diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json
index 20d65bdf8571f2d84df11e042a91d09df645787d..e9484736a91237d71cf4d1bf8f2454d039d5b611 100644
--- a/jsonnet/kube-prometheus/jsonnetfile.json
+++ b/jsonnet/kube-prometheus/jsonnetfile.json
@@ -26,7 +26,7 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "release-0.44"
+ "version": "release-0.45"
},
{
"source": {
diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
index d5811aef43520c26b76fa09ee90f6dc0753bc88a..e97f07f1dc21acb6d0c979a8dda06ee9f52404a0 100644
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -1,16 +1,14 @@
-local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet';
-
local alertmanager = import './alertmanager/alertmanager.libsonnet';
local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet';
local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet';
local nodeExporter = import './node-exporter/node-exporter.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
+local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet';
local prometheus = import './prometheus/prometheus.libsonnet';
local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
-(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
{
alertmanager: alertmanager({
name: $._config.alertmanagerName,
@@ -47,6 +45,15 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
image: 'directxman12/k8s-prometheus-adapter:v0.8.2',
prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/',
}),
+ prometheusOperator: prometheusOperator({
+ namespace: $._config.namespace,
+ version: '0.45.0',
+ image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0',
+ configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0',
+ commonLabels+: {
+ 'app.kubernetes.io/part-of': 'kube-prometheus',
+ },
+ }),
mixins+:: monitoringMixins({
namespace: $._config.namespace,
alertmanagerName: $._config.alertmanagerName,
@@ -76,62 +83,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
},
},
},
- prometheusOperator+::
- {
- service+: {
- spec+: {
- ports: [
- {
- name: 'https',
- port: 8443,
- targetPort: 'https',
- },
- ],
- },
- },
- serviceMonitor+: {
- spec+: {
- endpoints: [
- {
- port: 'https',
- scheme: 'https',
- honorLabels: true,
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- tlsConfig: {
- insecureSkipVerify: true,
- },
- },
- ],
- },
- },
- clusterRole+: {
- rules+: [
- {
- apiGroups: ['authentication.k8s.io'],
- resources: ['tokenreviews'],
- verbs: ['create'],
- },
- {
- apiGroups: ['authorization.k8s.io'],
- resources: ['subjectaccessreviews'],
- verbs: ['create'],
- },
- ],
- },
- } +
- (kubeRbacProxyContainer {
- config+:: {
- kubeRbacProxy: {
- image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
- name: 'kube-rbac-proxy',
- securePortName: 'https',
- securePort: 8443,
- secureListenAddress: ':%d' % self.securePort,
- upstream: 'http://127.0.0.1:8080/',
- tlsCipherSuites: $._config.tlsCipherSuites,
- },
- },
- }).deploymentMixin,
grafana+:: {
local dashboardDefinitions = super.dashboardDefinitions,
@@ -168,48 +119,7 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
prometheusName: 'k8s',
alertmanagerName: 'main',
- versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' },
- imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' },
-
- tlsCipherSuites: [
- 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
- 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
-
- // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
- // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
- // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
- // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
- // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
- // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2
- // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2
- // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
- // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
- // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
- // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
- // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
- // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
-
- // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go
-
- 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
- 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
- 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
- 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
- ],
-
- resources+:: {
- 'addon-resizer': {
- requests: { cpu: '10m', memory: '30Mi' },
- limits: { cpu: '50m', memory: '30Mi' },
- },
- 'kube-rbac-proxy': {
- requests: { cpu: '10m', memory: '20Mi' },
- limits: { cpu: '20m', memory: '40Mi' },
- },
- },
+ versions+:: { grafana: '7.3.5' },
grafana+:: {
labels: {
diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
deleted file mode 100644
index 5122e837ce322c005e715e332c7e3ab1cc04932e..0000000000000000000000000000000000000000
--- a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
+++ /dev/null
@@ -1,95 +0,0 @@
-// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet
-// are converted to use kube-rbac-proxy/container.libsonnet
-
-{
- local krp = self,
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
-
- specMixin:: {
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
- spec+: {
- template+: {
- spec+: {
- containers+: [{
- name: krp.config.kubeRbacProxy.name,
- image: krp.config.kubeRbacProxy.image,
- args: [
- '--logtostderr',
- '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
- '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites),
- '--upstream=' + krp.config.kubeRbacProxy.upstream,
- ],
- ports: [
- { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
- ],
- securityContext: {
- runAsUser: 65532,
- runAsGroup: 65532,
- runAsNonRoot: true,
- },
- }],
- },
- },
- },
- },
-
- deploymentMixin:: {
- local dm = self,
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
- deployment+: krp.specMixin {
- config+:: {
- kubeRbacProxy+: dm.config.kubeRbacProxy,
- },
- },
- },
-
- statefulSetMixin:: {
- local sm = self,
- config+:: {
- kubeRbacProxy: {
- image: error 'must provide image',
- name: error 'must provide name',
- securePortName: error 'must provide securePortName',
- securePort: error 'must provide securePort',
- secureListenAddress: error 'must provide secureListenAddress',
- upstream: error 'must provide upstream',
- tlsCipherSuites: error 'must provide tlsCipherSuites',
- },
- },
- statefulSet+: krp.specMixin {
- config+:: {
- kubeRbacProxy+: sm.config.kubeRbacProxy,
- },
- },
- },
-}
diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
new file mode 100644
index 0000000000000000000000000000000000000000..26940c612ce3dcdc8c610dd2a0838b9fb927d7cc
--- /dev/null
+++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
@@ -0,0 +1,95 @@
+local krp = (import '../kube-rbac-proxy/container.libsonnet');
+local prometheusOperator = import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet';
+
+local defaults = {
+ local defaults = self,
+ name: 'prometheus-operator',
+ namespace: error 'must provide namespace',
+ version: error 'must provide version',
+ image: error 'must provide image',
+ configReloaderImage: error 'must provide config reloader image',
+ resources: {
+ limits: { cpu: '200m', memory: '200Mi' },
+ requests: { cpu: '100m', memory: '100Mi' },
+ },
+ commonLabels:: {
+ 'app.kubernetes.io/name': defaults.name,
+ 'app.kubernetes.io/version': defaults.version,
+ 'app.kubernetes.io/component': 'controller',
+ 'app.kubernetes.io/part-of': 'kube-prometheus',
+ },
+ selectorLabels:: {
+ [labelName]: defaults.commonLabels[labelName]
+ for labelName in std.objectFields(defaults.commonLabels)
+ if !std.setMember(labelName, ['app.kubernetes.io/version'])
+ },
+};
+
+function(params)
+ local config = defaults + params;
+ // Safety check
+ assert std.isObject(config.resources);
+
+ prometheusOperator(config) {
+ service+: {
+ spec+: {
+ ports: [
+ {
+ name: 'https',
+ port: 8443,
+ targetPort: 'https',
+ },
+ ],
+ },
+ },
+
+ serviceMonitor+: {
+ spec+: {
+ endpoints: [
+ {
+ port: 'https',
+ scheme: 'https',
+ honorLabels: true,
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ tlsConfig: {
+ insecureSkipVerify: true,
+ },
+ },
+ ],
+ },
+ },
+
+ clusterRole+: {
+ rules+: [
+ {
+ apiGroups: ['authentication.k8s.io'],
+ resources: ['tokenreviews'],
+ verbs: ['create'],
+ },
+ {
+ apiGroups: ['authorization.k8s.io'],
+ resources: ['subjectaccessreviews'],
+ verbs: ['create'],
+ },
+ ],
+ },
+
+ local kubeRbacProxy = krp({
+ name: 'kube-rbac-proxy',
+ upstream: 'http://127.0.0.1:8080/',
+ secureListenAddress: ':8443',
+ ports: [
+ { name: 'https', containerPort: 8443 },
+ ],
+ }),
+
+ deployment+: {
+ spec+: {
+ template+: {
+ spec+: {
+ containers+: [kubeRbacProxy],
+ },
+ },
+ },
+ },
+ }
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index b4af75ef19154b579f4fefe515bf207e1b1bb5d9..7efb4031631a74f9dbfec0b927027a04ff0b2f66 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -99,7 +99,7 @@
"subdir": "jsonnet/mixin"
}
},
- "version": "22aaf848a27f6e45702131e22a596778686068d5",
+ "version": "5555f492df250168657b72bb8cb60bec071de71f",
"sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U="
},
{
@@ -109,8 +109,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "d8b7d3766225908d0239fd0d78258892cd0fc384",
- "sum": "Nl+N/h76bzD9tZ8tx7tuNIKHwCIJ9zyOsAWplH8HvAE="
+ "version": "5555f492df250168657b72bb8cb60bec071de71f",
+ "sum": "quzK9/gITldAfVGBkFUsLjQ3Y2F4NOJ2GQUjPSD8HHQ="
},
{
"source": {
diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml
index 4412f1ac6acc5e1dd3f8e4a5ae9cccc7c9ac745c..8cf19eec51e1660af845fdb2d8da191fb2b926ce 100644
--- a/manifests/prometheus-operator-serviceMonitor.yaml
+++ b/manifests/prometheus-operator-serviceMonitor.yaml
@@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring
spec:
@@ -19,4 +20,5 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml
index 312288f49801f43f2c8d0f110b31ee8adb32b50c..faa6e92e020464d9d0d1f945dd98c8a858410e33 100644
--- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml
@@ -47,6 +47,7 @@ spec:
properties:
name:
description: Label to match.
+ minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression (true).
@@ -56,7 +57,6 @@ spec:
type: string
required:
- name
- - value
type: object
type: array
targetMatch:
@@ -66,6 +66,7 @@ spec:
properties:
name:
description: Label to match.
+ minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression (true).
@@ -75,7 +76,6 @@ spec:
type: string
required:
- name
- - value
type: object
type: array
type: object
@@ -91,9 +91,10 @@ spec:
description: EmailConfig configures notifications via Email.
properties:
authIdentity:
+ description: The identity to use for authentication.
type: string
authPassword:
- description: SecretKeySelector selects a key of a Secret.
+ description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -108,7 +109,7 @@ spec:
- key
type: object
authSecret:
- description: SecretKeySelector selects a key of a Secret.
+ description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -123,7 +124,7 @@ spec:
- key
type: object
authUsername:
- description: SMTP authentication information.
+ description: The username to use for authentication.
type: string
from:
description: The sender address.
@@ -135,6 +136,7 @@ spec:
properties:
key:
description: Key of the tuple.
+ minLength: 1
type: string
value:
description: Value of the tuple.
@@ -262,6 +264,7 @@ spec:
type: array
name:
description: Name of the receiver. Must be unique across all items from the list.
+ minLength: 1
type: string
opsgenieConfigs:
description: List of OpsGenie configurations.
@@ -296,6 +299,7 @@ spec:
properties:
key:
description: Key of the tuple.
+ minLength: 1
type: string
value:
description: Value of the tuple.
@@ -466,7 +470,7 @@ spec:
responders:
description: List of responders responsible for notifications.
items:
- description: OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.
+ description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
properties:
id:
description: ID of the responder.
@@ -476,10 +480,13 @@ spec:
type: string
type:
description: Type of responder.
+ minLength: 1
type: string
username:
description: Username of the responder.
type: string
+ required:
+ - type
type: object
type: array
sendResolved:
@@ -520,6 +527,7 @@ spec:
properties:
key:
description: Key of the tuple.
+ minLength: 1
type: string
value:
description: Value of the tuple.
@@ -901,7 +909,7 @@ spec:
description: Notification title.
type: string
token:
- description: Your registered application’s API token, see https://pushover.net/apps
+ description: The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -922,7 +930,7 @@ spec:
description: A title for supplementary URL, otherwise just the URL is shown
type: string
userKey:
- description: The recipient user’s user key.
+ description: The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -956,6 +964,7 @@ spec:
okText:
type: string
text:
+ minLength: 1
type: string
title:
type: string
@@ -967,8 +976,10 @@ spec:
style:
type: string
text:
+ minLength: 1
type: string
type:
+ minLength: 1
type: string
url:
type: string
@@ -1011,8 +1022,10 @@ spec:
short:
type: boolean
title:
+ minLength: 1
type: string
value:
+ minLength: 1
type: string
required:
- title
@@ -1207,7 +1220,7 @@ spec:
description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
properties:
apiKey:
- description: The API key to use when talking to the VictorOps API.
+ description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@@ -1231,6 +1244,7 @@ spec:
properties:
key:
description: Key of the tuple.
+ minLength: 1
type: string
value:
description: Value of the tuple.
@@ -1407,8 +1421,6 @@ spec:
stateMessage:
description: Contains long explanation of the alerted problem.
type: string
- required:
- - routingKey
type: object
type: array
webhookConfigs:
@@ -1566,8 +1578,9 @@ spec:
type: object
type: object
maxAlerts:
- description: Maximum number of alerts to be sent per webhook message.
+ description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.
format: int32
+ minimum: 0
type: integer
sendResolved:
description: Whether or not to notify about resolved alerts.
@@ -1790,7 +1803,7 @@ spec:
type: object
type: array
route:
- description: The Alertmanager route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route.
+ description: The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.
properties:
continue:
description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.
@@ -1813,6 +1826,7 @@ spec:
properties:
name:
description: Label to match.
+ minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression (true).
@@ -1822,11 +1836,10 @@ spec:
type: string
required:
- name
- - value
type: object
type: array
receiver:
- description: Name of the receiver for this route. If present, it should be listed in the `receivers` field. The field can be omitted only for nested routes otherwise it is mandatory.
+ description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.
type: string
repeatInterval:
description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).
diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
index 3cfc36ab8ed9b4066ee2e9f635176cd13e8099f9..694f6bfd5c0abce9f876bc31ec3553553ffee8a7 100644
--- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
@@ -2255,7 +2255,7 @@ spec:
type: string
type: object
podMonitorNamespaceSelector:
- description: Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace.
+ description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@@ -2846,7 +2846,7 @@ spec:
description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).
type: string
retentionSize:
- description: Maximum amount of disk space used by blocks.
+ description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.'
type: string
routePrefix:
description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.
@@ -3016,7 +3016,7 @@ spec:
description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.
type: string
serviceMonitorNamespaceSelector:
- description: Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace.
+ description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@@ -3453,6 +3453,9 @@ spec:
required:
- key
type: object
+ tracingConfigFile:
+ description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.
+ type: string
version:
description: Version describes the version of Thanos to use.
type: string
diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml
index 5d13eb906435aff9bfb424133ab2ef9aa3b1dad5..2821c35da928bf243fd745c182ee0f3dc3bf5cc7 100644
--- a/manifests/setup/prometheus-operator-clusterRole.yaml
+++ b/manifests/setup/prometheus-operator-clusterRole.yaml
@@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
name: prometheus-operator
rules:
- apiGroups:
diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
index c2e4412879be7783af18d0067cf4a498130ae028..9c5b8dfa701e860c5daa882efd068fef790fa2a1 100644
--- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
+++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml
@@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml
index 2361874a543ff3b0da3984158c9ee3eafb540589..c423a57a781b484c58ea90a396f7ba44bfa87ed8 100644
--- a/manifests/setup/prometheus-operator-deployment.yaml
+++ b/manifests/setup/prometheus-operator-deployment.yaml
@@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring
spec:
@@ -13,18 +14,20 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
+ app.kubernetes.io/part-of: kube-prometheus
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
spec:
containers:
- args:
- --kubelet-service=kube-system/kubelet
- - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1
- image: quay.io/prometheus-operator/prometheus-operator:v0.44.1
+ - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0
+ image: quay.io/prometheus-operator/prometheus-operator:v0.45.0
name: prometheus-operator
ports:
- containerPort: 8080
@@ -48,12 +51,19 @@ spec:
ports:
- containerPort: 8443
name: https
+ resources:
+ limits:
+ cpu: 20m
+ memory: 40Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector:
- beta.kubernetes.io/os: linux
+ kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml
index ebfd02b69b4df2ec613131831e1fa6e7fdf957a1..0a667c8396df2d5b914268a66cdf1daca812b7fa 100644
--- a/manifests/setup/prometheus-operator-service.yaml
+++ b/manifests/setup/prometheus-operator-service.yaml
@@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring
spec:
@@ -16,3 +17,4 @@ spec:
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
+ app.kubernetes.io/part-of: kube-prometheus
diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml
index 7799e114f7173d9f89c2526f030939d3635b7140..7b8cd2896ac2c058609dcdf2e92a9dee1205d0e0 100644
--- a/manifests/setup/prometheus-operator-serviceAccount.yaml
+++ b/manifests/setup/prometheus-operator-serviceAccount.yaml
@@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: v0.44.1
+ app.kubernetes.io/part-of: kube-prometheus
+ app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring