diff --git a/apps.yaml b/apps.yaml index ca6a2f008d..00694bb3b0 100644 --- a/apps.yaml +++ b/apps.yaml @@ -65,7 +65,7 @@ appsInfo: integration: App Platform uses Gitea as its default repository for App Platform configuration (values). Gitea can also be used by Teams to provide application code repositories. Access to Gitea is provided by the OIDC integration in App Platform. Members of the otomi-admin and team-admin group can seamlessly sign in to Gitea. When Argo CD is enabled, App Platform will automatically create a Gitops repository for each Team in Gitea. grafana: title: Grafana - appVersion: 12.3.3 + appVersion: 12.4.2 repo: https://github.com/grafana/grafana maintainers: Grafana Labs relatedLinks: @@ -185,7 +185,7 @@ appsInfo: integration: Loki can be activated to aggregate all the container logs on the platform and store them in a storage endpoint of choice (defaults to PVC). When App Platform is configured in multi-tenancy mode, logs will be split-up between team namespaces and made available for team members only. App Platform shortcuts can be used to provide selections of logs based on interest. prometheus: title: Prometheus - appVersion: 3.9.1 + appVersion: 3.11.1 repo: https://github.com/prometheus/prometheus maintainers: Prometheus relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 42805013f5..f4780d7e88 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -65,7 +65,7 @@ dependencies: version: v0.16.0 repository: oci://ghcr.io/kserve/charts/kserve - name: kube-prometheus-stack - version: 81.6.9 + version: 83.0.2 repository: https://prometheus-community.github.io/helm-charts - name: kyverno version: 3.7.1 diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index e6c2bb5098..ac9ef42210 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -4,15 +4,15 @@ dependencies: version: 0.0.0 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 7.1.0 + version: 7.2.2 - name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 4.51.1 + version: 4.53.1 - name: grafana repository: https://grafana-community.github.io/helm-charts - version: 11.1.5 + version: 11.3.8 - name: prometheus-windows-exporter repository: https://prometheus-community.github.io/helm-charts - version: 0.12.3 -digest: sha256:8657e6d9c2ec1c535e718f0ffd462e9cc9bc9341cdd7e33258e2fd8494171880 -generated: "2026-02-13T21:59:46.854402405Z" + version: 0.12.6 +digest: sha256:431953a06b87304930d94a3c5f6b504fc9d63ee8c15226a89d2bbdea5d366dbe +generated: "2026-04-07T19:23:16.41738522Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index b59ceb9c47..c8b1a5d042 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -9,7 +9,7 @@ annotations: url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#upgrading-chart artifacthub.io/operator: "true" apiVersion: v2 -appVersion: v0.88.1 +appVersion: v0.90.1 dependencies: - condition: crds.enabled name: crds @@ -18,15 +18,15 @@ dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 7.1.0 + version: 7.2.2 - condition: nodeExporter.enabled name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 4.51.1 + version: 4.53.1 - condition: grafana.enabled name: grafana repository: https://grafana-community.github.io/helm-charts - version: 11.1.5 + version: 11.3.8 - condition: windowsMonitoring.enabled name: prometheus-windows-exporter repository: https://prometheus-community.github.io/helm-charts @@ -69,4 +69,4 @@ sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus type: application -version: 81.6.9 +version: 83.0.2 diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml index 7a23d5db62..ac74578d7b 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagerconfigs.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1022,6 +1022,7 @@ spec: description: |- authIdentity defines the identity to use for SMTP authentication. This is typically used with PLAIN authentication mechanism. + minLength: 1 type: string authPassword: description: |- @@ -1082,11 +1083,21 @@ spec: description: |- authUsername defines the username to use for SMTP authentication. This is used for SMTP AUTH when the server requires authentication. + minLength: 1 type: string + forceImplicitTLS: + description: |- + forceImplicitTLS defines whether to force use of implicit TLS (direct TLS connection) for better security. + true: force use of implicit TLS (direct TLS connection on any port) + false: force disable implicit TLS (use explicit TLS/STARTTLS if required) + nil (default): auto-detect based on port (465=implicit, other=explicit) for backward compatibility + It requires Alertmanager >= v0.31.0. + type: boolean from: description: |- from defines the sender address for email notifications. This appears as the "From" field in the email header. + minLength: 1 type: string headers: description: |- @@ -1116,6 +1127,7 @@ spec: description: |- hello defines the hostname to identify to the SMTP server. This is used in the SMTP HELO/EHLO command during the connection handshake. + minLength: 1 type: string html: description: |- @@ -1135,11 +1147,13 @@ spec: description: |- smarthost defines the SMTP host and port through which emails are sent. Format should be "hostname:port", e.g. "smtp.example.com:587". + minLength: 1 type: string text: description: |- text defines the plain text body of the email notification. This provides a fallback for email clients that don't support HTML. + minLength: 1 type: string tlsConfig: description: |- @@ -1314,6 +1328,7 @@ spec: description: |- to defines the email address to send notifications to. This is the recipient address for alert notifications. + minLength: 1 type: string type: object type: array @@ -2861,6 +2876,7 @@ spec: description: |- actions defines a comma separated list of actions that will be available for the alert. These appear as action buttons in the OpsGenie interface. + minLength: 1 type: string apiKey: description: |- @@ -2899,6 +2915,7 @@ spec: description: |- description defines the detailed description of the incident. This provides additional context beyond the message field. + minLength: 1 type: string details: description: |- @@ -2928,6 +2945,7 @@ spec: description: |- entity defines an optional field that can be used to specify which domain alert is related to. This helps group related alerts together in OpsGenie. + minLength: 1 type: string httpConfig: description: httpConfig defines the HTTP client configuration @@ -3639,16 +3657,19 @@ spec: description: |- message defines the alert text limited to 130 characters. This appears as the main alert title in OpsGenie. + minLength: 1 type: string note: description: |- note defines an additional alert note. This provides supplementary information about the alert. + minLength: 1 type: string priority: description: |- priority defines the priority level of alert. Possible values are P1, P2, P3, P4, and P5, where P1 is highest priority. + minLength: 1 type: string responders: description: |- @@ -3663,11 +3684,13 @@ spec: description: |- id defines the unique identifier of the responder. This corresponds to the responder's ID within OpsGenie. + minLength: 1 type: string name: description: |- name defines the display name of the responder. This is used when the responder is identified by name rather than ID. + minLength: 1 type: string type: description: |- @@ -3686,6 +3709,7 @@ spec: description: |- username defines the username of the responder. This is typically used for user-type responders when identifying by username. + minLength: 1 type: string required: - type @@ -3700,11 +3724,13 @@ spec: description: |- source defines the backlink to the sender of the notification. This helps identify where the alert originated from. + minLength: 1 type: string tags: description: |- tags defines a comma separated list of tags attached to the notifications. These help categorize and filter alerts within OpsGenie. + minLength: 1 type: string updateAlerts: description: |- @@ -6314,6 +6340,8 @@ spec: description: |- token defines the sender token for RocketChat authentication. This is the personal access token or bot token used to authenticate API requests. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -6340,6 +6368,8 @@ spec: description: |- tokenID defines the sender token ID for RocketChat authentication. This is the user ID associated with the token used for API requests. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -7270,6 +7300,13 @@ spec: linkNames enables automatic linking of channel names and usernames in the message. When true, @channel and @username will be converted to clickable links. type: boolean + messageText: + description: |- + messageText defines text content of the Slack message. + If set, this is sent as the top-level 'text' field in the Slack payload. + It requires Alertmanager >= v0.31.0. + minLength: 1 + type: string mrkdwnIn: description: |- mrkdwnIn defines which fields should be parsed as Slack markdown. @@ -8056,11 +8093,13 @@ spec: description: |- message defines the message content of the SNS notification. This is the actual notification text that will be sent to subscribers. + minLength: 1 type: string phoneNumber: description: |- phoneNumber defines the phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN. + minLength: 1 type: string sendResolved: description: sendResolved defines whether or not to notify @@ -8145,16 +8184,19 @@ spec: description: |- subject defines the subject line when the message is delivered to email endpoints. This field is only used when sending to email subscribers of an SNS topic. + minLength: 1 type: string targetARN: description: |- targetARN defines the mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the TopicARN or PhoneNumber. + minLength: 1 type: string topicARN: description: |- topicARN defines the SNS topic ARN, e.g. arn:aws:sns:us-east-2:698519295917:My-Topic. If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. + minLength: 1 type: string type: object type: array @@ -11277,6 +11319,7 @@ spec: description: |- agentID defines the application agent ID within WeChat Work. This identifies which WeChat Work application will send the notifications. + minLength: 1 type: string apiSecret: description: |- @@ -11315,6 +11358,7 @@ spec: description: |- corpID defines the corp id for authentication. This is the unique identifier for your WeChat Work organization. + minLength: 1 type: string httpConfig: description: httpConfig defines the HTTP client configuration @@ -12026,11 +12070,13 @@ spec: description: |- message defines the API request data as defined by the WeChat API. This contains the actual notification content to be sent. + minLength: 1 type: string messageType: description: |- messageType defines the type of message to send. Valid values include "text", "markdown", and other WeChat Work supported message types. + minLength: 1 type: string sendResolved: description: sendResolved defines whether or not to notify @@ -12040,16 +12086,19 @@ spec: description: |- toParty defines the target department(s) to receive the notification. Can be a single department ID or multiple department IDs separated by '|'. + minLength: 1 type: string toTag: description: |- toTag defines the target tag(s) to receive the notification. Can be a single tag ID or multiple tag IDs separated by '|'. + minLength: 1 type: string toUser: description: |- toUser defines the target user(s) to receive the notification. Can be a single user ID or multiple user IDs separated by '|'. + minLength: 1 type: string type: object type: array @@ -12092,14 +12141,17 @@ spec: groupInterval: description: |- groupInterval defines how long to wait before sending an updated notification. - Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Must be greater than 0. Example: "5m" + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string groupWait: description: |- groupWait defines how long to wait before sending the initial notification. - Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "30s" + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string matchers: description: |- @@ -12157,8 +12209,10 @@ spec: repeatInterval: description: |- repeatInterval defines how long to wait before repeating the last notification. - Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Must be greater than 0. Example: "4h" + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string routes: description: routes defines the child routes. diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml index 1af958fc74..790a049897 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-alertmanagers.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -2073,6 +2073,14 @@ spec: LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server. type: string + forceImplicitTLS: + description: |- + forceImplicitTLS defines whether to force use of implicit TLS (direct TLS connection) for better security. + true: force use of implicit TLS (direct TLS connection on any port) + false: force disable implicit TLS (use explicit TLS/STARTTLS if required) + nil (default): auto-detect based on port (465=implicit, other=explicit) for backward compatibility + It requires Alertmanager >= v0.31.0. + type: boolean from: description: from defines the default SMTP From header field. @@ -2890,14 +2898,20 @@ spec: type: string containers: description: |- - containers allows injecting additional containers. This is meant to - allow adding an authentication proxy to an Alertmanager pod. - Containers described here modify an operator generated container if they - share the same name and modifications are done via a strategic merge - patch. The current container names are: `alertmanager` and - `config-reloader`. Overriding containers is entirely outside the scope - of what the maintainers will support and by doing so, you accept that - this behaviour may break at any time without notice. + containers allows injecting additional containers or modifying operator + generated containers. This can be used to allow adding an authentication + proxy to the Pods or to change the behavior of an operator generated + container. Containers described here modify an operator generated + container if they share the same name and modifications are done via a + strategic merge patch. + + The names of containers managed by the operator are: + * `alertmanager` + * `config-reloader` + * `thanos-sidecar` + + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. items: description: A single application container that you want to run within a pod. @@ -3765,7 +3779,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -4520,6 +4536,17 @@ spec: x-kubernetes-list-map-keys: - ip x-kubernetes-list-type: map + hostNetwork: + description: |- + hostNetwork controls whether the pod may use the node network namespace. + + Make sure to understand the security implications if you want to enable + it (https://kubernetes.io/docs/concepts/configuration/overview/). + + When hostNetwork is enabled, this will set the DNS policy to + `ClusterFirstWithHostNet` automatically (unless `.spec.dnsPolicy` is set + to a different value). + type: boolean hostUsers: description: |- hostUsers supports the user space in Kubernetes. @@ -4570,15 +4597,21 @@ spec: type: array initContainers: description: |- - initContainers allows adding initContainers to the pod definition. Those can be used to e.g. - fetch secrets for injection into the Alertmanager configuration from external sources. Any - errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - InitContainers described here modify an operator - generated init containers if they share the same name and modifications are - done via a strategic merge patch. The current init container name is: - `init-config-reloader`. Overriding init containers is entirely outside the - scope of what the maintainers will support and by doing so, you accept that - this behaviour may break at any time without notice. + initContainers allows injecting initContainers to the Pod definition. Those + can be used to e.g. fetch secrets for injection into the Prometheus + configuration from external sources. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done via a + strategic merge patch. + + The names of init container name managed by the operator are: + * `init-config-reloader`. + + Overriding init containers which are managed by the operator require + careful testing, especially when upgrading to a new version of the + operator. items: description: A single application container that you want to run within a pod. @@ -5446,7 +5479,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -6336,6 +6371,11 @@ spec: and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. type: string + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string secrets: description: |- secrets is a list of Secrets in the same namespace as the Alertmanager @@ -6771,7 +6811,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -7026,7 +7066,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -7182,9 +7222,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object x-kubernetes-map-type: granular allocatedResources: @@ -7216,9 +7254,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object capacity: additionalProperties: @@ -7351,9 +7387,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -8245,7 +8282,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -9124,6 +9161,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml index 9407774078..2fdff7db31 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml index 3df86c00cc..cea5598181 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-probes.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml index 4a7ff56382..1a58269d63 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusagents.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1478,9 +1478,8 @@ spec: * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the - maintainers will support and by doing so, you accept that this behaviour - may break at any time without notice. + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. items: description: A single application container that you want to run within a pod. @@ -2348,7 +2347,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -3386,7 +3387,7 @@ spec: initContainers: description: |- initContainers allows injecting initContainers to the Pod definition. Those - can be used to e.g. fetch secrets for injection into the Prometheus + can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ @@ -3397,9 +3398,9 @@ spec: The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the - maintainers will support and by doing so, you accept that this behaviour - may break at any time without notice. + Overriding init containers which are managed by the operator require + careful testing, especially when upgrading to a new version of the + operator. items: description: A single application container that you want to run within a pod. @@ -4267,7 +4268,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -6482,9 +6485,11 @@ spec: type: string type: object url: - description: url defines the URL of the endpoint to send samples - to. - minLength: 1 + description: |- + url defines the URL of the endpoint to send samples to. + + It must use the HTTP or HTTPS scheme. + pattern: ^(http|https)://.+$ type: string writeRelabelConfigs: description: writeRelabelConfigs defines the list of remote @@ -6699,6 +6704,11 @@ spec: If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 type: integer + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string scrapeClasses: description: |- scrapeClasses defines the list of scrape classes to expose to scraping objects such as @@ -7922,7 +7932,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -8177,7 +8187,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -8333,9 +8343,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object x-kubernetes-map-type: granular allocatedResources: @@ -8367,9 +8375,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object capacity: additionalProperties: @@ -8505,9 +8511,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -9665,7 +9672,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -10544,6 +10551,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml index 389e6fb12c..7a6a832d8e 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheuses.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -2229,9 +2229,8 @@ spec: * `config-reloader` * `thanos-sidecar` - Overriding containers is entirely outside the scope of what the - maintainers will support and by doing so, you accept that this behaviour - may break at any time without notice. + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. items: description: A single application container that you want to run within a pod. @@ -3099,7 +3098,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -4179,7 +4180,7 @@ spec: initContainers: description: |- initContainers allows injecting initContainers to the Pod definition. Those - can be used to e.g. fetch secrets for injection into the Prometheus + can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ @@ -4190,9 +4191,9 @@ spec: The names of init container name managed by the operator are: * `init-config-reloader`. - Overriding init containers is entirely outside the scope of what the - maintainers will support and by doing so, you accept that this behaviour - may break at any time without notice. + Overriding init containers which are managed by the operator require + careful testing, especially when upgrading to a new version of the + operator. items: description: A single application container that you want to run within a pod. @@ -5060,7 +5061,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -8072,9 +8075,11 @@ spec: type: string type: object url: - description: url defines the URL of the endpoint to send samples - to. - minLength: 1 + description: |- + url defines the URL of the endpoint to send samples to. + + It must use the HTTP or HTTPS scheme. + pattern: ^(http|https)://.+$ type: string writeRelabelConfigs: description: writeRelabelConfigs defines the list of remote @@ -8434,6 +8439,11 @@ spec: If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit. format: int64 type: integer + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string scrapeClasses: description: |- scrapeClasses defines the list of scrape classes to expose to scraping objects such as @@ -9695,7 +9705,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -9950,7 +9960,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -10106,9 +10116,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object x-kubernetes-map-type: granular allocatedResources: @@ -10140,9 +10148,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object capacity: additionalProperties: @@ -10326,7 +10332,7 @@ spec: description: |- grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI. - Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported. + Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. properties: ca: description: ca defines the Certificate authority used when @@ -10802,9 +10808,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -11962,7 +11969,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -12841,6 +12848,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml index 31654a3ca7..57e00c3770 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-prometheusrules.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml index 9c706776e6..3a4ee801f2 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-scrapeconfigs.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -883,6 +883,15 @@ spec: type: object x-kubernetes-map-type: atomic type: object + bodySizeLimit: + description: |- + bodySizeLimit defines a per-scrape limit on the size of the uncompressed + response body that will be accepted by Prometheus. Targets responding with + a body larger than this many bytes will cause the scrape to fail. + + It requires Prometheus >= v2.28.0. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string consulSDConfigs: description: consulSDConfigs defines a list of Consul service discovery configurations. @@ -1676,7 +1685,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -2116,7 +2125,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the DigitalOcean API. properties: ca: description: ca defines the Certificate authority used when @@ -2345,7 +2354,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Docker daemon. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -2451,6 +2460,7 @@ spec: properties: name: description: name of the Filter. + minLength: 1 type: string values: description: values defines values to filter on. @@ -2473,8 +2483,9 @@ spec: HTTP 3xx redirects. type: boolean host: - description: host defines the address of the docker daemon + description: host defines the address of the docker daemon. minLength: 1 + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ type: string hostNetworkingHost: description: hostNetworkingHost defines the host to use if the @@ -2883,7 +2894,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Docker daemon. properties: ca: description: ca defines the Certificate authority used when @@ -3063,7 +3074,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Docker Swarm API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -3174,6 +3185,7 @@ spec: properties: name: description: name of the Filter. + minLength: 1 type: string values: description: values defines values to filter on. @@ -3605,7 +3617,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Docker Swarm daemon. properties: ca: description: ca defines the Certificate authority used when @@ -3831,6 +3843,7 @@ spec: properties: name: description: name of the Filter. + minLength: 1 type: string values: description: values defines values to filter on. @@ -3954,7 +3967,7 @@ spec: x-kubernetes-map-type: atomic tlsConfig: description: |- - tlsConfig defines the TLS configuration to connect to the Consul API. + tlsConfig defines the TLS configuration to connect to the EC2 API. It requires Prometheus >= v2.41.0 properties: ca: @@ -4145,7 +4158,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Eureka server. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -4636,12 +4649,11 @@ spec: server: description: server defines the URL to connect to the Eureka server. - minLength: 1 - pattern: ^http(s)?://.+$ + pattern: ^https?://.+$ type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Eureka server. properties: ca: description: ca defines the Certificate authority used when @@ -4924,7 +4936,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Hetzner API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -5436,7 +5448,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Hetzner API. properties: ca: description: ca defines the Certificate authority used when @@ -6288,8 +6300,7 @@ spec: url: description: url defines the URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ + pattern: ^https?://.+$ type: string required: - url @@ -6305,7 +6316,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the IONOS. + authorization defines the header configuration to authenticate against the IONOS API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -6750,7 +6761,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the IONOS API. properties: ca: description: ca defines the Certificate authority used when @@ -7704,7 +7715,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Kuma control plane. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -8210,7 +8221,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Kuma control plane. properties: ca: description: ca defines the Certificate authority used when @@ -8432,7 +8443,7 @@ spec: x-kubernetes-map-type: atomic authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Lightsail API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -8967,7 +8978,7 @@ spec: x-kubernetes-map-type: atomic tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Lightsail API. properties: ca: description: ca defines the Certificate authority used when @@ -9145,7 +9156,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Linode API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -9595,7 +9606,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Linode API. properties: ca: description: ca defines the Certificate authority used when @@ -9917,7 +9928,7 @@ spec: type: boolean authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the Nomad API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -10419,7 +10430,7 @@ spec: description: |- server defines the Nomad server address to connect to for service discovery. This should be the full URL including protocol (e.g., "https://nomad.example.com:4646"). - minLength: 1 + pattern: ^https?://.+$ type: string tagSeparator: description: |- @@ -10428,7 +10439,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Nomad API. properties: ca: description: ca defines the Certificate authority used when @@ -11001,7 +11012,7 @@ spec: description: |- identityEndpoint defines the HTTP endpoint that is required to work with the Identity API of the appropriate version. - pattern: ^http(s)?:\/\/.+$ + pattern: ^https?://.+$ type: string password: description: |- @@ -11409,7 +11420,7 @@ spec: properties: authorization: description: |- - authorization defines the header configuration to authenticate against the DigitalOcean API. + authorization defines the header configuration to authenticate against the PuppetDB API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -11920,7 +11931,7 @@ spec: type: string tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the PuppetDB server. properties: ca: description: ca defines the Certificate authority used when @@ -12089,8 +12100,7 @@ spec: url: description: url defines the URL of the PuppetDB root query endpoint. - minLength: 1 - pattern: ^http(s)?://.+$ + pattern: ^https?://.+$ type: string required: - query @@ -12209,7 +12219,7 @@ spec: apiURL: description: apiURL defines the API URL to use when doing the server listing requests. - pattern: ^http(s)?://.+$ + pattern: ^https?://.+$ type: string enableHTTP2: description: enableHTTP2 defines whether to enable HTTP2. @@ -12336,7 +12346,7 @@ spec: x-kubernetes-list-type: set tlsConfig: description: tlsConfig defines the TLS configuration to connect - to the Consul API. + to the Scaleway API. properties: ca: description: ca defines the Certificate authority used when @@ -12595,9 +12605,9 @@ spec: description: targets defines the list of targets for this static configuration. items: - description: |- - Target represents a target for Prometheus to scrape - kubebuilder:validation:MinLength:=1 + description: Target represents a target for Prometheus to + scrape + minLength: 1 type: string minItems: 1 type: array diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml index c231b7ebcd..702988e2bb 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com diff --git a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml index 79d118fed0..7c7a32b057 100644 --- a/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml +++ b/charts/kube-prometheus-stack/charts/crds/crds/crd-thanosrulers.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.88.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.90.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 - operator.prometheus.io/version: 0.88.1 + operator.prometheus.io/version: 0.90.1 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1120,13 +1120,19 @@ spec: type: array containers: description: |- - containers allows injecting additional containers or modifying operator generated - containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or - to change the behavior of an operator generated container. Containers described here modify - an operator generated container if they share the same name and modifications are done via a - strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. - Overriding containers is entirely outside the scope of what the maintainers will support and by doing - so, you accept that this behaviour may break at any time without notice. + containers allows injecting additional containers or modifying operator + generated containers. This can be used to allow adding an authentication + proxy to the Pods or to change the behavior of an operator generated + container. Containers described here modify an operator generated + container if they share the same name and modifications are done via a + strategic merge patch. + + The names of containers managed by the operator are: + * `thanos-ruler` + * `config-reloader` + + Overriding containers which are managed by the operator require careful + testing, especially when upgrading to a new version of the operator. items: description: A single application container that you want to run within a pod. @@ -1994,7 +2000,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -2783,8 +2791,8 @@ spec: description: |- grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads recorded rule data. - Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. - Maps to the '--grpc-server-tls-*' CLI args. + + Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. properties: ca: description: ca defines the Certificate authority used when verifying @@ -3031,13 +3039,11 @@ spec: type: array initContainers: description: |- - initContainers allows adding initContainers to the pod definition. Those can be used to e.g. - fetch secrets for injection into the ThanosRuler configuration from external sources. Any - errors during the execution of an initContainer will lead to a restart of the Pod. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching is entirely outside the scope - of what the maintainers will support and by doing so, you accept that this behaviour may break - at any time without notice. + initContainers allows injecting initContainers to the Pod definition. + Those can be used to e.g. fetch secrets for injection into the + configuration from external sources. Any errors during the execution of + an initContainer will lead to a restart of the Pod. More info: + https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ items: description: A single application container that you want to run within a pod. @@ -3905,7 +3911,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. @@ -5825,9 +5833,11 @@ spec: type: string type: object url: - description: url defines the URL of the endpoint to send samples - to. - minLength: 1 + description: |- + url defines the URL of the endpoint to send samples to. + + It must use the HTTP or HTTPS scheme. + pattern: ^(http|https)://.+$ type: string writeRelabelConfigs: description: writeRelabelConfigs defines the list of remote @@ -6130,6 +6140,11 @@ spec: type: object type: object x-kubernetes-map-type: atomic + schedulerName: + description: schedulerName defines the scheduler to use for Pod scheduling. + If not specified, the default scheduler is used. + minLength: 1 + type: string securityContext: description: |- securityContext defines the pod-level security attributes and common container settings. @@ -6548,7 +6563,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -6803,7 +6818,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -6959,9 +6974,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object x-kubernetes-map-type: granular allocatedResources: @@ -6993,9 +7006,7 @@ spec: ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + that change other valid\nresources associated with PVC." type: object capacity: additionalProperties: @@ -7122,9 +7133,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -8061,7 +8073,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -8940,6 +8952,24 @@ spec: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName diff --git a/charts/kube-prometheus-stack/charts/crds/files/crds.bz2 b/charts/kube-prometheus-stack/charts/crds/files/crds.bz2 index e48a627e5c..615c2bf249 100644 Binary files a/charts/kube-prometheus-stack/charts/crds/files/crds.bz2 and b/charts/kube-prometheus-stack/charts/crds/files/crds.bz2 differ diff --git a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml index d1f42ed33b..07b2d08acc 100644 --- a/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml +++ b/charts/kube-prometheus-stack/charts/crds/templates/upgrade/job.yaml @@ -33,6 +33,7 @@ spec: imagePullSecrets: {{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }} {{- end }} + automountServiceAccountToken: {{ .Values.upgradeJob.automountServiceAccountToken }} serviceAccountName: {{ include "kube-prometheus-stack.crd.upgradeJob.serviceAccountName" . }} initContainers: - name: busybox @@ -75,7 +76,7 @@ spec: containers: - name: kubectl {{- $kubectlRegistry := .Values.global.imageRegistry | default .Values.upgradeJob.image.kubectl.registry -}} - {{- $defaultKubernetesVersion := regexFind "v\\d+\\.\\d+\\.\\d+" .Capabilities.KubeVersion.Version }} + {{- $defaultKubernetesVersion := (ternary (printf "%s.0" .Capabilities.KubeVersion.Version) (regexFind "v\\d+\\.\\d+\\.\\d+" .Capabilities.KubeVersion.Version) (regexMatch "^v\\d+\\.\\d+$" .Capabilities.KubeVersion.Version)) -}} {{- if .Values.upgradeJob.image.kubectl.sha }} image: "{{ $kubectlRegistry }}/{{ .Values.upgradeJob.image.kubectl.repository }}:{{ .Values.upgradeJob.image.kubectl.tag | default $defaultKubernetesVersion }}@sha256:{{ .Values.upgradeJob.image.kubectl.sha }}" {{- else }} diff --git a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml index f36517a242..ee4932bbc8 100644 --- a/charts/kube-prometheus-stack/charts/grafana/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -6,7 +6,7 @@ annotations: - name: Upstream Project url: https://github.com/grafana/grafana apiVersion: v2 -appVersion: 12.3.3 +appVersion: 12.4.2 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 @@ -26,4 +26,4 @@ sources: - https://github.com/grafana/grafana - https://github.com/grafana-community/helm-charts type: application -version: 11.1.5 +version: 11.3.8 diff --git a/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kube-prometheus-stack/charts/grafana/README.md index 9a338eaacf..fe826d9817 100644 --- a/charts/kube-prometheus-stack/charts/grafana/README.md +++ b/charts/kube-prometheus-stack/charts/grafana/README.md @@ -1,35 +1,48 @@ # Grafana Helm Chart -* Installs the web dashboarding system [Grafana](http://grafana.org/) +The leading tool for querying and visualizing time series and metrics. -## Get Repo Info +## Source Code -```console -helm repo add grafana-community https://grafana-community.github.io/helm-charts -helm repo update -``` +* + +## Requirements -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ +Kubernetes: `^1.25.0-0` ## Installing the Chart -To install the chart with the release name `my-release`: +### OCI Registry + +OCI registries are preferred in Helm as they implement unified storage, distribution, and improved security. ```console -helm install my-release grafana-community/grafana +helm install RELEASE-NAME oci://ghcr.io/grafana-community/helm-charts/grafana +``` + +### HTTP Registry + +```console +helm repo add grafana-community https://grafana-community.github.io/helm-charts +helm repo update +helm install RELEASE-NAME grafana-community/grafana ``` ## Uninstalling the Chart -To uninstall/delete the my-release deployment: +To remove all of the Kubernetes objects associated with the Helm chart release: ```console -helm delete my-release +helm delete RELEASE-NAME ``` -The command removes all the Kubernetes components associated with the chart and deletes the release. +## Changelog + +See the [changelog](https://grafana-community.github.io/helm-charts/changelog/?chart=grafana). + +--- -## Upgrading an existing Release to a new major version +## Upgrading A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. @@ -69,366 +82,6 @@ The minimum required Kubernetes version is now 1.25. All references to deprecate ## Configuration -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| "grafana.ini".analytics.check_for_updates | bool | `true` | | -| "grafana.ini".log.mode | string | `"console"` | | -| "grafana.ini".paths.data | string | `"/var/lib/grafana/"` | | -| "grafana.ini".paths.logs | string | `"/var/log/grafana"` | | -| "grafana.ini".paths.plugins | string | `"/var/lib/grafana/plugins"` | | -| "grafana.ini".paths.provisioning | string | `"/etc/grafana/provisioning"` | | -| "grafana.ini".server.domain | string | `"{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ tpl (.Values.ingress.hosts | first) . }}{{ else if (and .Values.route.main.enabled .Values.route.main.hostnames) }}{{ tpl (.Values.route.main.hostnames | first) . }}{{ else }}''{{ end }}"` | | -| "grafana.ini".unified_storage.index_path | string | `"/var/lib/grafana-search/bleve"` | | -| admin.existingSecret | string | `""` | | -| admin.passwordKey | string | `"admin-password"` | | -| admin.userKey | string | `"admin-user"` | | -| adminUser | string | `"admin"` | | -| affinity | object | `{}` | | -| alerting | object | `{}` | | -| assertNoLeakedSecrets | bool | `true` | | -| automountServiceAccountToken | bool | `true` | | -| autoscaling.behavior | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `5` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPU | string | `"60"` | | -| autoscaling.targetMemory | string | `""` | | -| containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | -| containerSecurityContext.privileged | bool | `false` | | -| containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| createConfigmap | bool | `true` | | -| dashboardProviders | object | `{}` | | -| dashboards | object | `{}` | | -| dashboardsConfigMaps | object | `{}` | | -| datasources | object | `{}` | | -| defaultCurlOptions | string | `"-skf"` | | -| deploymentStrategy.type | string | `"RollingUpdate"` | | -| dnsConfig | object | `{}` | | -| dnsPolicy | string | `nil` | | -| downloadDashboards.env | object | `{}` | | -| downloadDashboards.envFromSecret | string | `""` | | -| downloadDashboards.envValueFrom | object | `{}` | | -| downloadDashboards.resources | object | `{}` | | -| downloadDashboards.securityContext.allowPrivilegeEscalation | bool | `false` | | -| downloadDashboards.securityContext.capabilities.drop[0] | string | `"ALL"` | | -| downloadDashboards.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| downloadDashboardsImage.pullPolicy | string | `"IfNotPresent"` | | -| downloadDashboardsImage.registry | string | `"docker.io"` | The Docker registry | -| downloadDashboardsImage.repository | string | `"curlimages/curl"` | | -| downloadDashboardsImage.sha | string | `""` | | -| downloadDashboardsImage.tag | string | `"8.18.0"` | | -| enableKubeBackwardCompatibility | bool | `false` | | -| enableServiceLinks | bool | `true` | | -| env | object | `{}` | | -| envFromConfigMaps | list | `[]` | | -| envFromSecret | string | `""` | | -| envFromSecrets | list | `[]` | | -| envRenderSecret | object | `{}` | | -| envValueFrom | object | `{}` | | -| extraConfigmapMounts | list | `[]` | | -| extraContainerVolumes | list | `[]` | | -| extraContainers | string | `""` | | -| extraEmptyDirMounts | list | `[]` | | -| extraExposePorts | list | `[]` | | -| extraInitContainers | list | `[]` | | -| extraLabels | object | `{}` | | -| extraObjects | list | `[]` | | -| extraSecretMounts | list | `[]` | | -| extraVolumeMounts | list | `[]` | | -| extraVolumes | list | `[]` | | -| global.imagePullSecrets | list | `[]` | | -| global.imageRegistry | string | `nil` | Overrides the Docker registry globally for all images | -| gossipPortName | string | `"gossip"` | | -| headlessService | bool | `false` | | -| hostAliases | list | `[]` | | -| hostUsers | string | `nil` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.pullSecrets | list | `[]` | | -| image.registry | string | `"docker.io"` | The Docker registry | -| image.repository | string | `"grafana/grafana"` | Docker image repository | -| image.sha | string | `""` | | -| image.tag | string | `""` | | -| imageRenderer.affinity | object | `{}` | | -| imageRenderer.automountServiceAccountToken | bool | `false` | | -| imageRenderer.autoscaling.behavior | object | `{}` | | -| imageRenderer.autoscaling.enabled | bool | `false` | | -| imageRenderer.autoscaling.maxReplicas | int | `5` | | -| imageRenderer.autoscaling.minReplicas | int | `1` | | -| imageRenderer.autoscaling.targetCPU | string | `"60"` | | -| imageRenderer.autoscaling.targetMemory | string | `""` | | -| imageRenderer.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| imageRenderer.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | -| imageRenderer.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | -| imageRenderer.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| imageRenderer.deploymentStrategy | object | `{}` | | -| imageRenderer.enabled | bool | `false` | | -| imageRenderer.env.HTTP_HOST | string | `"0.0.0.0"` | | -| imageRenderer.env.XDG_CACHE_HOME | string | `"/tmp/.chromium"` | | -| imageRenderer.env.XDG_CONFIG_HOME | string | `"/tmp/.chromium"` | | -| imageRenderer.envValueFrom | object | `{}` | | -| imageRenderer.extraConfigmapMounts | list | `[]` | | -| imageRenderer.extraSecretMounts | list | `[]` | | -| imageRenderer.extraVolumeMounts | list | `[]` | | -| imageRenderer.extraVolumes | list | `[]` | | -| imageRenderer.grafanaProtocol | string | `"http"` | | -| imageRenderer.grafanaSubPath | string | `""` | | -| imageRenderer.hostAliases | list | `[]` | | -| imageRenderer.hostUsers | string | `nil` | | -| imageRenderer.image.pullPolicy | string | `"Always"` | | -| imageRenderer.image.pullSecrets | list | `[]` | | -| imageRenderer.image.registry | string | `"docker.io"` | The Docker registry | -| imageRenderer.image.repository | string | `"grafana/grafana-image-renderer"` | | -| imageRenderer.image.sha | string | `""` | | -| imageRenderer.image.tag | string | `"latest"` | | -| imageRenderer.networkPolicy.extraIngressSelectors | list | `[]` | | -| imageRenderer.networkPolicy.limitEgress | bool | `false` | | -| imageRenderer.networkPolicy.limitIngress | bool | `true` | | -| imageRenderer.nodeSelector | object | `{}` | | -| imageRenderer.podAnnotations | object | `{}` | | -| imageRenderer.podPortName | string | `"http"` | | -| imageRenderer.priorityClassName | string | `""` | | -| imageRenderer.renderingCallbackURL | string | `""` | | -| imageRenderer.replicas | int | `1` | | -| imageRenderer.resources | object | `{}` | | -| imageRenderer.revisionHistoryLimit | int | `10` | | -| imageRenderer.securityContext | object | `{}` | | -| imageRenderer.serverURL | string | `""` | | -| imageRenderer.service.appProtocol | string | `""` | | -| imageRenderer.service.enabled | bool | `true` | | -| imageRenderer.service.port | int | `8081` | | -| imageRenderer.service.portName | string | `"http"` | | -| imageRenderer.service.targetPort | int | `8081` | | -| imageRenderer.serviceAccountName | string | `""` | | -| imageRenderer.serviceMonitor.enabled | bool | `false` | | -| imageRenderer.serviceMonitor.interval | string | `"1m"` | | -| imageRenderer.serviceMonitor.labels | object | `{}` | | -| imageRenderer.serviceMonitor.path | string | `"/metrics"` | | -| imageRenderer.serviceMonitor.relabelings | list | `[]` | | -| imageRenderer.serviceMonitor.scheme | string | `"http"` | | -| imageRenderer.serviceMonitor.scrapeTimeout | string | `"30s"` | | -| imageRenderer.serviceMonitor.targetLabels | list | `[]` | | -| imageRenderer.serviceMonitor.tlsConfig | object | `{}` | | -| imageRenderer.tolerations | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `false` | | -| ingress.extraPaths | list | `[]` | | -| ingress.hosts[0] | string | `"chart-example.local"` | | -| ingress.labels | object | `{}` | | -| ingress.path | string | `"/"` | | -| ingress.pathType | string | `"Prefix"` | | -| ingress.tls | list | `[]` | | -| initChownData.enabled | bool | `true` | | -| initChownData.image.pullPolicy | string | `"IfNotPresent"` | | -| initChownData.image.registry | string | `"docker.io"` | The Docker registry | -| initChownData.image.repository | string | `"library/busybox"` | | -| initChownData.image.sha | string | `""` | | -| initChownData.image.tag | string | `"1.37.0"` | | -| initChownData.resources | object | `{}` | | -| initChownData.securityContext.capabilities.add[0] | string | `"CHOWN"` | | -| initChownData.securityContext.capabilities.drop[0] | string | `"ALL"` | | -| initChownData.securityContext.readOnlyRootFilesystem | bool | `false` | | -| initChownData.securityContext.runAsNonRoot | bool | `false` | | -| initChownData.securityContext.runAsUser | int | `0` | | -| initChownData.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| ldap.config | string | `""` | | -| ldap.enabled | bool | `false` | | -| ldap.existingSecret | string | `""` | | -| lifecycleHooks | object | `{}` | | -| livenessProbe.failureThreshold | int | `10` | | -| livenessProbe.httpGet.path | string | `"/api/health"` | | -| livenessProbe.httpGet.port | string | `"grafana"` | | -| livenessProbe.initialDelaySeconds | int | `60` | | -| livenessProbe.timeoutSeconds | int | `30` | | -| namespaceOverride | string | `""` | | -| networkPolicy.allowExternal | bool | `true` | | -| networkPolicy.egress.blockDNSResolution | bool | `false` | | -| networkPolicy.egress.enabled | bool | `false` | | -| networkPolicy.egress.ports | list | `[]` | | -| networkPolicy.egress.to | list | `[]` | | -| networkPolicy.enabled | bool | `false` | | -| networkPolicy.explicitNamespacesSelector | object | `{}` | | -| networkPolicy.ingress | bool | `true` | | -| nodeSelector | object | `{}` | | -| notifiers | object | `{}` | | -| persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| persistence.disableWarning | bool | `false` | | -| persistence.enabled | bool | `false` | | -| persistence.extraPvcLabels | object | `{}` | | -| persistence.finalizers[0] | string | `"kubernetes.io/pvc-protection"` | | -| persistence.inMemory.enabled | bool | `false` | | -| persistence.lookupVolumeName | bool | `true` | | -| persistence.size | string | `"10Gi"` | | -| persistence.type | string | `"pvc"` | | -| persistence.volumeName | string | `""` | | -| plugins | list | `[]` | | -| podDisruptionBudget | object | `{}` | | -| podPortName | string | `"grafana"` | | -| rbac.create | bool | `true` | | -| rbac.extraClusterRoleRules | list | `[]` | | -| rbac.extraRoleRules | list | `[]` | | -| rbac.namespaced | bool | `false` | | -| rbac.pspEnabled | bool | `false` | | -| rbac.pspUseAppArmor | bool | `false` | | -| readinessProbe.httpGet.path | string | `"/api/health"` | | -| readinessProbe.httpGet.port | string | `"grafana"` | | -| replicas | int | `1` | | -| resources | object | `{}` | | -| revisionHistoryLimit | int | `10` | | -| route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) | -| route.main.apiVersion | string | `"gateway.networking.k8s.io/v1"` | Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2 | -| route.main.enabled | bool | `false` | Enables or disables the route | -| route.main.kind | string | `"HTTPRoute"` | Set the route kind Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute | -| securityContext.fsGroup | int | `472` | | -| securityContext.runAsGroup | int | `472` | | -| securityContext.runAsNonRoot | bool | `true` | | -| securityContext.runAsUser | int | `472` | | -| service.annotations | object | `{}` | | -| service.appProtocol | string | `""` | | -| service.enabled | bool | `true` | | -| service.ipFamilies | list | `[]` | | -| service.ipFamilyPolicy | string | `""` | | -| service.labels | object | `{}` | | -| service.loadBalancerClass | string | `""` | | -| service.loadBalancerIP | string | `""` | | -| service.loadBalancerSourceRanges | list | `[]` | | -| service.port | int | `80` | | -| service.portName | string | `"service"` | | -| service.sessionAffinity | string | `""` | | -| service.targetPort | int | `3000` | | -| service.trafficDistribution | string | `""` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.automountServiceAccountToken | bool | `false` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.labels | object | `{}` | | -| serviceAccount.name | string | `nil` | | -| serviceAccount.nameTest | string | `nil` | | -| serviceMonitor.basicAuth | object | `{}` | | -| serviceMonitor.enabled | bool | `false` | | -| serviceMonitor.interval | string | `"30s"` | | -| serviceMonitor.labels | object | `{}` | | -| serviceMonitor.metricRelabelings | list | `[]` | | -| serviceMonitor.path | string | `"/metrics"` | | -| serviceMonitor.relabelings | list | `[]` | | -| serviceMonitor.scheme | string | `"http"` | | -| serviceMonitor.scrapeTimeout | string | `"30s"` | | -| serviceMonitor.targetLabels | list | `[]` | | -| serviceMonitor.tlsConfig | object | `{}` | | -| shareProcessNamespace | bool | `false` | | -| sidecar.alerts.enabled | bool | `false` | | -| sidecar.alerts.env | object | `{}` | | -| sidecar.alerts.envValueFrom | object | `{}` | | -| sidecar.alerts.extraMounts | list | `[]` | | -| sidecar.alerts.initAlerts | bool | `false` | | -| sidecar.alerts.label | string | `"grafana_alert"` | | -| sidecar.alerts.labelValue | string | `""` | | -| sidecar.alerts.reloadURL | string | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | | -| sidecar.alerts.resource | string | `"both"` | | -| sidecar.alerts.resourceName | string | `""` | | -| sidecar.alerts.script | string | `nil` | | -| sidecar.alerts.searchNamespace | string | `nil` | | -| sidecar.alerts.sizeLimit | string | `""` | | -| sidecar.alerts.skipReload | bool | `false` | | -| sidecar.alerts.watchMethod | string | `"WATCH"` | | -| sidecar.dashboards.SCProvider | bool | `true` | | -| sidecar.dashboards.defaultFolderName | string | `nil` | | -| sidecar.dashboards.enabled | bool | `false` | | -| sidecar.dashboards.env | object | `{}` | | -| sidecar.dashboards.envValueFrom | object | `{}` | | -| sidecar.dashboards.extraMounts | list | `[]` | | -| sidecar.dashboards.folder | string | `"/tmp/dashboards"` | | -| sidecar.dashboards.folderAnnotation | string | `nil` | | -| sidecar.dashboards.initDashboards | bool | `false` | | -| sidecar.dashboards.label | string | `"grafana_dashboard"` | | -| sidecar.dashboards.labelValue | string | `""` | | -| sidecar.dashboards.provider.allowUiUpdates | bool | `false` | | -| sidecar.dashboards.provider.disableDelete | bool | `false` | | -| sidecar.dashboards.provider.folder | string | `""` | | -| sidecar.dashboards.provider.folderUid | string | `""` | | -| sidecar.dashboards.provider.foldersFromFilesStructure | bool | `false` | | -| sidecar.dashboards.provider.name | string | `"sidecarProvider"` | | -| sidecar.dashboards.provider.orgid | int | `1` | | -| sidecar.dashboards.provider.type | string | `"file"` | | -| sidecar.dashboards.reloadURL | string | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` | | -| sidecar.dashboards.resource | string | `"both"` | | -| sidecar.dashboards.resourceName | string | `""` | | -| sidecar.dashboards.script | string | `nil` | | -| sidecar.dashboards.searchNamespace | string | `nil` | | -| sidecar.dashboards.sizeLimit | string | `""` | | -| sidecar.dashboards.skipReload | bool | `false` | | -| sidecar.dashboards.watchMethod | string | `"WATCH"` | | -| sidecar.datasources.enabled | bool | `false` | | -| sidecar.datasources.env | object | `{}` | | -| sidecar.datasources.envValueFrom | object | `{}` | | -| sidecar.datasources.extraMounts | list | `[]` | | -| sidecar.datasources.initDatasources | bool | `false` | | -| sidecar.datasources.label | string | `"grafana_datasource"` | | -| sidecar.datasources.labelValue | string | `""` | | -| sidecar.datasources.reloadURL | string | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | | -| sidecar.datasources.resource | string | `"both"` | | -| sidecar.datasources.resourceName | string | `""` | | -| sidecar.datasources.script | string | `nil` | | -| sidecar.datasources.searchNamespace | string | `nil` | | -| sidecar.datasources.sizeLimit | string | `""` | | -| sidecar.datasources.skipReload | bool | `false` | | -| sidecar.datasources.watchMethod | string | `"WATCH"` | | -| sidecar.enableUniqueFilenames | bool | `false` | | -| sidecar.image.registry | string | `"quay.io"` | The Docker registry | -| sidecar.image.repository | string | `"kiwigrid/k8s-sidecar"` | | -| sidecar.image.sha | string | `""` | | -| sidecar.image.tag | string | `"2.5.0"` | | -| sidecar.imagePullPolicy | string | `"IfNotPresent"` | | -| sidecar.livenessProbe | object | `{}` | | -| sidecar.notifiers.enabled | bool | `false` | | -| sidecar.notifiers.env | object | `{}` | | -| sidecar.notifiers.extraMounts | list | `[]` | | -| sidecar.notifiers.initNotifiers | bool | `false` | | -| sidecar.notifiers.label | string | `"grafana_notifier"` | | -| sidecar.notifiers.labelValue | string | `""` | | -| sidecar.notifiers.reloadURL | string | `"http://localhost:3000/api/admin/provisioning/notifications/reload"` | | -| sidecar.notifiers.resource | string | `"both"` | | -| sidecar.notifiers.resourceName | string | `""` | | -| sidecar.notifiers.script | string | `nil` | | -| sidecar.notifiers.searchNamespace | string | `nil` | | -| sidecar.notifiers.sizeLimit | string | `""` | | -| sidecar.notifiers.skipReload | bool | `false` | | -| sidecar.notifiers.watchMethod | string | `"WATCH"` | | -| sidecar.plugins.enabled | bool | `false` | | -| sidecar.plugins.env | object | `{}` | | -| sidecar.plugins.extraMounts | list | `[]` | | -| sidecar.plugins.initPlugins | bool | `false` | | -| sidecar.plugins.label | string | `"grafana_plugin"` | | -| sidecar.plugins.labelValue | string | `""` | | -| sidecar.plugins.reloadURL | string | `"http://localhost:3000/api/admin/provisioning/plugins/reload"` | | -| sidecar.plugins.resource | string | `"both"` | | -| sidecar.plugins.resourceName | string | `""` | | -| sidecar.plugins.script | string | `nil` | | -| sidecar.plugins.searchNamespace | string | `nil` | | -| sidecar.plugins.sizeLimit | string | `""` | | -| sidecar.plugins.skipReload | bool | `false` | | -| sidecar.plugins.watchMethod | string | `"WATCH"` | | -| sidecar.readinessProbe | object | `{}` | | -| sidecar.resources | object | `{}` | | -| sidecar.securityContext.allowPrivilegeEscalation | bool | `false` | | -| sidecar.securityContext.capabilities.drop[0] | string | `"ALL"` | | -| sidecar.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| smtp.existingSecret | string | `""` | | -| smtp.passwordKey | string | `"password"` | | -| smtp.userKey | string | `"user"` | | -| testFramework.containerSecurityContext | object | `{}` | | -| testFramework.enabled | bool | `true` | | -| testFramework.image.registry | string | `"docker.io"` | The Docker registry | -| testFramework.image.repository | string | `"bats/bats"` | | -| testFramework.image.tag | string | `"1.13.0"` | | -| testFramework.imagePullPolicy | string | `"IfNotPresent"` | | -| testFramework.resources | object | `{}` | | -| testFramework.securityContext | object | `{}` | | -| tolerations | list | `[]` | | -| topologySpreadConstraints | list | `[]` | | -| useStatefulSet | bool | `false` | | - ### Example ingress with path With grafana 6.3 and above @@ -500,6 +153,7 @@ dashboards: file: dashboards/custom-dashboard.json prometheus-stats: # Ref: https://grafana.com/dashboards/2 + # title: My Custom Title # optional; when set for a downloaded dashboard (gnetId or url), overrides the title displayed in Grafana gnetId: 2 revision: 2 datasource: Prometheus @@ -526,15 +180,15 @@ dashboards: ## BASE64 dashboards -Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) -A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a base64 encoded file (e.g. Gerrit) +A new parameter has been added to the URL use case so if you specify a b64content value equals to true after the URL entry a base64 decoding is applied before save the file to disk. If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. ### Gerrit use case Gerrit API for download files has the following schema: where {project-name} and -{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard -the url value is +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repository, branch-id is master and file-id is equals to dir1/dir2/dashboard +the URL value is ## Sidecar for dashboards @@ -566,7 +220,7 @@ data: If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +those secrets are written to a folder and accessed by grafana on startup. Using these YAML files, the data sources in grafana can be imported. Should you aim for reloading datasources in Grafana each time the config is changed, set `sidecar.datasources.skipReload: false` and adjust `sidecar.datasources.reloadURL` to `http://..svc.cluster.local/api/admin/provisioning/datasources/reload`. @@ -658,7 +312,7 @@ datasources: If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +those secrets are written to a folder and accessed by grafana on startup. Using these YAML files, the notification channels in grafana can be imported. The secrets must be created before `helm install` so that the notifiers init container can list the secrets. @@ -912,4 +566,18 @@ grafana.ini: ``` ### Installing plugins -For installing plugins please see the [official documentation](https://grafana.com/docs/grafana/latest/administration/plugin-management/#install-plugins-using-the-grafana-helm-chart). + +If you want to install a Grafana plugin using the helm chart, you can do so by using the identifier of the plugin, for example `digirich-bubblechart-panel` will install [Bubble Chart](https://grafana.com/grafana/plugins/digrich-bubblechart-panel/). + +You can also install a plugin and a specific version by specifying the version and URL of the download file as shown in the example below : + +```yaml +plugins: + - digrich-bubblechart-panel + - grafana-clock-panel + ## You can also use other plugin download URL, as long as they are valid zip files, + ## and specify the name of the plugin as prefix, with an version. Like this: + # - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download +``` + +Generic documentation about plugins can be found in the [official documentation](https://grafana.com/docs/grafana/latest/administration/plugin-management/). diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl index 4e71c338f4..a3181991d1 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_config.tpl @@ -132,6 +132,14 @@ download_dashboards.sh: | {{- if $value.b64content }} | base64 -d \ {{- end }} + {{- /* + Overrides original title with a custom title. + Deterministic search as title is generally indented with 2 spaces, 4 spaces or a tab. + Escape characters that may be wrongly interpreted by sed: backslash (\), double backslash (\\), and ampersand (&). + */}} + {{- if $value.title }} + | sed -E '/^(\t| | )"title":/ s#"title": *"[^"]*"#"title": "{{ $value.title | replace "\\" "\\\\" | replace "\"" "\\\"" | replace "&" "\\&" }}"#' \ + {{- end }} > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" {{ end }} {{- end }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl index 5f0d7c0aad..30322c7a2e 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl @@ -83,6 +83,15 @@ app.kubernetes.io/name: {{ include "grafana.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create a fully qualified name for image-renderer resources. +We truncate at 47 chars to reserve space for the longest suffix (-image-renderer, 16 chars) +so the Service name stays within the 63-char DNS label limit. +*/}} +{{- define "grafana.imageRenderer.fullname" -}} +{{- include "grafana.fullname" . | trunc 47 | trimSuffix "-" }} +{{- end }} + {{/* Common labels */}} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl index b73250f38b..de204db4f2 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl +++ b/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl @@ -1299,7 +1299,7 @@ containers: {{- with .Values.datasources }} {{- $datasources := . }} {{- range (keys . | sortAlpha) }} - {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}} + {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handled as secret */}} - name: config-secret mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" subPath: {{ . | quote }} @@ -1313,7 +1313,7 @@ containers: {{- with .Values.notifiers }} {{- $notifiers := . }} {{- range (keys . | sortAlpha) }} - {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}} + {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handled as secret */}} - name: config-secret mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" subPath: {{ . | quote }} @@ -1327,7 +1327,7 @@ containers: {{- with .Values.alerting }} {{- $alertingmap := .}} {{- range (keys . | sortAlpha) }} - {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}} + {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handled as secret */}} - name: config-secret mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" subPath: {{ . | quote }} @@ -1442,7 +1442,7 @@ containers: {{- if .Values.imageRenderer.serverURL }} value: {{ .Values.imageRenderer.serverURL | quote }} {{- else }} - value: http://{{ include "grafana.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + value: http://{{ include "grafana.imageRenderer.fullname" . }}-image-renderer.{{ include "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render {{- end }} - name: GF_RENDERING_CALLBACK_URL {{- if .Values.imageRenderer.renderingCallbackURL }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml index 9f035d620b..20ddff4bb6 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml @@ -86,7 +86,7 @@ spec: protocol: TCP livenessProbe: httpGet: - path: / + path: {{ .Values.imageRenderer.healthcheckPath }} port: {{ .Values.imageRenderer.service.portName }} env: - name: HTTP_PORT diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml index c27be5c33d..ffa72d0ebe 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "grafana.fullname" . }}-image-renderer + name: {{ include "grafana.imageRenderer.fullname" . }}-image-renderer namespace: {{ include "grafana.namespace" . }} labels: {{- include "grafana.imageRenderer.labels" . | nindent 4 }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml index 4cd3ed6976..07a9d7de16 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml @@ -52,6 +52,10 @@ spec: - namespaceSelector: {{- toYaml . | nindent 12 }} {{- end }} + {{- range .Values.networkPolicy.explicitIpBlocks }} + - ipBlock: + cidr: {{ . | quote }} + {{- end }} - podSelector: matchLabels: {{- include "grafana.labels" . | nindent 14 }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/route.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/route.yaml index 8b309312e7..1c75b7b871 100644 --- a/charts/kube-prometheus-stack/charts/grafana/templates/route.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/templates/route.yaml @@ -6,7 +6,7 @@ kind: {{ $route.kind | default "HTTPRoute" }} metadata: {{- with $route.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} name: {{ template "grafana.fullname" $ }}{{ if ne $name "main" }}-{{ $name }}{{ end }} namespace: {{ template "grafana.namespace" $ }} @@ -49,6 +49,10 @@ spec: matches: {{- toYaml . | nindent 8 }} {{- end }} + {{- with $route.timeouts }} + timeouts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml b/charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml new file mode 100644 index 0000000000..01c8b9aab3 --- /dev/null +++ b/charts/kube-prometheus-stack/charts/grafana/templates/vpa.yaml @@ -0,0 +1,56 @@ +{{- if and .Values.verticalPodAutoscaler.enabled (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1/VerticalPodAutoscaler") }} + +{{- $vpa := .Values.verticalPodAutoscaler }} +{{- $resources := $vpa.controlledResources | default dict }} +{{- $target := $vpa.target | default dict }} +{{- $container := $vpa.container | default dict }} + +{{- /* Match deployment.yaml condition */ -}} +{{- $isDeployment := and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) -}} + +{{- /* Derived defaults */ -}} +{{- $defaultApiVersion := "apps/v1" -}} +{{- $defaultKind := ternary "Deployment" "StatefulSet" $isDeployment -}} +{{- $defaultName := include "grafana.fullname" . -}} + +{{- /* Optional override (ONLY if you document it in values.yaml/schema) */ -}} +{{- $t := $vpa.targetRef | default dict -}} +{{- $apiVersion := default $defaultApiVersion $t.apiVersion -}} +{{- $kind := default $defaultKind $t.kind -}} +{{- $name := default $defaultName $t.name -}} + +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ include "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + targetRef: + apiVersion: {{ $apiVersion | quote }} + kind: {{ $kind | quote }} + name: {{ $name | quote }} + updatePolicy: + updateMode: {{ default "Off" $vpa.updateMode | quote }} + resourcePolicy: + containerPolicies: + - containerName: "grafana" +{{- if or (get $resources "cpu") (get $resources "memory") }} + controlledResources: +{{- if (get $resources "cpu") }} + - "cpu" +{{- end }} +{{- if (get $resources "memory") }} + - "memory" +{{- end }} +{{- end }} +{{- with $vpa.minAllowed }} + minAllowed: +{{ toYaml . | nindent 10 }} +{{- end }} +{{- with $vpa.maxAllowed }} + maxAllowed: +{{ toYaml . | nindent 10 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/charts/grafana/values.yaml b/charts/kube-prometheus-stack/charts/grafana/values.yaml index 1b256fbd8a..cae873e7c8 100644 --- a/charts/kube-prometheus-stack/charts/grafana/values.yaml +++ b/charts/kube-prometheus-stack/charts/grafana/values.yaml @@ -34,8 +34,8 @@ rbac: # verbs: [] serviceAccount: create: true - name: - nameTest: + name: "" + nameTest: "" ## ServiceAccount labels. labels: {} ## Service account annotations. Can be templated. @@ -272,9 +272,9 @@ serviceMonitor: targetLabels: [] extraExposePorts: [] - # - name: keycloak - # port: 8080 - # targetPort: 8080 + # - name: keycloak + # port: 8080 + # targetPort: 8080 # overrides pod.spec.hostAliases in the grafana deployment's pods hostAliases: [] @@ -341,6 +341,12 @@ route: type: PathPrefix value: / + ## Timeouts define the timeouts that can be configured for an HTTP request. + ## Ref. https://gateway-api.sigs.k8s.io/api-types/httproute/#timeouts-optional + timeouts: {} + # request: 10s + # backendRequest: 5s + ## Filters define the filters that are applied to requests that match this rule. filters: [] @@ -657,8 +663,8 @@ plugins: [] # - digrich-bubblechart-panel # - grafana-clock-panel ## You can also use other plugin download URL, as long as they are valid zip files, - ## and specify the name of the plugin after the semicolon. Like this: - # - https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.2/download;marcusolsson-json-datasource + ## and specify the name of the plugin as prefix, with an version. Like this: + # - marcusolsson-json-datasource@1.3.24@https://grafana.com/api/plugins/marcusolsson-json-datasource/versions/1.3.24/download ## Configure grafana datasources ## ref: http://docs.grafana.org/administration/provisioning/#datasources @@ -829,6 +835,8 @@ defaultCurlOptions: "-skf" ## ref: https://grafana.com/dashboards ## ## dashboards per provider, use provider name as key. +## For dashboards downloaded via gnetId or url, the optional "title" key overrides +## the dashboard title in the downloaded JSON so the UI displays your custom title. ## dashboards: {} # default: @@ -838,6 +846,7 @@ dashboards: {} # custom-dashboard: # file: dashboards/custom-dashboard.json # prometheus-stats: + # title: My Custom Dashboard Title # optional; overrides the dashboard title in the downloaded JSON # gnetId: 2 # revision: 2 # datasource: Prometheus @@ -890,21 +899,21 @@ grafana.ini: unified_storage: index_path: /var/lib/grafana-search/bleve ## grafana Authentication can be enabled with the following values on grafana.ini - # server: - # The full public facing url you use in browser, used for redirects and emails - # root_url: - # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana - # auth.github: - # enabled: false - # allow_sign_up: false - # scopes: user:email,read:org - # auth_url: https://github.com/login/oauth/authorize - # token_url: https://github.com/login/oauth/access_token - # api_url: https://api.github.com/user - # team_ids: - # allowed_organizations: - # client_id: - # client_secret: + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: ## LDAP Authentication can be enabled with the following values on grafana.ini ## NOTE: Grafana will fail to start if the value for ldap.toml is invalid # auth.ldap: @@ -961,7 +970,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 2.5.0 + tag: 2.5.5 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -1439,7 +1448,7 @@ namespaceOverride: "" ## revisionHistoryLimit: 10 -## Add a seperate remote image renderer deployment/service +## Add a separate remote image renderer deployment/service imageRenderer: deploymentStrategy: {} # Enable the image-renderer deployment & service @@ -1514,6 +1523,8 @@ imageRenderer: hostAliases: [] # image-renderer deployment priority class priorityClassName: '' + # Path to the healthcheck endpoint. On Image Renderer v5.0.0 or newer, this is '/healthz'. Older versions use '/'. + healthcheckPath: '/healthz' service: # Enable the image-renderer service enabled: true @@ -1596,69 +1607,73 @@ imageRenderer: extraVolumes: [] networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## + # -- networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to grafana port defined. - ## When true, grafana will accept connections from any source - ## (with the correct destination port). - ## + # --networkPolicy.allowExternal Don't require client label for connections + # The Policy model to apply. When set to false, only pods with the correct + # client label will have network access to grafana port defined. + # When true, grafana will accept connections from any source + # (with the correct destination port). + # ingress: true - ## @param networkPolicy.ingress When true enables the creation - ## an ingress network policy - ## + # -- networkPolicy.ingress When true enables the creation + # an ingress network policy allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the grafana. - ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## + # -- networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed + # If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + # and that match other criteria, the ones that have the good label, can reach the grafana. + # But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this + # LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + #
+ # + # Example: + # + # ``` + # explicitNamespacesSelector: + # matchLabels: + # role: frontend + # matchExpressions: + # - {key: role, operator: In, values: [frontend]} + # ``` explicitNamespacesSelector: {} - ## - ## - ## - ## - ## - ## + # -- networkPolicy.explicitIpBlocks List of CIDR blocks allowed as ingress sources. + # Each entry must be a valid CIDR notation string (e.g. 10.0.0.0/8). + # When defined, the specified CIDR ranges are added to the ingress `from` rules + # using `ipBlock` entries and complement the other configured ingress sources. + #
+ # + # Example: + # + # ``` + # explicitIpBlocks: + # - 35.191.0.0/16 + # - 130.211.0.0/22 + # ``` + # + explicitIpBlocks: [] + egress: - ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be - ## created allowing grafana to connect to external data sources from kubernetes cluster. + # -- networkPolicy.egress.enabled When enabled, an egress network policy will be + # created allowing grafana to connect to external data sources from kubernetes cluster. enabled: false - ## - ## @param networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked - ## for all pods in the grafana namespace. + # -- networkPolicy.egress.blockDNSResolution When enabled, DNS resolution will be blocked + # for all pods in the grafana namespace. blockDNSResolution: false - ## - ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress + # -- networkPolicy.egress.ports Add individual ports to be allowed by the egress ports: [] - ## Add ports to the egress by specifying - port: - ## E.X. - ## - port: 80 - ## - port: 443 - ## - ## @param networkPolicy.egress.to Allow egress traffic to specific destinations + # Add ports to the egress by specifying - port: + # E.X. + # - port: 80 + # - port: 443 + # + # -- networkPolicy.egress.to Allow egress traffic to specific destinations to: [] - ## Add destinations to the egress by specifying - ipBlock: - ## E.X. - ## to: - ## - namespaceSelector: - ## matchExpressions: - ## - {key: role, operator: In, values: [grafana]} - ## - ## - ## - ## - ## + # -- destinations to the egress by specifying - ipBlock: + # E.X. + # to: + # - namespaceSelector: + # matchExpressions: + # - {key: role, operator: In, values: [grafana]} # Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option enableKubeBackwardCompatibility: false @@ -1699,3 +1714,25 @@ extraObjects: [] # Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap, # you can disable this check by setting assertNoLeakedSecrets to false. assertNoLeakedSecrets: true + +# updateMode options are: +# Off: n the Off update mode, the VPA recommender still analyzes resource usage and generates recommendations, but these recommendations are not automatically applied to Pods. The recommendations are only stored in the VPA object's .status field. +# Initial: In Initial mode, VPA only sets resource requests when Pods are first created. It does not update resources for already running Pods, even if recommendations change over time. The recommendations apply only during Pod creation. +# Recreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod. +# InPlaceOrRecreate: In Recreate mode, VPA actively manages Pod resources by evicting Pods when their current resource requests differ significantly from recommendations. When a Pod is evicted, the workload controller (managing a Deployment, StatefulSet, etc) creates a replacement Pod, and the VPA admission controller applies the updated resource requests to the new Pod. +# Auto (deprecated): The Auto update mode is deprecated since VPA version 1.4.0. Use Recreate for eviction-based updates, or InPlaceOrRecreate for in-place updates with eviction fallback. +verticalPodAutoscaler: + enabled: false + updateMode: "Off" + controlledResources: + cpu: true + memory: true + + # Default safety bounds + minAllowed: + cpu: "25m" + memory: "128Mi" + + maxAllowed: + cpu: "1000m" + memory: "1Gi" diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml index 9cd93e8520..b8dc96a112 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml @@ -26,4 +26,4 @@ name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 7.1.0 +version: 7.2.2 diff --git a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml index 43d2aec964..9f71fbb165 100644 --- a/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml +++ b/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml @@ -106,7 +106,7 @@ kubeRBACProxy: image: registry: quay.io repository: brancz/kube-rbac-proxy - tag: v0.20.2 + tag: v0.21.2 sha: "" pullPolicy: IfNotPresent diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml index 2c8bdd4c3f..b016fb6876 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml @@ -4,7 +4,7 @@ annotations: - name: Chart Source url: https://github.com/prometheus-community/helm-charts apiVersion: v2 -appVersion: 1.10.2 +appVersion: 1.11.1 description: A Helm chart for prometheus node-exporter home: https://github.com/prometheus/node_exporter/ icon: https://raw.githubusercontent.com/cncf/artwork/refs/heads/main/projects/prometheus/icon/color/prometheus-icon-color.svg @@ -26,4 +26,4 @@ name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 4.51.1 +version: 4.53.1 diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml index 3c82f732ba..9ab71b8404 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -38,9 +38,56 @@ spec: {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.extraInitContainers }} + {{- $fixes := .Values.permissionInitContainer.fixes -}} + {{- $fixesEnabled := or $fixes.rapl $fixes.slabinfo (not (empty .Values.permissionInitContainer.extraCommands)) -}} + {{- if or .Values.extraInitContainers $fixesEnabled }} initContainers: - {{- toYaml . | nindent 8 }} + {{- if .Values.extraInitContainers }} + {{- toYaml .Values.extraInitContainers | nindent 8 }} + {{- end }} + {{- if $fixesEnabled }} + - name: permission-fix + {{- with .Values.permissionInitContainer.image }} + {{- if .sha }} + image: "{{ $.Values.global.imageRegistry | default .registry}}/{{ .repository }}:{{ .tag }}@sha256:{{ .sha }}" + {{- else }} + image: "{{ $.Values.global.imageRegistry | default .registry}}/{{ .repository }}:{{ .tag }}" + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.permissionInitContainer.image.pullPolicy }} + securityContext: + {{- toYaml .Values.permissionInitContainer.securityContext | nindent 12 }} + command: + - /bin/sh + - -c + - | + {{- if $fixes.rapl }} + powercap_path="/host/sys/devices/virtual/powercap" + if [ -d "$powercap_path" ]; then + find "$powercap_path" -name energy_uj -exec chown root:{{ .Values.securityContext.runAsGroup }} {} + -exec chmod g+r -R {} + + fi + {{- end }} + {{- if $fixes.slabinfo }} + slabinfo_path="/host/proc/slabinfo" + if [ -f "$slabinfo_path" ]; then + chown root:{{ .Values.securityContext.runAsGroup }} "$slabinfo_path" && chmod g+r "$slabinfo_path" + fi + {{- end }} + {{- range .Values.permissionInitContainer.extraCommands }} + {{ . }} + {{- end }} + volumeMounts: + {{- if $fixes.rapl }} + - name: sys + mountPath: /host/sys + readOnly: false + {{- end }} + {{- if $fixes.slabinfo }} + - name: proc + mountPath: /host/proc + readOnly: false + {{- end }} + {{- end }} {{- end }} serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }} {{- with .Values.terminationGracePeriodSeconds }} diff --git a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml index 1bf81846a5..c58ee4e687 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml @@ -45,7 +45,7 @@ kubeRBACProxy: image: registry: quay.io repository: brancz/kube-rbac-proxy - tag: v0.20.2 + tag: v0.21.2 sha: "" pullPolicy: IfNotPresent @@ -543,6 +543,28 @@ sidecarHostVolumeMounts: [] ## extraInitContainers: [] +## Additional InitContainer to fix hostfile permissions required for some exporters. All fixes are disabled by default. +## +permissionInitContainer: + image: + registry: quay.io + repository: prometheus/busybox + tag: latest + sha: "" + pullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + fixes: + # Fixes /sys/devices/virtual/powercap/*/energy_uj + # Collector enabled by default + rapl: false + # Fixes /proc/slabinfo + # Collector disabled by default + slabinfo: false + extraCommands: [] + ## Liveness probe ## livenessProbe: diff --git a/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml index c3f5051373..8ee580fa33 100644 --- a/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml +++ b/charts/kube-prometheus-stack/charts/prometheus-windows-exporter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.31.3 +appVersion: 0.31.6 description: A Helm chart for prometheus windows-exporter home: https://github.com/prometheus-community/windows_exporter/ icon: https://raw.githubusercontent.com/cncf/artwork/master/prometheus/icon/color/prometheus-icon-color.svg @@ -16,4 +16,4 @@ name: prometheus-windows-exporter sources: - https://github.com/prometheus-community/windows_exporter/ type: application -version: 0.12.3 +version: 0.12.6 diff --git a/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml index a9c12e4ed6..791db3480e 100644 --- a/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml @@ -100,6 +100,9 @@ spec: securityContext: {{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }} {{- end }} +{{- if kindIs "bool" .Values.alertmanager.alertmanagerSpec.hostUsers }} + hostUsers: {{ .Values.alertmanager.alertmanagerSpec.hostUsers }} +{{- end }} {{- if .Values.alertmanager.alertmanagerSpec.dnsConfig }} dnsConfig: {{ toYaml .Values.alertmanager.alertmanagerSpec.dnsConfig | indent 4 }} @@ -201,6 +204,17 @@ spec: {{- if .Values.alertmanager.alertmanagerSpec.minReadySeconds }} minReadySeconds: {{ .Values.alertmanager.alertmanagerSpec.minReadySeconds }} {{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.podManagementPolicy }} + podManagementPolicy: {{ .Values.alertmanager.alertmanagerSpec.podManagementPolicy }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.updateStrategy }} + updateStrategy: +{{ toYaml .Values.alertmanager.alertmanagerSpec.updateStrategy | indent 4 }} +{{- end }} + hostNetwork: {{ .Values.alertmanager.alertmanagerSpec.hostNetwork }} +{{- if .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }} +{{- end }} {{- with .Values.alertmanager.alertmanagerSpec.additionalConfig }} {{- tpl (toYaml .) $ | nindent 2 }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml index 5df7d9b928..e136f88787 100644 --- a/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml @@ -8,12 +8,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - {{- end }} +{{- toYaml (omit .Values.alertmanager.podDisruptionBudget "enabled") | nindent 2 }} selector: matchLabels: app.kubernetes.io/name: alertmanager diff --git a/charts/kube-prometheus-stack/templates/alertmanager/route.yaml b/charts/kube-prometheus-stack/templates/alertmanager/route.yaml index 167c058a74..2426822ee1 100644 --- a/charts/kube-prometheus-stack/templates/alertmanager/route.yaml +++ b/charts/kube-prometheus-stack/templates/alertmanager/route.yaml @@ -40,7 +40,10 @@ spec: statusCode: 301 {{- else }} - backendRefs: - - name: {{ $serviceName }} + - group: "" + kind: Service + weight: 1 + name: {{ $serviceName }} port: {{ $servicePort }} {{- with $route.filters }} filters: diff --git a/charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml new file mode 100644 index 0000000000..60c665a5a4 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/alertmanager/verticalpodautoscaler.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.verticalPodAutoscaler.enabled }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + {{- include "kube-prometheus-stack.labels" . | nindent 4 }} +spec: + {{- with .Values.alertmanager.verticalPodAutoscaler.recommenders }} + recommenders: + {{- toYaml . | nindent 4 }} + {{- end }} + resourcePolicy: + containerPolicies: + - containerName: alertmanager + {{- with .Values.alertmanager.verticalPodAutoscaler.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.verticalPodAutoscaler.controlledValues }} + controlledValues: {{ .Values.alertmanager.verticalPodAutoscaler.controlledValues }} + {{- end }} + {{- if .Values.alertmanager.verticalPodAutoscaler.maxAllowed }} + maxAllowed: + {{- toYaml .Values.alertmanager.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.verticalPodAutoscaler.minAllowed }} + minAllowed: + {{- toYaml .Values.alertmanager.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- end }} + targetRef: + apiVersion: monitoring.coreos.com/v1 + kind: Alertmanager + name: {{ template "kube-prometheus-stack.alertmanager.crname" . }} + {{- with .Values.alertmanager.verticalPodAutoscaler.updatePolicy }} + updatePolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml index 1c60620044..4b81d6cdf5 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml index a356397e1c..01b7e35a75 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml index 8f3f715774..dfc1fe9699 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml index fb7e5aa229..3bdddb6aaf 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml index 25925df045..31296665ff 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/grafana-overview.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml index 976a244d17..8aae688c6f 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml index e476a2f8fd..abcd7bf205 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-multicluster.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-multicluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-multicluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml index e24cc6aeed..ad5b1b2854 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml index 95688b9ac3..163e8a56a1 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml index 21f417edf1..3e427a4c72 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml index 7d47319362..542accdaf4 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml index 7e6d8a084a..8b61e27a66 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml index 2ad153669e..322b92f008 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml index 272e329e7c..a02d94a872 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml index 30dd35fa17..4d94d1b3aa 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml index 8ea86923b1..daa979e255 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml index 6e1d9c96de..d8c98e739e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} @@ -20,7 +20,7 @@ metadata: {{- include "kube-prometheus-stack.labels" $ | nindent 4 }} data: node-rsrc-use.json: |- - {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Utilisation"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Saturation"}],"title":"CPU Saturation (Load1 per CPU)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"panels":[],"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":5,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Utilisation"}],"title":"Memory Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"rds"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":6,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Major page Faults"}],"title":"Memory Saturation (Major Page Faults)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":7,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":17},"id":8,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Transmit"}],"title":"Network Utilisation (Bytes Receive/Transmit)","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":17},"id":9,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Transmit"}],"title":"Network Saturation (Drops Receive/Transmit)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":10,"panels":[],"title":"Disk IO","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":11,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"{{device}}"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":12,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"{{device}}"}],"title":"Disk IO Saturation","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":34},"id":13,"panels":[],"title":"Disk Space","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":14,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=~\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=~\"$cluster\"})\n ) != 0\n)\n","legendFormat":"{{device}}"}],"title":"Disk Space Utilisation","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"name":"cluster","query":"label_values(node_time_seconds, cluster)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"name":"instance","query":"label_values(node_exporter_build_info{job=\"node-exporter\", cluster=~\"$cluster\"}, instance)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / USE Method / Node","uid":"fac67cfbe174d3ef53eb473d73d9212f"}`}} + {{`{"graphTooltip":1,"panels":[{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":0},"id":1,"panels":[],"title":"CPU","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":1},"id":2,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Utilisation"}],"title":"CPU Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":1},"id":3,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Saturation"}],"title":"CPU Saturation (Load1 per CPU)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":8},"id":4,"panels":[],"title":"Memory","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":9},"id":5,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Utilisation"}],"title":"Memory Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"rds"}},"gridPos":{"h":7,"w":12,"x":12,"y":9},"id":6,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Major page Faults"}],"title":"Memory Saturation (Major Page Faults)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":16},"id":7,"panels":[],"title":"Network","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":0,"y":17},"id":8,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_bytes_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_bytes_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Transmit"}],"title":"Network Utilisation (Bytes Receive/Transmit)","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"Bps"},"overrides":[{"matcher":{"id":"byRegexp","options":"/Transmit/"},"properties":[{"id":"custom.transform","value":"negative-Y"}]}]},"gridPos":{"h":7,"w":12,"x":12,"y":17},"id":9,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_receive_drop_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Receive"},{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance:node_network_transmit_drop_physical:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"Transmit"}],"title":"Network Saturation (Drops Receive/Transmit)","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":24},"id":10,"panels":[],"title":"Disk IO","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":0,"y":25},"id":11,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"{{device}}"}],"title":"Disk IO Utilisation","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":12,"x":12,"y":25},"id":12,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=~\"$cluster\"} != 0","legendFormat":"{{device}}"}],"title":"Disk IO Saturation","type":"timeseries"},{"collapsed":false,"gridPos":{"h":1,"w":24,"x":0,"y":34},"id":13,"panels":[],"title":"Disk Space","type":"row"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"fieldConfig":{"defaults":{"custom":{"fillOpacity":100,"showPoints":"never","stacking":{"mode":"normal"}},"unit":"percentunit"}},"gridPos":{"h":7,"w":24,"x":0,"y":35},"id":14,"options":{"legend":{"showLegend":false},"tooltip":{"mode":"multi","sort":"desc"}},"pluginVersion":"v11.4.0","targets":[{"datasource":{"type":"prometheus","uid":"$datasource"},"expr":"sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=~\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=~\"$cluster\"})\n ) != 0\n)\n","legendFormat":"{{device}}"}],"title":"Disk Space Utilisation","type":"timeseries"}],"refresh":"30s","schemaVersion":39,"tags":["node-exporter-mixin"],"templating":{"list":[{"name":"datasource","query":"prometheus","type":"datasource"},{"allValue":".*","datasource":{"type":"prometheus","uid":"${datasource}"},"hide":`}}{{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}{{`,"includeAll":true,"name":"cluster","query":"label_values(node_time_seconds, cluster)","refresh":2,"sort":1,"type":"query"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"name":"instance","query":"label_values(node_exporter_build_info{job=\"node-exporter\", cluster=~\"$cluster\"}, instance)","refresh":2,"sort":1,"type":"query"}]},"time":{"from":"now-1h","to":"now"},"timezone": "`}}{{ .Values.grafana.defaultDashboardsTimezone }}{{`","title":"Node Exporter / USE Method / Node","uid":"fac67cfbe174d3ef53eb473d73d9212f"}`}} {{- end }} --- {{- if and .Values.grafana.operator.dashboardsConfigMapRefEnabled (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled (or .Values.nodeExporter.enabled .Values.nodeExporter.forceDeployDashboards) }} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml index e4e2e68ce6..98982bd00a 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-aix.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'nodes-aix' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'nodes-aix' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml index 70539f44b2..6abc654380 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes-darwin.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml index 87080c7a90..5b54ac8a84 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml index 163a428bbe..eb52131bff 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml index 9898eba6d2..035a7cc24c 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml index 9c64bb96e7..160a76b857 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml index bda0ddf384..6457f76200 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml index 3da837745a..0b444e2e8e 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml index 0e971d430d..eb66a0684a 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml index 00f9e86146..65c20399a1 100644 --- a/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml +++ b/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml @@ -1,5 +1,5 @@ {{- /* -Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/110c59d94ccff6f3e894c55247df6c218ef6cd7a/manifests/grafana-dashboardDefinitions.yaml +Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/3425561cdfea89a8ea65194c56dfcd81b2e84afd/manifests/grafana-dashboardDefinitions.yaml Do not change in-place! In order to change this file first read following link: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack */ -}} diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml index 3874c2f855..c02aed688a 100644 --- a/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml @@ -1,3 +1,4 @@ +{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/rbac.md */}} {{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml b/charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml index c7df6c0df7..58f02d1443 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/ciliumnetworkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "cilium") }} +{{- if and .Values.prometheus.networkPolicy.enabled (eq .Values.prometheus.networkPolicy.flavor "cilium") .Values.prometheus.networkPolicy.cilium }} apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: @@ -15,11 +15,11 @@ spec: matchExpressions: {{- include "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" . | indent 6 }} {{- end }} - {{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.egress }} + {{- if .Values.prometheus.networkPolicy.cilium.egress }} egress: {{ toYaml .Values.prometheus.networkPolicy.cilium.egress | nindent 4 }} {{- end }} - {{- if and .Values.prometheus.networkPolicy.cilium .Values.prometheus.networkPolicy.cilium.ingress }} + {{- if .Values.prometheus.networkPolicy.cilium.ingress }} ingress: {{ toYaml .Values.prometheus.networkPolicy.cilium.ingress | nindent 4 }} {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml index f165f84844..45e02e0e4e 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml @@ -8,12 +8,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" . }}-prometheus {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} - {{- end }} +{{- toYaml (omit .Values.prometheus.podDisruptionBudget "enabled") | nindent 2 }} selector: matchLabels: {{- if .Values.prometheus.agentMode }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml index 1514d7f2df..9318d80c5e 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml @@ -464,7 +464,11 @@ spec: name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" {{- end }} {{- if .Values.prometheus.prometheusSpec.excludedFromEnforcement }} + {{- if kindIs "string" .Values.prometheus.prometheusSpec.excludedFromEnforcement }} +{{ tpl .Values.prometheus.prometheusSpec.excludedFromEnforcement . | indent 4 }} + {{- else }} {{ tpl (toYaml .Values.prometheus.prometheusSpec.excludedFromEnforcement | indent 4) . }} + {{- end }} {{- end }} {{- end }} {{- if and (not .Values.prometheus.agentMode) .Values.prometheus.prometheusSpec.queryLogFile }} @@ -500,10 +504,23 @@ spec: {{- if .Values.prometheus.prometheusSpec.minReadySeconds }} minReadySeconds: {{ .Values.prometheus.prometheusSpec.minReadySeconds }} {{- end }} +{{- if .Values.prometheus.prometheusSpec.podManagementPolicy }} + podManagementPolicy: {{ .Values.prometheus.prometheusSpec.podManagementPolicy }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.updateStrategy }} + updateStrategy: +{{ toYaml .Values.prometheus.prometheusSpec.updateStrategy | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.prometheus.prometheusSpec.terminationGracePeriodSeconds }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.maximumStartupDurationSeconds }} maximumStartupDurationSeconds: {{ .Values.prometheus.prometheusSpec.maximumStartupDurationSeconds }} {{- end }} hostNetwork: {{ .Values.prometheus.prometheusSpec.hostNetwork }} +{{- if kindIs "bool" .Values.prometheus.prometheusSpec.hostUsers }} + hostUsers: {{ .Values.prometheus.prometheusSpec.hostUsers }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.hostAliases }} hostAliases: {{ toYaml .Values.prometheus.prometheusSpec.hostAliases | indent 4 }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/route.yaml b/charts/kube-prometheus-stack/templates/prometheus/route.yaml index 6a22d3d73b..49a1fee93b 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/route.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/route.yaml @@ -40,7 +40,10 @@ spec: statusCode: 301 {{- else }} - backendRefs: - - name: {{ $serviceName }} + - group: "" + kind: Service + weight: 1 + name: {{ $serviceName }} port: {{ $servicePort }} {{- with $route.filters }} filters: diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml index 7e351134d8..e6d687068f 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml @@ -110,7 +110,7 @@ spec: ' runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/infoinhibitor summary: Info-level alert inhibition. - expr: ALERTS{severity = "info"} == 1 unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) ALERTS{alertname != "InfoInhibitor", severity =~ "warning|critical", alertstate="firing"} == 1 + expr: group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) (ALERTS{severity = "info"} == 1) unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) group by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace) (ALERTS{alertname != "InfoInhibitor", alertstate = "firing", severity =~ "warning|critical"} == 1) labels: severity: {{ dig "InfoInhibitor" "severity" "none" .Values.customRules }} {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.general }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml index 05bf4a0947..0a988c9d51 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml @@ -547,9 +547,16 @@ spec: runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpamaxedout summary: HPA is running at max replicas expr: |- - kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} - == - kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + ( + kube_horizontalpodautoscaler_status_current_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + == + kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + ) + and on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}namespace, horizontalpodautoscaler) ( + kube_horizontalpodautoscaler_spec_max_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + != + kube_horizontalpodautoscaler_spec_min_replicas{job="{{ $kubeStateMetricsJob }}", namespace{{ $namespaceOperator }}"{{ $targetNamespace }}"} + ) for: {{ dig "KubeHpaMaxedOut" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml index f3b5e1d970..6c93b8dceb 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml @@ -452,10 +452,13 @@ spec: {{- if .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem }} {{ toYaml .Values.defaultRules.additionalRuleGroupAnnotations.kubernetesSystem | indent 8 }} {{- end }} - description: Kubelet has disappeared from Prometheus target discovery. + description: Kubelet has disappeared from Prometheus target discovery on cluster {{`{{`}} $labels.cluster {{`}}`}}. runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletdown summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ $kubeletJob }}", metrics_path="/metrics"}) + expr: |- + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (kube_node_info{job="{{ $kubeStateMetricsJob }}"}) + unless on ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) + count by ({{ range $.Values.defaultRules.additionalAggregationLabels }}{{ . }},{{ end }}cluster) (up{job="{{ $kubeletJob }}", metrics_path="/metrics"} == 1) for: {{ dig "KubeletDown" "for" "15m" .Values.customRules }} {{- with .Values.defaultRules.keepFiringFor }} keep_firing_for: "{{ . }}" diff --git a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml index aeaa80231c..58cd220400 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml @@ -185,4 +185,60 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_receive_bytes_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_transmit_bytes_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_receive_drop_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + - expr: |- + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!~"lo|veth.+"}[5m]) + ) + record: instance:node_network_transmit_drop_physical:rate5m + {{- if or .Values.defaultRules.additionalRuleLabels .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + labels: + {{- with .Values.defaultRules.additionalRuleLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.defaultRules.additionalRuleGroupLabels.nodeExporterRecording }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/kube-prometheus-stack/templates/prometheus/service.yaml b/charts/kube-prometheus-stack/templates/prometheus/service.yaml index 5eace9cefd..60bb39214f 100644 --- a/charts/kube-prometheus-stack/templates/prometheus/service.yaml +++ b/charts/kube-prometheus-stack/templates/prometheus/service.yaml @@ -52,6 +52,9 @@ spec: {{- if semverCompare "> 1.20.0-0" $kubeTargetVersion }} appProtocol: http {{- end }} + {{- if and (eq .Values.prometheus.service.type "NodePort") (not (empty .Values.prometheus.service.reloaderWebNodePort)) }} + nodePort: {{ .Values.prometheus.service.reloaderWebNodePort }} + {{- end }} port: {{ .Values.prometheus.service.reloaderWebPort }} targetPort: reloader-web {{- end }} diff --git a/charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml b/charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml new file mode 100644 index 0000000000..ec35eec7a9 --- /dev/null +++ b/charts/kube-prometheus-stack/templates/prometheus/verticalpodautoscaler.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.verticalPodAutoscaler.enabled }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + {{- include "kube-prometheus-stack.labels" . | nindent 4 }} +spec: + {{- with .Values.prometheus.verticalPodAutoscaler.recommenders }} + recommenders: + {{- toYaml . | nindent 4 }} + {{- end }} + resourcePolicy: + containerPolicies: + - containerName: prometheus + {{- with .Values.prometheus.verticalPodAutoscaler.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.verticalPodAutoscaler.controlledValues }} + controlledValues: {{ .Values.prometheus.verticalPodAutoscaler.controlledValues }} + {{- end }} + {{- if .Values.prometheus.verticalPodAutoscaler.maxAllowed }} + maxAllowed: + {{- toYaml .Values.prometheus.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.verticalPodAutoscaler.minAllowed }} + minAllowed: + {{- toYaml .Values.prometheus.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- end }} + targetRef: + {{- if .Values.prometheus.agentMode }} + apiVersion: monitoring.coreos.com/v1alpha1 + kind: PrometheusAgent + {{- else }} + apiVersion: monitoring.coreos.com/v1 + kind: Prometheus + {{- end }} + name: {{ template "kube-prometheus-stack.prometheus.crname" . }} + {{- with .Values.prometheus.verticalPodAutoscaler.updatePolicy }} + updatePolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml index 4fe0e0482a..0b42c2c711 100644 --- a/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml @@ -8,12 +8,7 @@ metadata: app: {{ template "kube-prometheus-stack.thanosRuler.name" . }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: - {{- if .Values.thanosRuler.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.thanosRuler.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} - {{- end }} +{{- toYaml (omit .Values.thanosRuler.podDisruptionBudget "enabled") | nindent 2 }} selector: matchLabels: app.kubernetes.io/name: thanos-ruler diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml index d7999f4c0f..3038df3ffc 100644 --- a/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/route.yaml @@ -40,7 +40,10 @@ spec: statusCode: 301 {{- else }} - backendRefs: - - name: {{ $serviceName }} + - group: "" + kind: Service + weight: 1 + name: {{ $serviceName }} port: {{ $servicePort }} {{- with $route.filters }} filters: diff --git a/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml index b857dc69d9..8c7d9c8213 100644 --- a/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml +++ b/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml @@ -107,6 +107,9 @@ spec: {{- if .Values.thanosRuler.thanosRulerSpec.routePrefix }} routePrefix: "{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" {{- end }} +{{- if kindIs "bool" .Values.thanosRuler.thanosRulerSpec.hostUsers }} + hostUsers: {{ .Values.thanosRuler.thanosRulerSpec.hostUsers }} +{{- end }} {{- if .Values.thanosRuler.thanosRulerSpec.securityContext }} securityContext: {{ toYaml .Values.thanosRuler.thanosRulerSpec.securityContext | indent 4 }} @@ -193,6 +196,16 @@ spec: {{ toYaml .Values.thanosRuler.thanosRulerSpec.alertDropLabels | indent 4 }} {{- end }} portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }} +{{- if .Values.thanosRuler.thanosRulerSpec.podManagementPolicy }} + podManagementPolicy: {{ .Values.thanosRuler.thanosRulerSpec.podManagementPolicy }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.updateStrategy }} + updateStrategy: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.updateStrategy | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.thanosRuler.thanosRulerSpec.terminationGracePeriodSeconds }} +{{- end }} {{- with .Values.thanosRuler.thanosRulerSpec.additionalConfig }} {{- tpl (toYaml .) $ | nindent 2 }} {{- end }} diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index f3fb35f916..25e16d633d 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -132,6 +132,10 @@ crds: labels: {} automountServiceAccountToken: true + ## Automounting API credentials for upgrade crd job pod. + ## + automountServiceAccountToken: true + ## Container-specific security context configuration ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @@ -501,6 +505,37 @@ alertmanager: # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow + ## Enable vertical pod autoscaler support for Alertmanager + ## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + ## + verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate". + updateMode: Recreate + ## Alertmanager configuration directives ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file ## https://prometheus.io/webtools/alerting/routing-tree-editor/ @@ -1119,6 +1154,10 @@ alertmanager: seccompProfile: type: RuntimeDefault + ## Use the host's user namespace for Alertmanager pods. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + hostUsers: ~ + ## DNS configuration for Alertmanager. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.PodDNSConfig dnsConfig: {} @@ -1127,6 +1166,9 @@ alertmanager: ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#dnspolicystring-alias dnsPolicy: "" + ## Enable hostNetwork for Alertmanager. + hostNetwork: false + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. ## Note this is only for the Alertmanager UI, not the gossip communication. ## @@ -1137,7 +1179,7 @@ alertmanager: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.14.2 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 # args: # - --upstream=http://127.0.0.1:9093 # - --http-address=0.0.0.0:8081 @@ -1201,6 +1243,21 @@ alertmanager: ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). minReadySeconds: 0 + ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + podManagementPolicy: "" + + ## Update strategy for the StatefulSet. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + + ## Duration in seconds the pod needs to terminate gracefully. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: ~ + ## Additional configuration which is not covered by the properties above. (passed through tpl) additionalConfig: {} @@ -1220,7 +1277,7 @@ alertmanager: # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. -## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## Using default values from https://github.com/grafana-community/helm-charts/blob/main/charts/grafana/values.yaml ## grafana: enabled: true @@ -2934,7 +2991,7 @@ prometheusOperator: image: registry: ghcr.io repository: jkroepke/kube-webhook-certgen - tag: 1.7.7 + tag: 1.8.0 sha: "" pullPolicy: IfNotPresent resources: {} @@ -3320,8 +3377,8 @@ prometheusOperator: # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction # minReplicas: 1 # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates - # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". - updateMode: Auto + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate". + updateMode: Recreate ## Prometheus-operator image ## @@ -3583,6 +3640,11 @@ prometheus: ## reloaderWebPort: 8080 + ## Port to expose for Prometheus Reloader + ## Only used if service.type is 'NodePort' + ## + reloaderWebNodePort: null + ## List of IP addresses at which the Prometheus server service is available ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## @@ -3679,6 +3741,37 @@ prometheus: # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow + ## Enable vertical pod autoscaler support for Prometheus + ## ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + ## + verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "InPlaceOrRecreate". + updateMode: Recreate + # Ingress exposes thanos sidecar outside the cluster thanosIngress: enabled: false @@ -4045,7 +4138,7 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v3.9.1 + tag: v3.11.1 sha: "" pullPolicy: IfNotPresent @@ -4565,7 +4658,7 @@ prometheus: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.14.2 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 # args: # - --upstream=http://127.0.0.1:9090 # - --http-address=0.0.0.0:8081 @@ -4675,12 +4768,20 @@ prometheus: ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). minReadySeconds: 0 + ## Duration in seconds the pod needs to terminate gracefully. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: ~ + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. hostNetwork: false + ## Use the host's user namespace for Prometheus pods. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + hostUsers: ~ + # HostAlias holds the mapping between IP and hostnames that will be injected # as an entry in the pod's hosts file. hostAliases: [] @@ -4697,6 +4798,17 @@ prometheus: ## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role. serviceDiscoveryRole: "" + ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + podManagementPolicy: "" + + ## Update strategy for the StatefulSet. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + ## Additional configuration which is not covered by the properties above. (passed through tpl) additionalConfig: {} @@ -5392,6 +5504,10 @@ thanosRuler: seccompProfile: type: RuntimeDefault + ## Use the host's user namespace for ThanosRuler pods. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ + hostUsers: ~ + ## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP. ## Note this is only for the ThanosRuler UI, not the gossip communication. ## @@ -5419,10 +5535,25 @@ thanosRuler: ## portName: "web" + ## Duration in seconds the pod needs to terminate gracefully. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + terminationGracePeriodSeconds: ~ + ## WebTLSConfig defines the TLS parameters for HTTPS ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerwebspec web: {} + ## Pod management policy. Kubernetes default is OrderedReady but prometheus-operator default is Parallel. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + podManagementPolicy: "" + + ## Update strategy for the StatefulSet. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxUnavailable: 1 + ## Additional configuration which is not covered by the properties above. (passed through tpl) additionalConfig: {}