type: string ignoreNamespaceSelectors: description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector - settings from the podmonitor and servicemonitor configs, and they - will only discover endpoints within their current namespace. Defaults - to false. + settings from all PodMonitor, ServiceMonitor and Probe objects. + They will only discover endpoints within their current namespace. + Defaults to false. type: boolean image: description: Image if specified has precedence over baseImage, tag @@ -3995,9 +4045,19 @@ spec: type: boolean logFormat: description: Log format for Prometheus to be configured with. + enum: + - "" + - logfmt + - json type: string logLevel: description: Log level for Prometheus to be configured with. + enum: + - "" + - debug + - info + - warn + - error type: string minReadySeconds: description: Minimum number of seconds for which a newly created pod @@ -4013,13 +4073,15 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object overrideHonorLabels: - description: OverrideHonorLabels if set to true overrides all user - configured honor_labels. If HonorLabels is set in ServiceMonitor - or PodMonitor to true, this overrides honor_labels to false. + description: When true, Prometheus resolves label conflicts by renaming + the labels in the scraped data to "exported_