diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index 6c7d433c8212a0211a32785d1f056e8b35306296..d5db3120d29ed3b2619372552d6f26db534d2e27 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -18,7 +18,7 @@
"subdir": "contrib/mixin"
}
},
- "version": "7a7b668edb7ea4087fab00c3b3392202584b5fcf",
+ "version": "556447683112b6ccc00b27a1bd0d0a4edc361692",
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
},
{
@@ -38,7 +38,7 @@
"subdir": "grafana-builder"
}
},
- "version": "ab47cabd71f0318fbda8efbbce0b4af074970a4e",
+ "version": "9ed8c7b79694711403fc353a3e3c46acb762a1e5",
"sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8="
},
{
@@ -58,7 +58,7 @@
"subdir": "lib/promgrafonnet"
}
},
- "version": "faf65d6fe38b2fd279b60e2f0581b2d0cb878d01",
+ "version": "e0dc3563dcbf2e54e0ffe8e83f3f51b237ef33be",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
},
{
@@ -68,7 +68,7 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
- "version": "c36d9c6adca9b61b33398f6bcf06122564da2f95",
+ "version": "d94da5292d7e213c5b2f3f508d162e6044a68ca9",
"sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE="
},
{
@@ -78,7 +78,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
- "version": "c36d9c6adca9b61b33398f6bcf06122564da2f95",
+ "version": "d94da5292d7e213c5b2f3f508d162e6044a68ca9",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
},
{
@@ -88,7 +88,7 @@
"subdir": "jsonnet/mixin"
}
},
- "version": "e5797e3d1c7fe50b99d9b8e8006ad0416820b5c9",
+ "version": "1c35faa561f2557fa156438c13c5763d3b6ac6c4",
"sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=",
"name": "prometheus-operator-mixin"
},
@@ -99,8 +99,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
- "version": "e5797e3d1c7fe50b99d9b8e8006ad0416820b5c9",
- "sum": "1bEFcCwj8VP9lh1GG76M+uHc0975rolxA4YezwXaiwk="
+ "version": "1c35faa561f2557fa156438c13c5763d3b6ac6c4",
+ "sum": "eHJp7oFWvBEsSmwoRML356DLK80n7rRt8XKRZ+YawvQ="
},
{
"source": {
@@ -109,8 +109,8 @@
"subdir": "doc/alertmanager-mixin"
}
},
- "version": "8598683b2461fb68e1921735c20163c4c784f9b6",
- "sum": "YIWuR6x64SRQSCr8tuuGN1cc0TK5HGR0HWvgot3fc6k=",
+ "version": "29fcb0b7fb8af519fa6c08cfd545d401c98d94e1",
+ "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"name": "alertmanager"
},
{
@@ -120,7 +120,7 @@
"subdir": "docs/node-mixin"
}
},
- "version": "220aa5b8893c599c624bbdba2f59ac1ed473a4ff",
+ "version": "8edd27baaf0cd4e443ab556329fa0f8c3b2b02a0",
"sum": "os3VfjBdFdDaTYzI+A/RahIhQcgQ7KoaLL68s1kiCbA="
},
{
@@ -130,8 +130,8 @@
"subdir": "documentation/prometheus-mixin"
}
},
- "version": "ef584a9df6b4d5b360aa99ddee605b9b92f5ad45",
- "sum": "Va7tcAcpgjCQjFoChBUlseoPoqQoo4mGoT70Kebep9Q=",
+ "version": "4a5aef0495a08032f4369804266b357773b0a009",
+ "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=",
"name": "prometheus"
},
{
@@ -141,8 +141,8 @@
"subdir": "mixin"
}
},
- "version": "4e74c4ba0b6c2b4c34b5ca9cabd14e1a70232902",
- "sum": "saJz+8pxFRq4oS8H5fckUOBETHYcOdoFzFtgueoRQcU=",
+ "version": "7a90505d8f06efd6445dba94174695d4dba05393",
+ "sum": "IS62r3fSx0evbBhH0QqKUW+4TAMOHpzbsW+v9nw/SNM=",
"name": "thanos-mixin"
},
{
diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml
index 83eee474c6113686d8b1812eb8cda938d96b200c..d6321b957aa719b10b75c231d9c05812dfe83076 100644
--- a/manifests/alertmanager-prometheusRule.yaml
+++ b/manifests/alertmanager-prometheusRule.yaml
@@ -37,7 +37,7 @@ spec:
max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m])
< on (namespace,service) group_left
count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m]))
- for: 10m
+ for: 15m
labels:
severity: critical
- alert: AlertmanagerFailedToSendAlerts
diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml
index e0a6ab561bca1079a874bf2af698fa5316f3d249..8253c14cf7dc2094661ed05d86798cc744af92ff 100644
--- a/manifests/grafana-dashboardDefinitions.yaml
+++ b/manifests/grafana-dashboardDefinitions.yaml
@@ -30942,6 +30942,14 @@ items:
"stack": true,
"steppedLine": false,
"targets": [
+ {
+ "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total[1m]))",
+ "format": "time_series",
+ "intervalFactor": 2,
+ "legendFormat": "exceeded body size limit: {{job}}",
+ "legendLink": null,
+ "step": 10
+ },
{
"expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))",
"format": "time_series",
diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml
index 7cdb2d9c4508d926121607623b3690fde734260a..7a22a8c7a21f11f7978190cc3801c25d3cb05f4e 100644
--- a/manifests/prometheus-prometheusRule.yaml
+++ b/manifests/prometheus-prometheusRule.yaml
@@ -221,6 +221,16 @@ spec:
for: 15m
labels:
severity: warning
+ - alert: PrometheusTargetSyncFailure
+ annotations:
+ description: '{{ printf "%.0f" $value }} targets in Prometheus {{$labels.namespace}}/{{$labels.pod}} have failed to sync because invalid configuration was supplied.'
+ runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustargetsyncfailure
+ summary: Prometheus has failed to sync targets.
+ expr: |
+ increase(prometheus_target_sync_failed_total{job="prometheus-k8s",namespace="monitoring"}[30m]) > 0
+ for: 5m
+ labels:
+ severity: critical
- alert: PrometheusErrorSendingAlertsToAnyAlertmanager
annotations:
description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.'
diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml
index d6a8acd966eead77aa3fe44ec7310d5e86e00cd3..0d36514d916c03e79b9b73706c9eac1741487b0f 100644
--- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml
@@ -96,6 +96,9 @@ spec:
path:
description: Path to collect metrics from. Defaults to `/probe`.
type: string
+ proxyUrl:
+ description: Optional ProxyURL.
+ type: string
scheme:
description: HTTP scheme to use for scraping. Defaults to `http`.
type: string
diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
index 23816577a3d67af354fd71c1497c80ebddb8e639..d327a71786323d143f4c189434634ea4d7ca0539 100644
--- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
@@ -1470,7 +1470,7 @@ spec:
type: string
type: array
enforcedNamespaceLabel:
- description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created.
+ description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `ProbeConfig` object) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above)."
type: string
enforcedSampleLimit:
description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.
@@ -1481,7 +1481,7 @@ spec:
format: int64
type: integer
evaluationInterval:
- description: Interval between consecutive evaluations.
+ description: 'Interval between consecutive evaluations. Default: `1m`'
type: string
externalLabels:
additionalProperties:
@@ -1508,7 +1508,7 @@ spec:
type: object
type: array
initContainers:
- description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.'
+ description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.'
items:
description: A single application container that you want to run within a pod.
properties:
@@ -2951,7 +2951,7 @@ spec:
type: object
type: object
scrapeInterval:
- description: Interval between consecutive scrapes.
+ description: 'Interval between consecutive scrapes. Default: `1m`'
type: string
scrapeTimeout:
description: Number of seconds to wait for target to respond before erroring.
@@ -3432,6 +3432,9 @@ spec:
objectStorageConfigFile:
description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence.
type: string
+ readyTimeout:
+ description: ReadyTimeout is the maximum time Thanos sidecar will wait for Prometheus to start. Eg 10m
+ type: string
resources:
description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set
properties:
@@ -4399,6 +4402,118 @@ spec:
pageTitle:
description: The prometheus web page title
type: string
+ tlsConfig:
+ description: WebTLSConfig defines the TLS parameters for HTTPS.
+ properties:
+ cert:
+ description: Contains the TLS certificate for the server.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ cipherSuites:
+ description: 'List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants'
+ items:
+ type: string
+ type: array
+ client_ca:
+ description: Contains the CA certificate for client certificate authentication to the server.
+ properties:
+ configMap:
+ description: ConfigMap containing data to use for the targets.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ secret:
+ description: Secret containing data to use for the targets.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ clientAuthType:
+ description: 'Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType'
+ type: string
+ curvePreferences:
+ description: 'Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
+ items:
+ type: string
+ type: array
+ keySecret:
+ description: Secret containing the TLS key for the server.
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ maxVersion:
+ description: Maximum TLS version that is acceptable. Defaults to TLS13.
+ type: string
+ minVersion:
+ description: Minimum TLS version that is acceptable. Defaults to TLS12.
+ type: string
+ preferServerCipherSuites:
+ description: Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used.
+ type: boolean
+ required:
+ - cert
+ - keySecret
+ type: object
type: object
type: object
status:
diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
index ccd8efbfd8190949c164664add27ff2f6664f785..e537e2fd3adc388ebd0d978bed41e0e816205c96 100644
--- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml
@@ -43,7 +43,7 @@ spec:
type: string
rules:
items:
- description: Rule describes an alerting or recording rule.
+ description: 'Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule'
properties:
alert:
type: string
diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
index 4ae0a59de86f207238e0dc02364def4a436f6dcd..60543cc32c690328a97d1b2828d413fb066199d4 100644
--- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
+++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
@@ -293,10 +293,10 @@ spec:
type: object
type: array
jobLabel:
- description: The label to use to retrieve the job name from.
+ description: "Chooses the label of the Kubernetes `Endpoints`. Its value will be used for the `job`-label's value of the created metrics. \n Default & fallback value: the name of the respective Kubernetes `Endpoint`."
type: string
namespaceSelector:
- description: Selector to select which namespaces the Endpoints objects are discovered from.
+ description: Selector to select which namespaces the Kubernetes Endpoints objects are discovered from.
properties:
any:
description: Boolean describing whether all namespaces are selected in contrast to a list restricting them.
@@ -308,7 +308,7 @@ spec:
type: array
type: object
podTargetLabels:
- description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
+ description: PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics.
items:
type: string
type: array
@@ -347,7 +347,7 @@ spec:
type: object
type: object
targetLabels:
- description: TargetLabels transfers labels on the Kubernetes Service onto the target.
+ description: TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics. All labels set in `selector.matchLabels` are automatically transferred.
items:
type: string
type: array