mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-08-27 09:21:56 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #870 from paulfantom/prom-op-globals

Browse Source 
Remove mutating global state in prometheus-operator objects
This commit is contained in:
Paweł Krupa 2021-01-14 13:28:10 +01:00 committed by GitHub
commit 24496d1fac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 172 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
jsonnet/kube-prometheus/jsonnetfile.json
View File

@ -26,7 +26,7 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "release-0.44"
"version": "release-0.45"
},
{
"source": {

112
jsonnet/kube-prometheus/kube-prometheus.libsonnet
View File

@ -1,16 +1,14 @@
local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet';
local alertmanager = import './alertmanager/alertmanager.libsonnet';
local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet';
local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet';
local nodeExporter = import './node-exporter/node-exporter.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet';
local prometheus = import './prometheus/prometheus.libsonnet';
local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
{
alertmanager: alertmanager({
name: $._config.alertmanagerName,
@ -47,6 +45,15 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
image: 'directxman12/k8s-prometheus-adapter:v0.8.2',
prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/',
}),
prometheusOperator: prometheusOperator({
namespace: $._config.namespace,
version: '0.45.0',
image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0',
configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0',
commonLabels+: {
'app.kubernetes.io/part-of': 'kube-prometheus',
},
}),
mixins+:: monitoringMixins({
namespace: $._config.namespace,
alertmanagerName: $._config.alertmanagerName,
@ -76,62 +83,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
},
},
},
prometheusOperator+::
{
service+: {
spec+: {
ports: [
{
name: 'https',
port: 8443,
targetPort: 'https',
},
],
},
},
serviceMonitor+: {
spec+: {
endpoints: [
{
port: 'https',
scheme: 'https',
honorLabels: true,
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
},
],
},
},
clusterRole+: {
rules+: [
{
apiGroups: ['authentication.k8s.io'],
resources: ['tokenreviews'],
verbs: ['create'],
},
{
apiGroups: ['authorization.k8s.io'],
resources: ['subjectaccessreviews'],
verbs: ['create'],
},
],
},
} +
(kubeRbacProxyContainer {
config+:: {
kubeRbacProxy: {
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
name: 'kube-rbac-proxy',
securePortName: 'https',
securePort: 8443,
secureListenAddress: ':%d' % self.securePort,
upstream: 'http://127.0.0.1:8080/',
tlsCipherSuites: $._config.tlsCipherSuites,
},
},
}).deploymentMixin,
grafana+:: {
local dashboardDefinitions = super.dashboardDefinitions,
@ -168,48 +119,7 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
prometheusName: 'k8s',
alertmanagerName: 'main',
versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' },
imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' },
tlsCipherSuites: [
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
// 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
// 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
// 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
// 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
// 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
// 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2
// 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2
// 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
// 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2
// 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2
// 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
// 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
// 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
// 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
// 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
// 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
// disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
],
resources+:: {
'addon-resizer': {
requests: { cpu: '10m', memory: '30Mi' },
limits: { cpu: '50m', memory: '30Mi' },
},
'kube-rbac-proxy': {
requests: { cpu: '10m', memory: '20Mi' },
limits: { cpu: '20m', memory: '40Mi' },
},
},
versions+:: { grafana: '7.3.5' },
grafana+:: {
labels: {

95
jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet
View File

@ -1,95 +0,0 @@
// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet
// are converted to use kube-rbac-proxy/container.libsonnet
{
local krp = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
specMixin:: {
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
spec+: {
template+: {
spec+: {
containers+: [{
name: krp.config.kubeRbacProxy.name,
image: krp.config.kubeRbacProxy.image,
args: [
'--logtostderr',
'--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
'--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites),
'--upstream=' + krp.config.kubeRbacProxy.upstream,
],
ports: [
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
}],
},
},
},
},
deploymentMixin:: {
local dm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
deployment+: krp.specMixin {
config+:: {
kubeRbacProxy+: dm.config.kubeRbacProxy,
},
},
},
statefulSetMixin:: {
local sm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
statefulSet+: krp.specMixin {
config+:: {
kubeRbacProxy+: sm.config.kubeRbacProxy,
},
},
},
}

95
jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet Normal file
View File

@ -0,0 +1,95 @@
local krp = (import '../kube-rbac-proxy/container.libsonnet');
local prometheusOperator = import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet';
local defaults = {
local defaults = self,
name: 'prometheus-operator',
namespace: error 'must provide namespace',
version: error 'must provide version',
image: error 'must provide image',
configReloaderImage: error 'must provide config reloader image',
resources: {
limits: { cpu: '200m', memory: '200Mi' },
requests: { cpu: '100m', memory: '100Mi' },
},
commonLabels:: {
'app.kubernetes.io/name': defaults.name,
'app.kubernetes.io/version': defaults.version,
'app.kubernetes.io/component': 'controller',
'app.kubernetes.io/part-of': 'kube-prometheus',
},
selectorLabels:: {
[labelName]: defaults.commonLabels[labelName]
for labelName in std.objectFields(defaults.commonLabels)
if !std.setMember(labelName, ['app.kubernetes.io/version'])
},
};
function(params)
local config = defaults + params;
// Safety check
assert std.isObject(config.resources);
prometheusOperator(config) {
service+: {
spec+: {
ports: [
{
name: 'https',
port: 8443,
targetPort: 'https',
},
],
},
},
serviceMonitor+: {
spec+: {
endpoints: [
{
port: 'https',
scheme: 'https',
honorLabels: true,
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
},
],
},
},
clusterRole+: {
rules+: [
{
apiGroups: ['authentication.k8s.io'],
resources: ['tokenreviews'],
verbs: ['create'],
},
{
apiGroups: ['authorization.k8s.io'],
resources: ['subjectaccessreviews'],
verbs: ['create'],
},
],
},
local kubeRbacProxy = krp({
name: 'kube-rbac-proxy',
upstream: 'http://127.0.0.1:8080/',
secureListenAddress: ':8443',
ports: [
{ name: 'https', containerPort: 8443 },
],
}),
deployment+: {
spec+: {
template+: {
spec+: {
containers+: [kubeRbacProxy],
},
},
},
},
}

6
jsonnetfile.lock.json
View File

@ -99,7 +99,7 @@
"subdir": "jsonnet/mixin"
}
},
"version": "22aaf848a27f6e45702131e22a596778686068d5",
"version": "5555f492df250168657b72bb8cb60bec071de71f",
"sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U="
},
{
@ -109,8 +109,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "d8b7d3766225908d0239fd0d78258892cd0fc384",
"sum": "Nl+N/h76bzD9tZ8tx7tuNIKHwCIJ9zyOsAWplH8HvAE="
"version": "5555f492df250168657b72bb8cb60bec071de71f",
"sum": "quzK9/gITldAfVGBkFUsLjQ3Y2F4NOJ2GQUjPSD8HHQ="
},
{
"source": {

6
manifests/prometheus-operator-serviceMonitor.yaml
View File

@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring
spec:
@ -19,4 +20,5 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0

43
manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml
View File

@ -47,6 +47,7 @@ spec:
properties:
name:
description: Label to match.
minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression (true).
@ -56,7 +57,6 @@ spec:
type: string
required:
- name
- value
type: object
type: array
targetMatch:
@ -66,6 +66,7 @@ spec:
properties:
name:
description: Label to match.
minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression (true).
@ -75,7 +76,6 @@ spec:
type: string
required:
- name
- value
type: object
type: array
type: object
@ -91,9 +91,10 @@ spec:
description: EmailConfig configures notifications via Email.
properties:
authIdentity:
description: The identity to use for authentication.
type: string
authPassword:
description: SecretKeySelector selects a key of a Secret.
description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@ -108,7 +109,7 @@ spec:
- key
type: object
authSecret:
description: SecretKeySelector selects a key of a Secret.
description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@ -123,7 +124,7 @@ spec:
- key
type: object
authUsername:
description: SMTP authentication information.
description: The username to use for authentication.
type: string
from:
description: The sender address.
@ -135,6 +136,7 @@ spec:
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
@ -262,6 +264,7 @@ spec:
type: array
name:
description: Name of the receiver. Must be unique across all items from the list.
minLength: 1
type: string
opsgenieConfigs:
description: List of OpsGenie configurations.
@ -296,6 +299,7 @@ spec:
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
@ -466,7 +470,7 @@ spec:
responders:
description: List of responders responsible for notifications.
items:
description: OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined.
description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.
properties:
id:
description: ID of the responder.
@ -476,10 +480,13 @@ spec:
type: string
type:
description: Type of responder.
minLength: 1
type: string
username:
description: Username of the responder.
type: string
required:
- type
type: object
type: array
sendResolved:
@ -520,6 +527,7 @@ spec:
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
@ -901,7 +909,7 @@ spec:
description: Notification title.
type: string
token:
description: Your registered applications API token, see https://pushover.net/apps
description: The secret's key that contains the registered applications API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@ -922,7 +930,7 @@ spec:
description: A title for supplementary URL, otherwise just the URL is shown
type: string
userKey:
description: The recipient users user key.
description: The secret's key that contains the recipient users user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@ -956,6 +964,7 @@ spec:
okText:
type: string
text:
minLength: 1
type: string
title:
type: string
@ -967,8 +976,10 @@ spec:
style:
type: string
text:
minLength: 1
type: string
type:
minLength: 1
type: string
url:
type: string
@ -1011,8 +1022,10 @@ spec:
short:
type: boolean
title:
minLength: 1
type: string
value:
minLength: 1
type: string
required:
- title
@ -1207,7 +1220,7 @@ spec:
description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
properties:
apiKey:
description: The API key to use when talking to the VictorOps API.
description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
@ -1231,6 +1244,7 @@ spec:
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
@ -1407,8 +1421,6 @@ spec:
stateMessage:
description: Contains long explanation of the alerted problem.
type: string
required:
- routingKey
type: object
type: array
webhookConfigs:
@ -1566,8 +1578,9 @@ spec:
type: object
type: object
maxAlerts:
description: Maximum number of alerts to be sent per webhook message.
description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included.
format: int32
minimum: 0
type: integer
sendResolved:
description: Whether or not to notify about resolved alerts.
@ -1790,7 +1803,7 @@ spec:
type: object
type: array
route:
description: The Alertmanager route definition for alerts matching the resources namespace. It will be added to the generated Alertmanager configuration as a first-level route.
description: The Alertmanager route definition for alerts matching the resources namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.
properties:
continue:
description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.
@ -1813,6 +1826,7 @@ spec:
properties:
name:
description: Label to match.
minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression (true).
@ -1822,11 +1836,10 @@ spec:
type: string
required:
- name
- value
type: object
type: array
receiver:
description: Name of the receiver for this route. If present, it should be listed in the `receivers` field. The field can be omitted only for nested routes otherwise it is mandatory.
description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.
type: string
repeatInterval:
description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).

9
manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
View File

@ -2255,7 +2255,7 @@ spec:
type: string
type: object
podMonitorNamespaceSelector:
description: Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace.
description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -2846,7 +2846,7 @@ spec:
description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).
type: string
retentionSize:
description: Maximum amount of disk space used by blocks.
description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.'
type: string
routePrefix:
description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.
@ -3016,7 +3016,7 @@ spec:
description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.
type: string
serviceMonitorNamespaceSelector:
description: Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace.
description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@ -3453,6 +3453,9 @@ spec:
required:
- key
type: object
tracingConfigFile:
description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence.
type: string
version:
description: Version describes the version of Thanos to use.
type: string

3
manifests/setup/prometheus-operator-clusterRole.yaml
View File

@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
name: prometheus-operator
rules:
- apiGroups:

3
manifests/setup/prometheus-operator-clusterRoleBinding.yaml
View File

@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io

20
manifests/setup/prometheus-operator-deployment.yaml
View File

@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring
spec:
@ -13,18 +14,20 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: kube-prometheus
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
spec:
containers:
- args:
- --kubelet-service=kube-system/kubelet
- --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1
image: quay.io/prometheus-operator/prometheus-operator:v0.44.1
- --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0
image: quay.io/prometheus-operator/prometheus-operator:v0.45.0
name: prometheus-operator
ports:
- containerPort: 8080
@ -48,12 +51,19 @@ spec:
ports:
- containerPort: 8443
name: https
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 20Mi
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector:
beta.kubernetes.io/os: linux
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534

4
manifests/setup/prometheus-operator-service.yaml
View File

@ -4,7 +4,8 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring
spec:
@ -16,3 +17,4 @@ spec:
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: kube-prometheus

3
manifests/setup/prometheus-operator-serviceAccount.yaml
View File

@ -4,6 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/version: v0.44.1
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.45.0
name: prometheus-operator
namespace: monitoring