From 05744ccfc390575d786b28d4a91f880b30d7d700 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Fri, 6 Nov 2020 17:58:57 +0100 Subject: [PATCH 001/388] Remove ksonnet from ksm-autoscaler.libsonne Signed-off-by: Kemal Akkoyun --- .../ksm-autoscaler/ksm-autoscaler.libsonnet | 195 ++++++++++-------- 1 file changed, 105 insertions(+), 90 deletions(-) diff --git a/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet b/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet index 1fed631d..3281a283 100644 --- a/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet +++ b/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet @@ -1,13 +1,11 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; - { _config+:: { versions+:: { - clusterVerticalAutoscaler: "v0.8.1" + clusterVerticalAutoscaler: 'v0.8.1', }, imageRepos+:: { - clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64' + clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64', }, kubeStateMetrics+:: { @@ -16,103 +14,120 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; }, }, ksmAutoscaler+:: { - clusterRole: - local clusterRole = k.rbac.v1.clusterRole; - local rulesType = clusterRole.rulesType; + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { name: 'ksm-autoscaler' }, + rules: [{ + apiGroups: [''], + resources: ['nodes'], + verbs: ['list', 'watch'], + }], + }, - local rules = [ - rulesType.new() + - rulesType.withApiGroups(['']) + - rulesType.withResources([ - 'nodes', - ]) + - rulesType.withVerbs(['list', 'watch']), - ]; + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { name: 'ksm-autoscaler' }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'ksm-autoscaler', + }, + subjects: [{ kind: 'ServiceAccount', name: 'ksm-autoscaler', namespace: $._config.namespace }], + }, - clusterRole.new() + - clusterRole.mixin.metadata.withName('ksm-autoscaler') + - clusterRole.withRules(rules), + roleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'ksm-autoscaler', + namespace: $._config.namespace, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'ksm-autoscaler', + }, + subjects: [{ kind: 'ServiceAccount', name: 'ksm-autoscaler' }], + }, - clusterRoleBinding: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; + role: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'ksm-autoscaler', + namespace: $._config.namespace, + }, + rules: [ + { + apiGroups: ['extensions'], + resources: ['deployments'], + verbs: ['patch'], + resourceNames: ['kube-state-metrics'], + }, + { + apiGroups: ['apps'], + resources: ['deployments'], + verbs: ['patch'], + resourceNames: ['kube-state-metrics'], + }, + ], + }, - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withName('ksm-autoscaler') + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName('ksm-autoscaler') + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'ksm-autoscaler', namespace: $._config.namespace }]), + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'ksm-autoscaler', + namespace: $._config.namespace, + }, + }, - roleBinding: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('ksm-autoscaler') + - roleBinding.mixin.metadata.withNamespace($._config.namespace) + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('ksm-autoscaler') + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'ksm-autoscaler' }]), - - role: - local role = k.rbac.v1.role; - local rulesType = role.rulesType; - - local extensionsRule = rulesType.new() + - rulesType.withApiGroups(['extensions']) + - rulesType.withResources([ - 'deployments', - ]) + - rulesType.withVerbs(['patch']) + - rulesType.withResourceNames(['kube-state-metrics']); - - local appsRule = rulesType.new() + - rulesType.withApiGroups(['apps']) + - rulesType.withResources([ - 'deployments', - ]) + - rulesType.withVerbs(['patch']) + - rulesType.withResourceNames(['kube-state-metrics']); - - local rules = [extensionsRule, appsRule]; - - role.new() + - role.mixin.metadata.withName('ksm-autoscaler') + - role.mixin.metadata.withNamespace($._config.namespace) + - role.withRules(rules), - - serviceAccount: - local serviceAccount = k.core.v1.serviceAccount; - - serviceAccount.new('ksm-autoscaler') + - serviceAccount.mixin.metadata.withNamespace($._config.namespace), deployment: - local deployment = k.apps.v1.deployment; - local container = deployment.mixin.spec.template.spec.containersType; - local podSelector = deployment.mixin.spec.template.spec.selectorType; local podLabels = { app: 'ksm-autoscaler' }; - - local kubeStateMetricsAutoscaler = - container.new('ksm-autoscaler', $._config.imageRepos.clusterVerticalAutoscaler + ':' + $._config.versions.clusterVerticalAutoscaler) + - container.withArgs([ + local c = { + name: 'ksm-autoscaler', + image: $._config.imageRepos.clusterVerticalAutoscaler + ':' + $._config.versions.clusterVerticalAutoscaler, + args: [ '/cpvpa', '--target=deployment/kube-state-metrics', '--namespace=' + $._config.namespace, '--logtostderr=true', '--poll-period-seconds=10', - '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}}}}' - ]) + - container.mixin.resources.withRequests({cpu: '20m', memory: '10Mi'}); - - local c = [kubeStateMetricsAutoscaler]; - - deployment.new('ksm-autoscaler', 1, c, podLabels) + - deployment.mixin.metadata.withNamespace($._config.namespace) + - deployment.mixin.metadata.withLabels(podLabels) + - deployment.mixin.spec.selector.withMatchLabels(podLabels) + - deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) + - deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) + - deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) + - deployment.mixin.spec.template.spec.withServiceAccountName('ksm-autoscaler'), + '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}}}}', + ], + resources: { + requests: { cpu: '20m', memory: '10Mi' }, + }, + }; + + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: 'ksm-autoscaler', + namespace: $._config.namespace, + labels: podLabels, + }, + spec: { + replicas: 1, + selector: { matchLabels: podLabels }, + template: { + metadata: { + labels: podLabels, + }, + spec: { + containers: [c], + serviceAccount: 'ksm-autoscaler', + nodeSelector: { 'kubernetes.io/os': 'linux' }, + securityContext: { + runAsNonRoot: true, + runAsUser: 65534, + }, + }, + }, + }, + }, }, } From c14fc2a709fb4d6ea2079b5ceaa5ad552a74294b Mon Sep 17 00:00:00 2001 From: Philipp Schleier Date: Thu, 12 Nov 2020 17:35:41 +0100 Subject: [PATCH 002/388] Fix kubeadm selector and nodePort --- jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet | 4 ++-- jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet index 0eccc939..ad35df2e 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet @@ -19,14 +19,14 @@ local service(name, namespace, labels, selector, ports) = { 'kube-controller-manager-prometheus-discovery', 'kube-system', { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'component': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'component': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet index b9369011..405a70ce 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet @@ -1,6 +1,6 @@ local patch(ports) = { spec+: { - ports+: ports, + ports: ports, type: 'NodePort', }, }; From ead1c35facf8ce77ad6a4111c3fa7835e381f6d0 Mon Sep 17 00:00:00 2001 From: Ali Akca Date: Thu, 12 Nov 2020 23:42:54 +0100 Subject: [PATCH 003/388] Replace `go install` with `go build -o` in $TOOLING rule --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9411829e..96986e21 100644 --- a/Makefile +++ b/Makefile @@ -52,4 +52,4 @@ $(BIN_DIR): $(TOOLING): $(BIN_DIR) @echo Installing tools from scripts/tools.go - @cat scripts/tools.go | grep _ | awk -F'"' '{print $$2}' | GOBIN=$(BIN_DIR) xargs -tI % go install % + @cat scripts/tools.go | grep _ | awk -F'"' '{print $$2}' | xargs -tI % go build -o $(BIN_DIR) % From 739200dea36be5c41533739cdd30ac39c0aace5f Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Mon, 16 Nov 2020 09:03:35 +0100 Subject: [PATCH 004/388] Fix typo Signed-off-by: Kemal Akkoyun --- jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet index 7311c366..a003fc75 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet @@ -13,7 +13,7 @@ { name: 'metrics', port: 9153, targetPort: 9153 }, ], selector: { 'k8s-app': 'kube-dns' }, - cluserAPI: 'None', + clusterIP: 'None', }, }, }, From 8d8c45c4dd600ea95e218c879301b074e7b4f710 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Mon, 16 Nov 2020 09:12:00 +0100 Subject: [PATCH 005/388] Remove ksonnet from kube-prometheus Signed-off-by: Kemal Akkoyun --- .../kube-prometheus-all-namespaces.libsonnet | 29 +++++++------------ .../kube-prometheus-anti-affinity.libsonnet | 29 +++++++++---------- 2 files changed, 24 insertions(+), 34 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet index e6ab5548..843c1769 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet @@ -1,20 +1,11 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; - { - prometheus+:: { - clusterRole+: { - rules+: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - local rule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - [rule] - }, - } -} \ No newline at end of file + prometheus+:: { + clusterRole+: { + rules+: [{ + apiGroups: [''], + resources: ['services', 'endpoints', 'pods'], + verbs: ['get', 'list', 'watch'], + }], + }, + }, +} diff --git a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet index 59014d55..9fd0eb78 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet @@ -1,23 +1,22 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; -local statefulSet = k.apps.v1.statefulSet; -local affinity = statefulSet.mixin.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecutionType; -local matchExpression = affinity.mixin.podAffinityTerm.labelSelector.matchExpressionsType; - { local antiaffinity(key, values, namespace) = { affinity: { podAntiAffinity: { preferredDuringSchedulingIgnoredDuringExecution: [ - affinity.new() + - affinity.withWeight(100) + - affinity.mixin.podAffinityTerm.withNamespaces(namespace) + - affinity.mixin.podAffinityTerm.withTopologyKey('kubernetes.io/hostname') + - affinity.mixin.podAffinityTerm.labelSelector.withMatchExpressions([ - matchExpression.new() + - matchExpression.withKey(key) + - matchExpression.withOperator('In') + - matchExpression.withValues(values), - ]), + { + podAffinityTerm: { + namespaces: [namespace], + topologyKey: 'kubernetes.io/hostname', + labelSelector: { + matchExpressions: [{ + key: key, + operator: 'In', + values: values, + }], + }, + weight: 100, + }, + }, ], }, }, From c90d8a02a9af286599401d8ebacc1802f556571b Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Mon, 16 Nov 2020 09:20:44 +0100 Subject: [PATCH 006/388] Address review issues Signed-off-by: Kemal Akkoyun --- .../ksm-autoscaler/ksm-autoscaler.libsonnet | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet b/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet index 3281a283..88154ac1 100644 --- a/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet +++ b/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet @@ -1,12 +1,7 @@ { _config+:: { - versions+:: { - clusterVerticalAutoscaler: 'v0.8.1', - }, - - imageRepos+:: { - clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64', - }, + versions+:: { clusterVerticalAutoscaler: '0.8.1' }, + imageRepos+:: { clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64' }, kubeStateMetrics+:: { stepCPU: '1m', @@ -88,7 +83,7 @@ local podLabels = { app: 'ksm-autoscaler' }; local c = { name: 'ksm-autoscaler', - image: $._config.imageRepos.clusterVerticalAutoscaler + ':' + $._config.versions.clusterVerticalAutoscaler, + image: $._config.imageRepos.clusterVerticalAutoscaler + ':v' + $._config.versions.clusterVerticalAutoscaler, args: [ '/cpvpa', '--target=deployment/kube-state-metrics', From c123d87347249addbcf9b90936192f85b0310b6b Mon Sep 17 00:00:00 2001 From: Ali Akca Date: Thu, 12 Nov 2020 23:43:10 +0100 Subject: [PATCH 007/388] Bump go version to 1.15 --- .github/workflows/ci.yaml | 2 +- go.mod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 54a8e50c..90400a73 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -3,7 +3,7 @@ on: - push - pull_request env: - golang-version: '1.13' + golang-version: '1.15' kind-version: 'v0.9.0' jobs: generate: diff --git a/go.mod b/go.mod index 1c6c40f1..af027cc6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/prometheus-operator/kube-prometheus -go 1.13 +go 1.15 require ( github.com/Jeffail/gabs v1.4.0 From 1b12e6882d6ede686d16577e12ef48712da195ec Mon Sep 17 00:00:00 2001 From: Ali Akca Date: Thu, 12 Nov 2020 23:49:01 +0100 Subject: [PATCH 008/388] Migrate tool dependencies to scripts/go.mod --- Makefile | 2 +- go.mod | 4 ---- go.sum | 23 --------------------- scripts/go.mod | 10 +++++++++ scripts/go.sum | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 66 insertions(+), 28 deletions(-) create mode 100644 scripts/go.mod create mode 100644 scripts/go.sum diff --git a/Makefile b/Makefile index 96986e21..d02904e2 100644 --- a/Makefile +++ b/Makefile @@ -52,4 +52,4 @@ $(BIN_DIR): $(TOOLING): $(BIN_DIR) @echo Installing tools from scripts/tools.go - @cat scripts/tools.go | grep _ | awk -F'"' '{print $$2}' | xargs -tI % go build -o $(BIN_DIR) % + @cd scripts && cat tools.go | grep _ | awk -F'"' '{print $$2}' | xargs -tI % go build -modfile=go.mod -o $(BIN_DIR) % diff --git a/go.mod b/go.mod index af027cc6..b0bfa19c 100644 --- a/go.mod +++ b/go.mod @@ -4,10 +4,6 @@ go 1.15 require ( github.com/Jeffail/gabs v1.4.0 - github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c - github.com/campoy/embedmd v1.0.0 - github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f - github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.8.0 k8s.io/apimachinery v0.19.3 diff --git a/go.sum b/go.sum index 657f1cd9..1fca7e54 100644 --- a/go.sum +++ b/go.sum @@ -54,10 +54,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c h1:hb6WqfcKQZlNx/vahy51SaIvKnoXD5609Nm0PC4msEM= -github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c/go.mod h1:+00lOjYXPgMfxHVPvg9GDtc3BX5Xh5aFpB4gMB8gfMo= -github.com/campoy/embedmd v1.0.0 h1:V4kI2qTJJLf4J29RzI/MAt2c3Bl4dQSYPuflzwFH2hY= -github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -93,8 +89,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -155,8 +149,6 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f h1:mw4KoMG5/DXLPhpKXQRYTEIZFkFo0a1HU2R1HbeYpek= -github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= @@ -216,8 +208,6 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUptJtnUpai802MibFc= -github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -241,15 +231,8 @@ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0Q github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.6 h1:SrwhHcpV4nWrMGdNcC2kXpMfcBVYGDuTArqyhocJgvA= -github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -344,8 +327,6 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -462,8 +443,6 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -474,8 +453,6 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/scripts/go.mod b/scripts/go.mod new file mode 100644 index 00000000..a1d67ef2 --- /dev/null +++ b/scripts/go.mod @@ -0,0 +1,10 @@ +module _ // go.mod created for tooling dependencies + +go 1.15 + +require ( + github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c + github.com/campoy/embedmd v1.0.0 + github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f + github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 +) diff --git a/scripts/go.sum b/scripts/go.sum new file mode 100644 index 00000000..0972dc58 --- /dev/null +++ b/scripts/go.sum @@ -0,0 +1,55 @@ +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c h1:hb6WqfcKQZlNx/vahy51SaIvKnoXD5609Nm0PC4msEM= +github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c/go.mod h1:+00lOjYXPgMfxHVPvg9GDtc3BX5Xh5aFpB4gMB8gfMo= +github.com/campoy/embedmd v1.0.0 h1:V4kI2qTJJLf4J29RzI/MAt2c3Bl4dQSYPuflzwFH2hY= +github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f h1:mw4KoMG5/DXLPhpKXQRYTEIZFkFo0a1HU2R1HbeYpek= +github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= +github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUptJtnUpai802MibFc= +github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 2a49d0f8aa3aa6ab34d21f6a257b97bc9f161dab Mon Sep 17 00:00:00 2001 From: Ali Akca Date: Fri, 13 Nov 2020 00:24:03 +0100 Subject: [PATCH 009/388] Do not export GO111MODULE --- Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Makefile b/Makefile index d02904e2..754ba59a 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,5 @@ SHELL=/bin/bash -o pipefail -export GO111MODULE=on - BIN_DIR?=$(shell pwd)/tmp/bin EMBEDMD_BIN=$(BIN_DIR)/embedmd From 77f1ad3b1c30289e38636343fa0a274e6fa5eeb4 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Mon, 16 Nov 2020 14:23:23 +0100 Subject: [PATCH 010/388] Add instructions for community support This change documents where to find documentation and support for the various components of kube-prometheus. Signed-off-by: Simon Pasquier --- README.md | 9 ++++- docs/community-support.md | 84 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 docs/community-support.md diff --git a/README.md b/README.md index e0ded79c..3dab9c35 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ This stack is meant for cluster monitoring, so it is pre-configured to collect m - [Authorization problem](#authorization-problem) - [kube-state-metrics resource usage](#kube-state-metrics-resource-usage) - [Contributing](#contributing) + - [License](#license) ## Prerequisites @@ -327,7 +328,7 @@ These are the available fields with their respective default values: prometheus: "quay.io/prometheus/prometheus", alertmanager: "quay.io/prometheus/alertmanager", kubeStateMetrics: "quay.io/coreos/kube-state-metrics", - kubeRbacProxy: "quay.io/coreos/kube-rbac-proxy", + kubeRbacProxy: "quay.io/brancz/kube-rbac-proxy", nodeExporter: "quay.io/prometheus/node-exporter", prometheusOperator: "quay.io/prometheus-operator/prometheus-operator", }, @@ -737,6 +738,8 @@ Working examples of use with continuous delivery tools are found in examples/con ## Troubleshooting +See the general [guidelines](docs/community-support.md) for getting support from the community. + ### Error retrieving kubelet metrics Should the Prometheus `/targets` page show kubelet targets, but not able to successfully scrape the metrics, then most likely it is a problem with the authentication and authorization setup of the kubelets. @@ -787,3 +790,7 @@ the following process: 3. Update the pinned kube-prometheus dependency in `jsonnetfile.lock.json`: `jb update` 3. Generate dependent `*.yaml` files: `make generate` 4. Commit the generated changes. + +## License + +Apache License 2.0, see [LICENSE](https://github.com/prometheus-operator/kube-prometheus/blob/master/LICENSE). diff --git a/docs/community-support.md b/docs/community-support.md new file mode 100644 index 00000000..218eaa74 --- /dev/null +++ b/docs/community-support.md @@ -0,0 +1,84 @@ +# Community support + +For bugs, you can use the GitHub [issue tracker](https://github.com/prometheus-operator/kube-prometheus/issues/new/choose). + +For questions, you can use the GitHub [discussions forum](https://github.com/prometheus-operator/kube-prometheus/discussions). + +Many of the `kube-prometheus` project's contributors and users can also be found on the #prometheus-operator channel of the [Kubernetes Slack][Kubernetes Slack]. + +`kube-prometheus` is the aggregation of many projects that all have different +channels to reach out for help and support. This community strives at +supporting all users and you should never be afraid of asking us first. However +if your request relates specifically to one of the projects listed below, it is +often more efficient to reach out to the project directly. If you are unsure, +please feel free to open an issue in this repository and we will redirect you +if applicable. + +## prometheus-operator + +For documentation, check the project's [documentation directory](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation). + +For questions, use the #prometheus-operator channel on the [Kubernetes Slack][Kubernetes Slack]. + +For bugs, use the GitHub [issue tracker](https://github.com/prometheus-operator/prometheus-operator/issues/new/choose). + +## Prometheus, Alertmanager, node_exporter + +For documentation, check the Prometheus [online docs](https://prometheus.io/docs/). There is a +[section](https://prometheus.io/docs/introduction/media/) with links to blog +posts, recorded talks and presentations. This [repository](https://github.com/roaldnefs/awesome-prometheus) +(not affiliated to the Prometheus project) has also a list of curated resources +related to the Prometheus ecosystem. + +For questions, see the Prometheus [community page](https://prometheus.io/community/) for the various channels. + +There is also a #prometheus channel on the [CNCF Slack][CNCF Slack]. + +## kube-state-metrics + +For documentation, see the project's [docs directory](https://github.com/kubernetes/kube-state-metrics/tree/master/docs). + +For questions, use the #kube-state-metrics channel on the [Kubernetes Slack][Kubernetes Slack]. + +For bugs, use the GitHub [issue tracker](https://github.com/kubernetes/kube-state-metrics/issues/new/choose). + +## Kubernetes + +For documentation, check the [Kubernetes docs](https://kubernetes.io/docs/home/). + +For questions, use the [community forums](https://discuss.kubernetes.io/) and the [Kubernetes Slack][Kubernetes Slack]. Check also the [community page](https://kubernetes.io/community/#discuss). + +For bugs, use the GitHub [issue tracker](https://github.com/kubernetes/kubernetes/issues/new/choose). + +## Prometheus adapter + +For documentation, check the project's [README](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/README.md). + +For questions, use the #sig-instrumentation channel on the [Kubernetes Slack][Kubernetes Slack]. + +For bugs, use the GitHub [issue tracker](https://github.com/DirectXMan12/k8s-prometheus-adapter/issues/new). + +## Grafana + +For documentation, check the [Grafana docs](https://grafana.com/docs/grafana/latest/). + +For questions, use the [community forums](https://community.grafana.com/). + +For bugs, use the GitHub [issue tracker](https://github.com/grafana/grafana/issues/new/choose). + +## kubernetes-mixin + +For documentation, check the project's [README](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/README.md). + +For questions, use #monitoring-mixins channel on the [Kubernetes Slack][Kubernetes Slack]. + +For bugs, use the GitHub [issue tracker](https://github.com/kubernetes-monitoring/kubernetes-mixin/issues/new). + +## Jsonnet + +For documentation, check the [Jsonnet](https://jsonnet.org/) website. + +For questions, use the [mailing list](https://groups.google.com/forum/#!forum/jsonnet). + +[Kubernetes Slack]: https://slack.k8s.io/ +[CNCF Slack]: https://slack.cncf.io/ From 5005f4ac2e370b54d2ca3f3efcaa8565cae74d35 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Wed, 18 Nov 2020 16:49:47 +0100 Subject: [PATCH 011/388] Remove ksonnet from node-exporter/node-exporter.libsonnet Signed-off-by: Kemal Akkoyun --- .../node-exporter/node-exporter.libsonnet | 291 +++++++++--------- manifests/node-exporter-daemonset.yaml | 1 + 2 files changed, 146 insertions(+), 146 deletions(-) diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index e0326b88..2865deca 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -1,16 +1,8 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; - { _config+:: { namespace: 'default', - - versions+:: { - nodeExporter: 'v1.0.1', - }, - - imageRepos+:: { - nodeExporter: 'quay.io/prometheus/node-exporter', - }, + versions+:: { nodeExporter: 'v1.0.1' }, + imageRepos+:: { nodeExporter: 'quay.io/prometheus/node-exporter' }, nodeExporter+:: { listenAddress: '127.0.0.1', @@ -28,76 +20,49 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; }, nodeExporter+:: { - clusterRoleBinding: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'node-exporter', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'node-exporter', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'node-exporter', + namespace: $._config.namespace, + }], + }, - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withName('node-exporter') + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName('node-exporter') + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'node-exporter', namespace: $._config.namespace }]), - - clusterRole: - local clusterRole = k.rbac.v1.clusterRole; - local policyRule = clusterRole.rulesType; - - local authenticationRole = policyRule.new() + - policyRule.withApiGroups(['authentication.k8s.io']) + - policyRule.withResources([ - 'tokenreviews', - ]) + - policyRule.withVerbs(['create']); - - local authorizationRole = policyRule.new() + - policyRule.withApiGroups(['authorization.k8s.io']) + - policyRule.withResources([ - 'subjectaccessreviews', - ]) + - policyRule.withVerbs(['create']); - - local rules = [authenticationRole, authorizationRole]; - - clusterRole.new() + - clusterRole.mixin.metadata.withName('node-exporter') + - clusterRole.withRules(rules), + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'node-exporter', + }, + rules: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], + }, + ], + }, daemonset: - local daemonset = k.apps.v1.daemonSet; - local container = daemonset.mixin.spec.template.spec.containersType; - local volume = daemonset.mixin.spec.template.spec.volumesType; - local containerPort = container.portsType; - local containerVolumeMount = container.volumeMountsType; - local podSelector = daemonset.mixin.spec.template.spec.selectorType; - local toleration = daemonset.mixin.spec.template.spec.tolerationsType; - local containerEnv = container.envType; - - local podLabels = $._config.nodeExporter.labels; - local selectorLabels = $._config.nodeExporter.selectorLabels; - - local existsToleration = toleration.new() + - toleration.withOperator('Exists'); - local procVolumeName = 'proc'; - local procVolume = volume.fromHostPath(procVolumeName, '/proc'); - local procVolumeMount = containerVolumeMount.new(procVolumeName, '/host/proc'). - withMountPropagation('HostToContainer'). - withReadOnly(true); - - local sysVolumeName = 'sys'; - local sysVolume = volume.fromHostPath(sysVolumeName, '/sys'); - local sysVolumeMount = containerVolumeMount.new(sysVolumeName, '/host/sys'). - withMountPropagation('HostToContainer'). - withReadOnly(true); - - local rootVolumeName = 'root'; - local rootVolume = volume.fromHostPath(rootVolumeName, '/'); - local rootVolumeMount = containerVolumeMount.new(rootVolumeName, '/host/root'). - withMountPropagation('HostToContainer'). - withReadOnly(true); - - local nodeExporter = - container.new('node-exporter', $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter) + - container.withArgs([ + local nodeExporter = { + name: 'node-exporter', + image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter, + args: [ '--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]), '--path.procfs=/host/proc', '--path.sysfs=/host/sys', @@ -105,20 +70,27 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; '--no-collector.wifi', '--no-collector.hwmon', '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', - ]) + - container.withVolumeMounts([procVolumeMount, sysVolumeMount, rootVolumeMount]) + - container.mixin.resources.withRequests($._config.resources['node-exporter'].requests) + - container.mixin.resources.withLimits($._config.resources['node-exporter'].limits); + ], + volumeMounts: [ + { name: 'proc', mountPath: '/host/proc', mountPropagation: 'HostToContainer', readOnly: true }, + { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, + { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, + ], + resources: $._config.resources['node-exporter'], + }; - local ip = containerEnv.fromFieldPath('IP', 'status.podIP'); - local proxy = - container.new('kube-rbac-proxy', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) + - container.withArgs([ + local proxy = { + name: 'kube-rbac-proxy', + image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, + args: [ '--logtostderr', '--secure-listen-address=[$(IP)]:' + $._config.nodeExporter.port, '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites), '--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/', - ]) + + ], + env: [ + { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, + ], // Keep `hostPort` here, rather than in the node-exporter container // because Kubernetes mandates that if you define a `hostPort` then // `containerPort` must match. In our case, we are splitting the @@ -127,82 +99,109 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; // used by the service is tied to the proxy container. We *could* // forgo declaring the host port, however it is important to declare // it so that the scheduler can decide if the pod is schedulable. - container.withPorts(containerPort.new($._config.nodeExporter.port) + containerPort.withHostPort($._config.nodeExporter.port) + containerPort.withName('https')) + - container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) + - container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits) + - container.withEnv([ip]); + ports: [ + { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port }, + ], + resources: $._config.resources['kube-rbac-proxy'], + }; - local c = [nodeExporter, proxy]; - - daemonset.new() + - daemonset.mixin.metadata.withName('node-exporter') + - daemonset.mixin.metadata.withNamespace($._config.namespace) + - daemonset.mixin.metadata.withLabels(podLabels) + - daemonset.mixin.spec.selector.withMatchLabels(selectorLabels) + - daemonset.mixin.spec.updateStrategy.rollingUpdate.withMaxUnavailable('10%') + - daemonset.mixin.spec.template.metadata.withLabels(podLabels) + - daemonset.mixin.spec.template.spec.withTolerations([existsToleration]) + - daemonset.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) + - daemonset.mixin.spec.template.spec.withContainers(c) + - daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume, rootVolume]) + - daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) + - daemonset.mixin.spec.template.spec.securityContext.withRunAsUser(65534) + - daemonset.mixin.spec.template.spec.withServiceAccountName('node-exporter') + - daemonset.mixin.spec.template.spec.withHostPid(true) + - daemonset.mixin.spec.template.spec.withHostNetwork(true), - - serviceAccount: - local serviceAccount = k.core.v1.serviceAccount; - - serviceAccount.new('node-exporter') + - serviceAccount.mixin.metadata.withNamespace($._config.namespace), - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', + apiVersion: 'apps/v1', + kind: 'DaemonSet', metadata: { name: 'node-exporter', namespace: $._config.namespace, labels: $._config.nodeExporter.labels, }, spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: $._config.nodeExporter.selectorLabels, + selector: { matchLabels: $._config.nodeExporter.selectorLabels }, + updateStrategy: { + type: 'RollingUpdate', + rollingUpdate: { maxUnavailable: '10%' }, }, - endpoints: [ - { - port: 'https', - scheme: 'https', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - action: 'replace', - regex: '(.*)', - replacement: '$1', - sourceLabels: ['__meta_kubernetes_pod_node_name'], - targetLabel: 'instance', - }, + template: { + metadata: { labels: $._config.nodeExporter.labels }, + spec: { + nodeSelector: { 'kubernetes.io/os': 'linux' }, + tolerations: [{ + operator: 'Exists', + }], + containers: [nodeExporter, proxy], + volumes: [ + { name: 'proc', hostPath: { path: '/proc' } }, + { name: 'sys', hostPath: { path: '/sys' } }, + { name: 'root', hostPath: { path: '/' } }, ], - tlsConfig: { - insecureSkipVerify: true, + serviceAccountName: 'node-exporter', + securityContext: { + runAsUser: 65534, + runAsNonRoot: true, }, + hostPID: true, + hostNetwork: true, }, - ], + }, }, }, - service: - local service = k.core.v1.service; - local servicePort = k.core.v1.service.mixin.spec.portsType; + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'node-exporter', + namespace: $._config.namespace, + }, + }, - local nodeExporterPort = servicePort.newNamed('https', $._config.nodeExporter.port, 'https'); + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'node-exporter', + namespace: $._config.namespace, + labels: $._config.nodeExporter.labels, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: $._config.nodeExporter.selectorLabels, + }, + endpoints: [{ + port: 'https', + scheme: 'https', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], + tlsConfig: { + insecureSkipVerify: true, + }, + }], + }, + }, - service.new('node-exporter', $._config.nodeExporter.selectorLabels, nodeExporterPort) + - service.mixin.metadata.withNamespace($._config.namespace) + - service.mixin.metadata.withLabels($._config.nodeExporter.labels) + - service.mixin.spec.withClusterIp('None'), + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'node-exporter', + namespace: $._config.namespace, + labels: $._config.nodeExporter.labels, + }, + spec: { + ports: [ + { name: 'https', targetPort: 'https', port: $._config.nodeExporter.port }, + ], + selector: $._config.nodeExporter.selectorLabels, + clusterIP: 'None', + }, + }, }, } diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 275d2753..32a4e6cf 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -93,3 +93,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% + type: RollingUpdate From 5a610adc8c07dc472897a80841e4578d4d29b4b1 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Wed, 18 Nov 2020 17:39:46 +0100 Subject: [PATCH 012/388] Remove ksonnet from prometheus/prometheus.libsonnet Signed-off-by: Kemal Akkoyun --- .../prometheus/prometheus.libsonnet | 853 +++++++++--------- 1 file changed, 406 insertions(+), 447 deletions(-) diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 9ffd5f1f..52020656 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -1,21 +1,10 @@ -local k3 = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.3/k.libsonnet'; -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; - { _config+:: { namespace: 'default', - versions+:: { - prometheus: 'v2.22.1', - }, - - imageRepos+:: { - prometheus: 'quay.io/prometheus/prometheus', - }, - - alertmanager+:: { - name: 'main', - }, + versions+:: { prometheus: 'v2.22.1' }, + imageRepos+:: { prometheus: 'quay.io/prometheus/prometheus' }, + alertmanager+:: { name: 'main' }, prometheus+:: { name: 'k8s', @@ -35,468 +24,438 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; prometheusRules:: $._config.prometheus.rules, alertmanagerName:: $.alertmanager.service.metadata.name, - serviceAccount: - local serviceAccount = k.core.v1.serviceAccount; - - serviceAccount.new('prometheus-' + p.name) + - serviceAccount.mixin.metadata.withNamespace(p.namespace), - service: - local service = k.core.v1.service; - local servicePort = k.core.v1.service.mixin.spec.portsType; - - local prometheusPort = servicePort.newNamed('web', 9090, 'web'); - - service.new('prometheus-' + p.name, { app: 'prometheus', prometheus: p.name }, prometheusPort) + - service.mixin.spec.withSessionAffinity('ClientIP') + - service.mixin.metadata.withNamespace(p.namespace) + - service.mixin.metadata.withLabels({ prometheus: p.name }), - - rules: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: { - prometheus: p.name, - role: 'alert-rules', - }, - name: 'prometheus-' + p.name + '-rules', - namespace: p.namespace, - }, - spec: { - groups: p.prometheusRules.groups, - }, + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'prometheus-' + p.name, + namespace: p.namespace, }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'prometheus-' + p.name, + namespace: p.namespace, + labels: { prometheus: p.name }, + }, + spec: { + ports: [ + { name: 'web', targetPort: 'web', port: 9090 }, + ], + selector: { app: 'prometheus', prometheus: p.name }, + sessionAffinity: 'ClientIP', + }, + }, + + rules: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: { + prometheus: p.name, + role: 'alert-rules', + }, + name: 'prometheus-' + p.name + '-rules', + namespace: p.namespace, + }, + spec: { + groups: p.prometheusRules.groups, + }, + }, roleBindingSpecificNamespaces: - local roleBinding = k.rbac.v1.roleBinding; - - local newSpecificRoleBinding(namespace) = - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + p.name) + - roleBinding.mixin.metadata.withNamespace(namespace) + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + p.name) + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + p.name, namespace: p.namespace }]); - - local roleBindingList = k3.rbac.v1.roleBindingList; - roleBindingList.new([newSpecificRoleBinding(x) for x in p.roleBindingNamespaces]), - clusterRole: - local clusterRole = k.rbac.v1.clusterRole; - local policyRule = clusterRole.rulesType; - - local nodeMetricsRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes/metrics']) + - policyRule.withVerbs(['get']); - - local metricsRule = policyRule.new() + - policyRule.withNonResourceUrls('/metrics') + - policyRule.withVerbs(['get']); - - local rules = [nodeMetricsRule, metricsRule]; - - clusterRole.new() + - clusterRole.mixin.metadata.withName('prometheus-' + p.name) + - clusterRole.withRules(rules), - roleConfig: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - - local configmapRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'configmaps', - ]) + - policyRule.withVerbs(['get']); - - role.new() + - role.mixin.metadata.withName('prometheus-' + p.name + '-config') + - role.mixin.metadata.withNamespace(p.namespace) + - role.withRules(configmapRule), - roleBindingConfig: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('prometheus-' + p.name + '-config') + - roleBinding.mixin.metadata.withNamespace(p.namespace) + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('prometheus-' + p.name + '-config') + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + p.name, namespace: p.namespace }]), - clusterRoleBinding: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; - - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withName('prometheus-' + p.name) + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName('prometheus-' + p.name) + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'prometheus-' + p.name, namespace: p.namespace }]), - roleSpecificNamespaces: - local role = k.rbac.v1.role; - local policyRule = role.rulesType; - local coreRule = policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources([ - 'services', - 'endpoints', - 'pods', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - local ingressRule = policyRule.new() + - policyRule.withApiGroups(['extensions']) + - policyRule.withResources([ - 'ingresses', - ]) + - policyRule.withVerbs(['get', 'list', 'watch']); - - local newSpecificRole(namespace) = - role.new() + - role.mixin.metadata.withName('prometheus-' + p.name) + - role.mixin.metadata.withNamespace(namespace) + - role.withRules([coreRule, ingressRule]); - - local roleList = k3.rbac.v1.roleList; - roleList.new([newSpecificRole(x) for x in p.roleBindingNamespaces]), - prometheus: - local statefulSet = k.apps.v1.statefulSet; - local container = statefulSet.mixin.spec.template.spec.containersType; - local resourceRequirements = container.mixin.resourcesType; - local selector = statefulSet.mixin.spec.selectorType; - - - local resources = - resourceRequirements.new() + - resourceRequirements.withRequests({ memory: '400Mi' }); - - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'Prometheus', + local newSpecificRoleBinding(namespace) = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', metadata: { - name: p.name, - namespace: p.namespace, - labels: { - prometheus: p.name, - }, + name: 'prometheus-' + p.name, + namespace: namespace, }, - spec: { - replicas: p.replicas, - version: $._config.versions.prometheus, - image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus, - serviceAccountName: 'prometheus-' + p.name, - serviceMonitorSelector: {}, - podMonitorSelector: {}, - probeSelector: {}, - serviceMonitorNamespaceSelector: {}, - podMonitorNamespaceSelector: {}, - probeNamespaceSelector: {}, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - ruleSelector: selector.withMatchLabels({ + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'prometheus-' + p.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p.name, + namespace: p.namespace, + }], + }; + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBindingList', + items: [newSpecificRoleBinding(x) for x in p.roleBindingNamespaces], + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { name: 'prometheus-' + p.name }, + rules: [ + { + apiGroups: [''], + resources: ['nodes/metrics'], + verbs: ['get'], + }, + { + nonResourceURLs: ['/metrics'], + verbs: ['get'], + }, + ], + }, + + roleConfig: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'prometheus-' + p.name + '-config', + namespace: p.namespace, + }, + rules: [{ + apiGroups: [''], + resources: ['configmaps'], + verbs: ['get'], + }], + }, + + roleBindingConfig: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'prometheus-' + p.name + '-config', + namespace: p.namespace, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'prometheus-' + p.name + '-config', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p.name, + namespace: p.namespace, + }], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { name: 'prometheus-' + p.name }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'prometheus-' + p.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p.name, + namespace: p.namespace, + }], + }, + + roleSpecificNamespaces: + local newSpecificRole(namespace) = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'prometheus-' + p.name, + namespace: namespace, + }, + rules: [ + { + apiGroups: [''], + resources: ['services', 'endpoints', 'pods'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: ['extensions'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, + ], + }; + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleList', + items: [newSpecificRole(x) for x in p.roleBindingNamespaces], + }, + + prometheus: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'Prometheus', + metadata: { + name: p.name, + namespace: p.namespace, + labels: { prometheus: p.name }, + }, + spec: { + replicas: p.replicas, + version: $._config.versions.prometheus, + image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus, + serviceAccountName: 'prometheus-' + p.name, + serviceMonitorSelector: {}, + podMonitorSelector: {}, + probeSelector: {}, + serviceMonitorNamespaceSelector: {}, + podMonitorNamespaceSelector: {}, + probeNamespaceSelector: {}, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + ruleSelector: { + matchLabels: { role: 'alert-rules', prometheus: p.name, - }), - resources: resources, - alerting: { - alertmanagers: [ + }, + }, + resources: { + requests: { memory: '400Mi' }, + }, + alerting: { + alertmanagers: [{ + namespace: p.namespace, + name: p.alertmanagerName, + port: 'web', + }], + }, + securityContext: { + runAsUser: 1000, + runAsNonRoot: true, + fsGroup: 2000, + }, + }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'prometheus', + namespace: p.namespace, + labels: { 'k8s-app': 'prometheus' }, + }, + spec: { + selector: { + matchLabels: { prometheus: p.name }, + }, + endpoints: [{ + port: 'web', + interval: '30s', + }], + }, + }, + + serviceMonitorKubeScheduler: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-scheduler', + namespace: p.namespace, + labels: { 'k8s-app': 'kube-scheduler' }, + }, + spec: { + jobLabel: 'k8s-app', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { insecureSkipVerify: true }, + }], + selector: { + matchLabels: { 'k8s-app': 'kube-scheduler' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubelet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kubelet', + namespace: p.namespace, + labels: { 'k8s-app': 'kubelet' }, + }, + spec: { + jobLabel: 'k8s-app', + endpoints: [ + { + port: 'https-metrics', + scheme: 'https', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'), + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/cadvisor', + interval: '30s', + honorLabels: true, + honorTimestamps: false, + tlsConfig: { + insecureSkipVerify: true, + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + metricRelabelings: [ + // Drop a bunch of metrics which are disabled but still sent, see + // https://github.com/google/cadvisor/issues/1925. { - namespace: p.namespace, - name: p.alertmanagerName, - port: 'web', + sourceLabels: ['__name__'], + regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', + action: 'drop', }, ], }, - securityContext: { - runAsUser: 1000, - runAsNonRoot: true, - fsGroup: 2000, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/probes', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], }, + ], + selector: { + matchLabels: { 'k8s-app': 'kubelet' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], }, }, - serviceMonitor: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'prometheus', - namespace: p.namespace, - labels: { - 'k8s-app': 'prometheus', + }, + + serviceMonitorKubeControllerManager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-controller-manager', + namespace: p.namespace, + labels: { 'k8s-app': 'kube-controller-manager' }, + }, + spec: { + jobLabel: 'k8s-app', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, }, - }, - spec: { - selector: { - matchLabels: { - prometheus: p.name, - }, - }, - endpoints: [ + metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ { - port: 'web', - interval: '30s', + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|request|server).*', + action: 'drop', }, ], + }], + selector: { + matchLabels: { 'k8s-app': 'kube-controller-manager' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], }, }, - serviceMonitorKubeScheduler: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-scheduler', - namespace: p.namespace, - labels: { - 'k8s-app': 'kube-scheduler', + }, + + serviceMonitorApiserver: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-apiserver', + namespace: p.namespace, + labels: { 'k8s-app': 'apiserver' }, + }, + spec: { + jobLabel: 'component', + selector: { + matchLabels: { + component: 'apiserver', + provider: 'kubernetes', }, }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ + namespaceSelector: { + matchNames: ['default'], + }, + endpoints: [{ + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + serverName: 'kubernetes', + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ { - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|server).*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_step_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__', 'le'], + regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', + action: 'drop', }, ], - selector: { - matchLabels: { - 'k8s-app': 'kube-scheduler', - }, - }, - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - }, + }], }, - serviceMonitorKubelet: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kubelet', - namespace: p.namespace, - labels: { - 'k8s-app': 'kubelet', - }, - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ - { - port: 'https-metrics', - scheme: 'https', - interval: '30s', - honorLabels: true, - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'), - relabelings: [ - { - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }, - ], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/cadvisor', - interval: '30s', - honorLabels: true, - honorTimestamps: false, - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }, - ], - metricRelabelings: [ - // Drop a bunch of metrics which are disabled but still sent, see - // https://github.com/google/cadvisor/issues/1925. - { - sourceLabels: ['__name__'], - regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', - action: 'drop', - }, - ], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/probes', - interval: '30s', - honorLabels: true, - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }, - ], - }, - ], - selector: { - matchLabels: { - 'k8s-app': 'kubelet', - }, - }, - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - }, + }, + + serviceMonitorCoreDNS: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'coredns', + namespace: p.namespace, + labels: { 'k8s-app': 'coredns' }, }, - serviceMonitorKubeControllerManager: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-controller-manager', - namespace: p.namespace, - labels: { - 'k8s-app': 'kube-controller-manager', - }, + spec: { + jobLabel: 'k8s-app', + selector: { + matchLabels: { 'k8s-app': 'kube-dns' }, }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ - { - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|request|server).*', - action: 'drop', - }, - ], - }, - ], - selector: { - matchLabels: { - 'k8s-app': 'kube-controller-manager', - }, - }, - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - }, - }, - serviceMonitorApiserver: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-apiserver', - namespace: p.namespace, - labels: { - 'k8s-app': 'apiserver', - }, - }, - spec: { - jobLabel: 'component', - selector: { - matchLabels: { - component: 'apiserver', - provider: 'kubernetes', - }, - }, - namespaceSelector: { - matchNames: [ - 'default', - ], - }, - endpoints: [ - { - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - serverName: 'kubernetes', - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|server).*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_step_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__', 'le'], - regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', - action: 'drop', - }, - ], - }, - ], - }, - }, - serviceMonitorCoreDNS: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'coredns', - namespace: p.namespace, - labels: { - 'k8s-app': 'coredns', - }, - }, - spec: { - jobLabel: 'k8s-app', - selector: { - matchLabels: { - 'k8s-app': 'kube-dns', - }, - }, - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - endpoints: [ - { - port: 'metrics', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - }, - ], + namespaceSelector: { + matchNames: ['kube-system'], }, + endpoints: [{ + port: 'metrics', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }], }, + }, }, } From 87ddb30a41253dce66bde0006634f30817ccb07a Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 20 Nov 2020 12:18:14 +0100 Subject: [PATCH 013/388] jsonnet: do not count CPU steal time in CPU usage rules --- jsonnet/kube-prometheus/rules/node-rules.libsonnet | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/rules/node-rules.libsonnet b/jsonnet/kube-prometheus/rules/node-rules.libsonnet index acd05424..8cdee479 100644 --- a/jsonnet/kube-prometheus/rules/node-rules.libsonnet +++ b/jsonnet/kube-prometheus/rules/node-rules.libsonnet @@ -5,7 +5,7 @@ name: 'kube-prometheus-node-recording.rules', rules: [ { - expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[3m])) BY (instance)', + expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance)', record: 'instance:node_cpu:rate:sum', }, { @@ -17,11 +17,11 @@ record: 'instance:node_network_transmit_bytes:rate:sum', }, { - expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)', + expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)', record: 'instance:node_cpu:ratio', }, { - expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m]))', + expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))', record: 'cluster:node_cpu:sum_rate5m', }, { From fe9507b5104969fd6695fec77fd3d1f3ab5c929e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 20 Nov 2020 12:23:01 +0100 Subject: [PATCH 014/388] manifests: regenerate --- manifests/prometheus-rules.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index a46fe442..43951b81 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -762,15 +762,15 @@ spec: record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - name: kube-prometheus-node-recording.rules rules: - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[3m])) BY (instance) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) record: instance:node_cpu:rate:sum - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) record: instance:node_network_receive_bytes:rate:sum - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) record: instance:node_network_transmit_bytes:rate:sum - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) record: instance:node_cpu:ratio - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) record: cluster:node_cpu:sum_rate5m - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) record: cluster:node_cpu:ratio From 31185dc8aaa70cc73395c446fad2231404a872b4 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Fri, 20 Nov 2020 16:08:40 +0100 Subject: [PATCH 015/388] Address review issues Signed-off-by: Kemal Akkoyun --- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 52020656..1545b697 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -1,3 +1,5 @@ +local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'; + { _config+:: { namespace: 'default', @@ -291,7 +293,7 @@ honorLabels: true, tlsConfig: { insecureSkipVerify: true }, bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'), + metricRelabelings: relabelings, relabelings: [{ sourceLabels: ['__metrics_path__'], targetLabel: 'metrics_path', @@ -363,7 +365,7 @@ tlsConfig: { insecureSkipVerify: true, }, - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ + metricRelabelings: relabelings + [ { sourceLabels: ['__name__'], regex: 'etcd_(debugging|disk|request|server).*', @@ -408,7 +410,7 @@ serverName: 'kubernetes', }, bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: (import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet') + [ + metricRelabelings: relabelings + [ { sourceLabels: ['__name__'], regex: 'etcd_(debugging|disk|server).*', From 6430acf980d6b9cc664883c65057d642909f8098 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Fri, 20 Nov 2020 16:49:34 +0100 Subject: [PATCH 016/388] Remove ksonnet from prometheus-adapter/prometheus-adapter.libsonnet Signed-off-by: Kemal Akkoyun --- .../prometheus-adapter.libsonnet | 405 +++++++++--------- 1 file changed, 210 insertions(+), 195 deletions(-) diff --git a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet index 2b4b3748..5863367f 100644 --- a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet @@ -1,16 +1,9 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; - { _config+:: { namespace: 'default', - versions+:: { - prometheusAdapter: 'v0.8.2', - }, - - imageRepos+:: { - prometheusAdapter: 'directxman12/k8s-prometheus-adapter', - }, + versions+:: { prometheusAdapter: 'v0.8.2' }, + imageRepos+:: { prometheusAdapter: 'directxman12/k8s-prometheus-adapter' }, prometheusAdapter+:: { name: 'prometheus-adapter', @@ -24,239 +17,261 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', resources: { overrides: { - node: { - resource: 'node' - }, - namespace: { - resource: 'namespace' - }, - pod: { - resource: 'pod' - }, + node: { resource: 'node' }, + namespace: { resource: 'namespace' }, + pod: { resource: 'pod' }, }, }, - containerLabel: 'container' + containerLabel: 'container', }, memory: { containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)', nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', resources: { overrides: { - instance: { - resource: 'node' - }, - namespace: { - resource: 'namespace' - }, - pod: { - resource: 'pod' - }, + instance: { resource: 'node' }, + namespace: { resource: 'namespace' }, + pod: { resource: 'pod' }, }, }, - containerLabel: 'container' + containerLabel: 'container', }, window: '5m', }, - } + }, }, }, prometheusAdapter+:: { - apiService: - { - apiVersion: 'apiregistration.k8s.io/v1', - kind: 'APIService', - metadata: { - name: 'v1beta1.metrics.k8s.io', - }, - spec: { - service: { - name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, - }, - group: 'metrics.k8s.io', - version: 'v1beta1', - insecureSkipTLSVerify: true, - groupPriorityMinimum: 100, - versionPriority: 100, - }, + apiService: { + apiVersion: 'apiregistration.k8s.io/v1', + kind: 'APIService', + metadata: { + name: 'v1beta1.metrics.k8s.io', }, - - configMap: - local configmap = k.core.v1.configMap; - configmap.new('adapter-config', { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) }) + - - configmap.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace), - - serviceMonitor: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: $._config.prometheusAdapter.name, + spec: { + service: { + name: $.prometheusAdapter.service.metadata.name, namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, - }, - spec: { - selector: { - matchLabels: $._config.prometheusAdapter.labels, - }, - endpoints: [ - { - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - }, - ], }, + group: 'metrics.k8s.io', + version: 'v1beta1', + insecureSkipTLSVerify: true, + groupPriorityMinimum: 100, + versionPriority: 100, }, + }, - service: - local service = k.core.v1.service; - local servicePort = k.core.v1.service.mixin.spec.portsType; + configMap: { + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'adapter-config', + namespace: $._config.prometheusAdapter.namespace, + }, + data: { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) }, + }, - service.new( - $._config.prometheusAdapter.name, - $._config.prometheusAdapter.labels, - servicePort.newNamed('https', 443, 6443), - ) + - service.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace) + - service.mixin.metadata.withLabels($._config.prometheusAdapter.labels), + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: $._config.prometheusAdapter.name, + namespace: $._config.prometheusAdapter.namespace, + labels: $._config.prometheusAdapter.labels, + }, + spec: { + selector: { + matchLabels: $._config.prometheusAdapter.labels, + }, + endpoints: [ + { + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + insecureSkipVerify: true, + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }, + ], + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: $._config.prometheusAdapter.name, + namespace: $._config.prometheusAdapter.namespace, + labels: $._config.prometheusAdapter.labels, + }, + spec: { + ports: [ + { name: 'https', targetPort: 6443, port: 443 }, + ], + selector: $._config.prometheusAdapter.labels, + }, + }, deployment: - local deployment = k.apps.v1.deployment; - local volume = deployment.mixin.spec.template.spec.volumesType; - local container = deployment.mixin.spec.template.spec.containersType; - local containerVolumeMount = container.volumeMountsType; - - local c = - container.new($._config.prometheusAdapter.name, $._config.imageRepos.prometheusAdapter + ':' + $._config.versions.prometheusAdapter) + - container.withArgs([ + local c = { + name: $._config.prometheusAdapter.name, + image: $._config.imageRepos.prometheusAdapter + ':' + $._config.versions.prometheusAdapter, + args: [ '--cert-dir=/var/run/serving-cert', '--config=/etc/adapter/config.yaml', '--logtostderr=true', '--metrics-relist-interval=1m', '--prometheus-url=' + $._config.prometheusAdapter.prometheusURL, '--secure-port=6443', - ]) + - container.withPorts([{ containerPort: 6443 }]) + - container.withVolumeMounts([ - containerVolumeMount.new('tmpfs', '/tmp'), - containerVolumeMount.new('volume-serving-cert', '/var/run/serving-cert'), - containerVolumeMount.new('config', '/etc/adapter'), - ],); + ], + ports: [{ containerPort: 6443 }], + volumeMounts: [ + { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, + { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false }, + { name: 'config', mountPath: '/etc/adapter', readOnly: false }, + ], + }; - deployment.new($._config.prometheusAdapter.name, 1, c, $._config.prometheusAdapter.labels) + - deployment.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace) + - deployment.mixin.spec.selector.withMatchLabels($._config.prometheusAdapter.labels) + - deployment.mixin.spec.template.spec.withServiceAccountName($.prometheusAdapter.serviceAccount.metadata.name) + - deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) + - deployment.mixin.spec.strategy.rollingUpdate.withMaxSurge(1) + - deployment.mixin.spec.strategy.rollingUpdate.withMaxUnavailable(0) + - deployment.mixin.spec.template.spec.withVolumes([ - volume.fromEmptyDir(name='tmpfs'), - volume.fromEmptyDir(name='volume-serving-cert'), - { name: 'config', configMap: { name: 'adapter-config' } }, - ]), + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: $._config.prometheusAdapter.name, + namespace: $._config.prometheusAdapter.namespace, + }, + spec: { + replicas: 1, + selector: { matchLabels: $._config.prometheusAdapter.labels }, + strategy: { + rollingUpdate: { + maxSurge: 1, + maxUnavailable: 0, + }, + }, + template: { + metadata: { labels: $._config.prometheusAdapter.labels }, + spec: { + containers: [c], + serviceAccountName: $.prometheusAdapter.serviceAccount.metadata.name, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + volumes: [ + { name: 'tmpfs', emptyDir: {} }, + { name: 'volume-serving-cert', emptyDir: {} }, + { name: 'config', configMap: { name: 'adapter-config' } }, + ], + }, + }, + }, + }, - serviceAccount: - local serviceAccount = k.core.v1.serviceAccount; + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: $._config.prometheusAdapter.name, + namespace: $._config.prometheusAdapter.namespace, + }, + }, - serviceAccount.new($._config.prometheusAdapter.name) + - serviceAccount.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace), + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: $._config.prometheusAdapter.name, + }, + rules: [{ + apiGroups: [''], + resources: ['nodes', 'namespaces', 'pods', 'services'], + verbs: ['get', 'list', 'watch'], + }], + }, - clusterRole: - local clusterRole = k.rbac.v1.clusterRole; - local policyRule = clusterRole.rulesType; - - local rules = - policyRule.new() + - policyRule.withApiGroups(['']) + - policyRule.withResources(['nodes', 'namespaces', 'pods', 'services']) + - policyRule.withVerbs(['get', 'list', 'watch']); - - clusterRole.new() + - clusterRole.mixin.metadata.withName($._config.prometheusAdapter.name) + - clusterRole.withRules(rules), - - clusterRoleBinding: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; - - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withName($._config.prometheusAdapter.name) + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName($.prometheusAdapter.clusterRole.metadata.name) + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: $._config.prometheusAdapter.name, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: $.prometheusAdapter.clusterRole.metadata.name, + }, + subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, namespace: $._config.prometheusAdapter.namespace, - }]), + }], + }, - clusterRoleBindingDelegator: - local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; - - clusterRoleBinding.new() + - clusterRoleBinding.mixin.metadata.withName('resource-metrics:system:auth-delegator') + - clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - clusterRoleBinding.mixin.roleRef.withName('system:auth-delegator') + - clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + - clusterRoleBinding.withSubjects([{ + clusterRoleBindingDelegator: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'resource-metrics:system:auth-delegator', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'system:auth-delegator', + }, + subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, namespace: $._config.prometheusAdapter.namespace, - }]), + }], + }, - clusterRoleServerResources: - local clusterRole = k.rbac.v1.clusterRole; - local policyRule = clusterRole.rulesType; + clusterRoleServerResources: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'resource-metrics-server-resources', + }, + rules: [{ + apiGroups: ['metrics.k8s.io'], + resources: ['*'], + verbs: ['*'], + }], + }, - local rules = - policyRule.new() + - policyRule.withApiGroups(['metrics.k8s.io']) + - policyRule.withResources(['*']) + - policyRule.withVerbs(['*']); + clusterRoleAggregatedMetricsReader: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'system:aggregated-metrics-reader', + labels: { + 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', + 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', + 'rbac.authorization.k8s.io/aggregate-to-view': 'true', + }, + }, + rules: [{ + apiGroups: ['metrics.k8s.io'], + resources: ['pods', 'nodes'], + verbs: ['get', 'list', 'watch'], + }], + }, - clusterRole.new() + - clusterRole.mixin.metadata.withName('resource-metrics-server-resources') + - clusterRole.withRules(rules), - - clusterRoleAggregatedMetricsReader: - local clusterRole = k.rbac.v1.clusterRole; - local policyRule = clusterRole.rulesType; - - local rules = - policyRule.new() + - policyRule.withApiGroups(['metrics.k8s.io']) + - policyRule.withResources(['pods', 'nodes']) + - policyRule.withVerbs(['get','list','watch']); - - clusterRole.new() + - clusterRole.mixin.metadata.withName('system:aggregated-metrics-reader') + - clusterRole.mixin.metadata.withLabels({ - "rbac.authorization.k8s.io/aggregate-to-admin": "true", - "rbac.authorization.k8s.io/aggregate-to-edit": "true", - "rbac.authorization.k8s.io/aggregate-to-view": "true", - }) + - clusterRole.withRules(rules), - - roleBindingAuthReader: - local roleBinding = k.rbac.v1.roleBinding; - - roleBinding.new() + - roleBinding.mixin.metadata.withName('resource-metrics-auth-reader') + - roleBinding.mixin.metadata.withNamespace('kube-system') + - roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + - roleBinding.mixin.roleRef.withName('extension-apiserver-authentication-reader') + - roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + - roleBinding.withSubjects([{ + roleBindingAuthReader: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'resource-metrics-auth-reader', + namespace: 'kube-system', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'extension-apiserver-authentication-reader', + }, + subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, namespace: $._config.prometheusAdapter.namespace, - }]), + }], + }, }, } From 2138463b1f3a45e223f512354957103b6fcd79d5 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Fri, 20 Nov 2020 17:01:44 +0100 Subject: [PATCH 017/388] Remove ksonnet from kube-prometheus/kube-prometheus.libsonnet Signed-off-by: Kemal Akkoyun --- .../kube-prometheus/kube-prometheus.libsonnet | 157 +++++++++--------- 1 file changed, 77 insertions(+), 80 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 46deacc4..95ec582d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,6 +1,3 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; -local k3 = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.3/k.libsonnet'; -local configMapList = k3.core.v1.configMapList; local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + @@ -16,69 +13,83 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') + (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + (import './alerts/alerts.libsonnet') + -(import './rules/rules.libsonnet') + { +(import './rules/rules.libsonnet') + +{ kubePrometheus+:: { - namespace: k.core.v1.namespace.new($._config.namespace), + namespace: { + apiVersion: 'v1', + kind: 'Namespace', + metadata: { + name: $._config.namespace, + }, + }, }, - prometheusOperator+:: { - service+: { - spec+: { - ports: [ + prometheusOperator+:: + { + service+: { + spec+: { + ports: [ + { + name: 'https', + port: 8443, + targetPort: 'https', + }, + ], + }, + }, + serviceMonitor+: { + spec+: { + endpoints: [ + { + port: 'https', + scheme: 'https', + honorLabels: true, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + }, + ], + }, + }, + clusterRole+: { + rules+: [ { - name: 'https', - port: 8443, - targetPort: 'https', + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], }, ], }, - }, - serviceMonitor+: { - spec+: { - endpoints: [ - { - port: 'https', - scheme: 'https', - honorLabels: true, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - }, - ] - }, - }, - clusterRole+: { - rules+: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], - }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy', - securePortName: 'https', - securePort: 8443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8080/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, + } + + (kubeRbacProxyContainer { + config+:: { + kubeRbacProxy: { + local cfg = self, + image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, + name: 'kube-rbac-proxy', + securePortName: 'https', + securePort: 8443, + secureListenAddress: ':%d' % self.securePort, + upstream: 'http://127.0.0.1:8080/', + tlsCipherSuites: $._config.tlsCipherSuites, + }, + }, + }).deploymentMixin, + grafana+:: { - dashboardDefinitions: configMapList.new(super.dashboardDefinitions), + local dashboardDefinitions = super.dashboardDefinitions, + dashboardDefinitions: { + apiVersion: 'v1', + kind: 'ConfigMapList', + items: dashboardDefinitions, + }, serviceMonitor: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', @@ -92,12 +103,10 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; app: 'grafana', }, }, - endpoints: [ - { - port: 'http', - interval: '15s', - }, - ], + endpoints: [{ + port: 'http', + interval: '15s', + }], }, }, }, @@ -105,14 +114,8 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; _config+:: { namespace: 'default', - versions+:: { - grafana: '7.1.0', - kubeRbacProxy: 'v0.8.0', - }, - - imageRepos+:: { - kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy', - }, + versions+:: { grafana: '7.1.0', kubeRbacProxy: 'v0.8.0' }, + imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, tlsCipherSuites: [ 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 @@ -191,13 +194,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; limits: { cpu: '250m', memory: '180Mi' }, }, }, - prometheus+:: { - rules: $.prometheusRules + $.prometheusAlerts, - }, - - grafana+:: { - dashboards: $.grafanaDashboards, - }, - + prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, + grafana+:: { dashboards: $.grafanaDashboards }, }, } From 28d661a5fc6decbe4331eee108bbf39b6694a76e Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Fri, 20 Nov 2020 17:10:42 +0100 Subject: [PATCH 018/388] Fix formatting Signed-off-by: Kemal Akkoyun --- .../alertmanager/alertmanager.libsonnet | 78 +++++++++---------- .../kube-prometheus-config-mixins.libsonnet | 4 +- .../kube-prometheus-custom-metrics.libsonnet | 2 - .../kube-prometheus-kubeadm.libsonnet | 4 +- .../kube-state-metrics.libsonnet | 60 +++++++------- jsonnet/kube-prometheus/lib/image.libsonnet | 8 +- 6 files changed, 76 insertions(+), 80 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index 677c7889..6c9acdae 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -98,52 +98,50 @@ }, }, - serviceMonitor: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'alertmanager', - namespace: $._config.namespace, - labels: { - 'k8s-app': 'alertmanager', - }, - }, - spec: { - selector: { - matchLabels: { - alertmanager: $._config.alertmanager.name, - }, - }, - endpoints: [ - { port: 'web', interval: '30s' }, - ], + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'alertmanager', + namespace: $._config.namespace, + labels: { + 'k8s-app': 'alertmanager', }, }, - - alertmanager: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'Alertmanager', - metadata: { - name: $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { + spec: { + selector: { + matchLabels: { alertmanager: $._config.alertmanager.name, }, }, - spec: { - replicas: $._config.alertmanager.replicas, - version: $._config.versions.alertmanager, - image: $._config.imageRepos.alertmanager + ':' + $._config.versions.alertmanager, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - serviceAccountName: 'alertmanager-' + $._config.alertmanager.name, - securityContext: { - runAsUser: 1000, - runAsNonRoot: true, - fsGroup: 2000, - }, + endpoints: [ + { port: 'web', interval: '30s' }, + ], + }, + }, + + alertmanager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'Alertmanager', + metadata: { + name: $._config.alertmanager.name, + namespace: $._config.namespace, + labels: { + alertmanager: $._config.alertmanager.name, }, }, + spec: { + replicas: $._config.alertmanager.replicas, + version: $._config.versions.alertmanager, + image: $._config.imageRepos.alertmanager + ':' + $._config.versions.alertmanager, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'alertmanager-' + $._config.alertmanager.name, + securityContext: { + runAsUser: 1000, + runAsNonRoot: true, + fsGroup: 2000, + }, + }, + }, }, } diff --git a/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet index ad278407..ff8fd297 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet @@ -9,9 +9,9 @@ local withImageRepository(repository) = { if repository == null then image else repository + '/' + l.imageName(image), _config+:: { imageRepos:: { - [field]: substituteRepository(oldRepos[field], repository), + [field]: substituteRepository(oldRepos[field], repository) for field in std.objectFields(oldRepos) - } + }, }, }; diff --git a/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet index b0240ec3..d98b133f 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet @@ -133,7 +133,6 @@ metadata: { name: 'custom-metrics-server-resources', }, - roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', @@ -151,7 +150,6 @@ metadata: { name: 'hpa-controller-custom-metrics', }, - roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', diff --git a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet index ad35df2e..543e0cea 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet @@ -19,14 +19,14 @@ local service(name, namespace, labels, selector, ports) = { 'kube-controller-manager-prometheus-discovery', 'kube-system', { 'k8s-app': 'kube-controller-manager' }, - { 'component': 'kube-controller-manager' }, + { component: 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', { 'k8s-app': 'kube-scheduler' }, - { 'component': 'kube-scheduler' }, + { component: 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), }, diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 7fae2be2..f3a0e0d9 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -15,7 +15,7 @@ local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state- }, }, kubeStateMetrics+:: - ksm + { + ksm { local version = self.version, name:: 'kube-state-metrics', namespace:: $._config.namespace, @@ -100,33 +100,33 @@ local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state- ], }, }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy-main', - securePortName: 'https-main', - securePort: 8443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8081/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy-self', - securePortName: 'https-self', - securePort: 9443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8082/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, + } + + (kubeRbacProxyContainer { + config+:: { + kubeRbacProxy: { + local cfg = self, + image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, + name: 'kube-rbac-proxy-main', + securePortName: 'https-main', + securePort: 8443, + secureListenAddress: ':%d' % self.securePort, + upstream: 'http://127.0.0.1:8081/', + tlsCipherSuites: $._config.tlsCipherSuites, + }, + }, + }).deploymentMixin + + (kubeRbacProxyContainer { + config+:: { + kubeRbacProxy: { + local cfg = self, + image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, + name: 'kube-rbac-proxy-self', + securePortName: 'https-self', + securePort: 9443, + secureListenAddress: ':%d' % self.securePort, + upstream: 'http://127.0.0.1:8082/', + tlsCipherSuites: $._config.tlsCipherSuites, + }, + }, + }).deploymentMixin, } diff --git a/jsonnet/kube-prometheus/lib/image.libsonnet b/jsonnet/kube-prometheus/lib/image.libsonnet index 0561e33c..723d1b38 100644 --- a/jsonnet/kube-prometheus/lib/image.libsonnet +++ b/jsonnet/kube-prometheus/lib/image.libsonnet @@ -5,16 +5,16 @@ local imageName(image) = local parts = std.split(image, '/'); local len = std.length(parts); if len == 3 then - # registry.com/org/image + // registry.com/org/image parts[2] else if len == 2 then - # org/image + // org/image parts[1] else if len == 1 then - # image, ie. busybox + // image, ie. busybox parts[0] else - error 'unknown image format: ' + image; + error 'unknown image format: ' + image; { imageName:: imageName, From a82a5b1d35a46a73582650040680a54497dc7e61 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Fri, 20 Nov 2020 17:11:12 +0100 Subject: [PATCH 019/388] Remove last ksonnet reference and direckt dependency Signed-off-by: Kemal Akkoyun --- jsonnet/kube-prometheus/jsonnetfile.json | 10 ----- .../kube-prometheus-static-etcd.libsonnet | 45 +++++++++---------- 2 files changed, 21 insertions(+), 34 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 7c74b15e..b495d05a 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -37,16 +37,6 @@ }, "version": "master" }, - { - "source": { - "git": { - "remote": "https://github.com/ksonnet/ksonnet-lib", - "subdir": "" - } - }, - "version": "master", - "name": "ksonnet" - }, { "source": { "git": { diff --git a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet index 9bc77385..2994023d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet @@ -1,5 +1,3 @@ -local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; - (import 'github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet') + { _config+:: { etcd: { @@ -28,23 +26,23 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; }, }, endpointsEtcd: { - apiVersion: 'v1', - kind: 'Endpoints', - metadata: { - name: 'etcd', - namespace: 'kube-system', - labels: { 'k8s-app': 'etcd' }, - }, - subsets: [{ - addresses: [ - { ip: etcdIP } - for etcdIP in $._config.etcd.ips - ], - ports: [ - { name: 'metrics', port: 2379, protocol: 'TCP' }, - ], - }], + apiVersion: 'v1', + kind: 'Endpoints', + metadata: { + name: 'etcd', + namespace: 'kube-system', + labels: { 'k8s-app': 'etcd' }, }, + subsets: [{ + addresses: [ + { ip: etcdIP } + for etcdIP in $._config.etcd.ips + ], + ports: [ + { name: 'metrics', port: 2379, protocol: 'TCP' }, + ], + }], + }, serviceMonitorEtcd: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', @@ -94,12 +92,11 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; 'etcd-client.crt': std.base64($._config.etcd.clientCert), }, }, - prometheus+: - { - // Reference info: https://coreos.com/operators/prometheus/docs/latest/api.html#prometheusspec - spec+: { - secrets+: [$.prometheus.secretEtcdCerts.metadata.name], - }, + prometheus+: { + // Reference info: https://coreos.com/operators/prometheus/docs/latest/api.html#prometheusspec + spec+: { + secrets+: [$.prometheus.secretEtcdCerts.metadata.name], }, + }, }, } From 916b0ef90e0adc55b17320446acf54be0480ea62 Mon Sep 17 00:00:00 2001 From: Hao Ke Date: Fri, 20 Nov 2020 12:09:48 -0500 Subject: [PATCH 020/388] provide external-metrics addon --- README.md | 1 + ...prometheus-rules-and-grafana-dashboards.md | 1 + example.jsonnet | 1 + ...kube-prometheus-external-metrics.libsonnet | 95 +++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet diff --git a/README.md b/README.md index 3dab9c35..fb4fae3a 100644 --- a/README.md +++ b/README.md @@ -208,6 +208,7 @@ local kp = // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + + // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + { _config+:: { namespace: 'monitoring', diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index a0a41c5e..ee7be4e0 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -19,6 +19,7 @@ local kp = // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + + // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + { _config+:: { namespace: 'monitoring', diff --git a/example.jsonnet b/example.jsonnet index 54de1e35..15a801f8 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -7,6 +7,7 @@ local kp = // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + + // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + { _config+:: { namespace: 'monitoring', diff --git a/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet new file mode 100644 index 00000000..abe35b0c --- /dev/null +++ b/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet @@ -0,0 +1,95 @@ +// External metrics API allows the HPA v2 to scale based on metrics coming from outside of Kubernetes cluster +// For more details on usage visit https://github.com/DirectXMan12/k8s-prometheus-adapter#quick-links + +{ + _config+:: { + prometheusAdapter+:: { + namespace: $._config.namespace, + // Rules for external-metrics + config+:: { + externalRules+: [ + // { + // seriesQuery: '{__name__=~"^.*_queue$",namespace!=""}', + // seriesFilters: [], + // resources: { + // overrides: { + // namespace: { resource: 'namespace' } + // }, + // }, + // name: { matches: '^.*_queue$', as: '$0' }, + // metricsQuery: 'max(<<.Series>>{<<.LabelMatchers>>})', + // }, + ], + }, + }, + }, + + prometheusAdapter+:: { + externalMetricsApiService: { + apiVersion: 'apiregistration.k8s.io/v1', + kind: 'APIService', + metadata: { + name: 'v1beta1.external.metrics.k8s.io', + }, + spec: { + service: { + name: $.prometheusAdapter.service.metadata.name, + namespace: $._config.prometheusAdapter.namespace, + }, + group: 'external.metrics.k8s.io', + version: 'v1beta1', + insecureSkipTLSVerify: true, + groupPriorityMinimum: 100, + versionPriority: 100, + }, + }, + externalMetricsClusterRoleServerResources: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'external-metrics-server-resources', + }, + rules: [{ + apiGroups: ['external.metrics.k8s.io'], + resources: ['*'], + verbs: ['*'], + }], + }, + externalMetricsClusterRoleBindingServerResources: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'external-metrics-server-resources', + }, + + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'external-metrics-server-resources', + }, + subjects: [{ + kind: 'ServiceAccount', + name: $.prometheusAdapter.serviceAccount.metadata.name, + namespace: $._config.prometheusAdapter.namespace, + }], + }, + externalMetricsClusterRoleBindingHPA: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'hpa-controller-external-metrics', + }, + + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'external-metrics-server-resources', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'horizontal-pod-autoscaler', + namespace: 'kube-system', + }], + }, + }, +} From 30c04b88ff1e8f731dab4ae08ae5b5820059440b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Sun, 22 Nov 2020 16:36:20 +0100 Subject: [PATCH 021/388] upgrade to jsonnet v0.17.0 --- scripts/go.mod | 2 +- scripts/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/go.mod b/scripts/go.mod index a1d67ef2..59363cba 100644 --- a/scripts/go.mod +++ b/scripts/go.mod @@ -5,6 +5,6 @@ go 1.15 require ( github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c github.com/campoy/embedmd v1.0.0 - github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f + github.com/google/go-jsonnet v0.17.0 github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 ) diff --git a/scripts/go.sum b/scripts/go.sum index 0972dc58..1e2cedbd 100644 --- a/scripts/go.sum +++ b/scripts/go.sum @@ -14,8 +14,8 @@ github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f h1:mw4KoMG5/DXLPhpKXQRYTEIZFkFo0a1HU2R1HbeYpek= -github.com/google/go-jsonnet v0.16.1-0.20200703153429-aaf50f5b655f/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= +github.com/google/go-jsonnet v0.17.0 h1:/9NIEfhK1NQRKl3sP2536b2+x5HnZMdql7x3yK/l8JY= +github.com/google/go-jsonnet v0.17.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUptJtnUpai802MibFc= github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= From befa960a1e56c1d97b81b8a432464c9b19c7914e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 23 Nov 2020 11:26:47 +0100 Subject: [PATCH 022/388] jsonnet/kube-prometheus: kube-rbac-proxy should run as UID 65532 --- jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet | 4 +++- .../kube-prometheus/node-exporter/node-exporter.libsonnet | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet index fa85f0cf..724087d6 100644 --- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet @@ -41,7 +41,9 @@ { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, ], securityContext: { - runAsUser: 65534, + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, }, }], }, diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 2865deca..c2288ce7 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -103,6 +103,11 @@ { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port }, ], resources: $._config.resources['kube-rbac-proxy'], + securityContext: { + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, + }, }; { From 20fa80fb4c7ca061d45c889ae41522631003dfbd Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 23 Nov 2020 11:28:14 +0100 Subject: [PATCH 023/388] manifests: regenerate --- manifests/kube-state-metrics-deployment.yaml | 8 ++++++-- manifests/node-exporter-daemonset.yaml | 4 ++++ manifests/setup/prometheus-operator-deployment.yaml | 4 +++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index b54e6414..9bda5c69 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -36,7 +36,9 @@ spec: - containerPort: 8443 name: https-main securityContext: - runAsUser: 65534 + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 - args: - --logtostderr - --secure-listen-address=:9443 @@ -48,7 +50,9 @@ spec: - containerPort: 9443 name: https-self securityContext: - runAsUser: 65534 + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 nodeSelector: kubernetes.io/os: linux serviceAccountName: kube-state-metrics diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 32a4e6cf..9a6f163d 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -70,6 +70,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 hostNetwork: true hostPID: true nodeSelector: diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index 119f6390..d4fc4b3f 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -50,7 +50,9 @@ spec: - containerPort: 8443 name: https securityContext: - runAsUser: 65534 + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 nodeSelector: beta.kubernetes.io/os: linux securityContext: From d2fb1de1d257fa34a741508ad418f6129bc31546 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 23 Nov 2020 13:20:19 +0100 Subject: [PATCH 024/388] jsonnet/kube-prometheus: change runbook urls to point to wiki --- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 95ec582d..07150de0 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -146,6 +146,8 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', ], + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', kubeletSelector: 'job="kubelet", metrics_path="/metrics"', kubeStateMetricsSelector: 'job="kube-state-metrics"', From f6cfaa0fb1197f81488b48aaf4d47dc173127d37 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 23 Nov 2020 13:20:30 +0100 Subject: [PATCH 025/388] manifests: regenerate --- manifests/prometheus-rules.yaml | 154 ++++++++++++++++---------------- 1 file changed, 77 insertions(+), 77 deletions(-) diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index a46fe442..907c307c 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -785,7 +785,7 @@ spec: - alert: KubeStateMetricsListErrors annotations: description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatemetricslisterrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors summary: kube-state-metrics is experiencing errors in list operations. expr: | (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) @@ -798,7 +798,7 @@ spec: - alert: KubeStateMetricsWatchErrors annotations: description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatemetricswatcherrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors summary: kube-state-metrics is experiencing errors in watch operations. expr: | (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) @@ -813,7 +813,7 @@ spec: - alert: NodeFilesystemSpaceFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemspacefillingup + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 24 hours. expr: | ( @@ -829,7 +829,7 @@ spec: - alert: NodeFilesystemSpaceFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemspacefillingup + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 4 hours. expr: | ( @@ -845,7 +845,7 @@ spec: - alert: NodeFilesystemAlmostOutOfSpace annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemalmostoutofspace + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 5% space left. expr: | ( @@ -859,7 +859,7 @@ spec: - alert: NodeFilesystemAlmostOutOfSpace annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemalmostoutofspace + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 3% space left. expr: | ( @@ -873,7 +873,7 @@ spec: - alert: NodeFilesystemFilesFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemfilesfillingup + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 24 hours. expr: | ( @@ -889,7 +889,7 @@ spec: - alert: NodeFilesystemFilesFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemfilesfillingup + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 4 hours. expr: | ( @@ -905,7 +905,7 @@ spec: - alert: NodeFilesystemAlmostOutOfFiles annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemalmostoutoffiles + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 5% inodes left. expr: | ( @@ -919,7 +919,7 @@ spec: - alert: NodeFilesystemAlmostOutOfFiles annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodefilesystemalmostoutoffiles + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 3% inodes left. expr: | ( @@ -933,7 +933,7 @@ spec: - alert: NodeNetworkReceiveErrs annotations: description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodenetworkreceiveerrs + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs summary: Network interface is reporting many receive errors. expr: | rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 @@ -943,7 +943,7 @@ spec: - alert: NodeNetworkTransmitErrs annotations: description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodenetworktransmiterrs + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs summary: Network interface is reporting many transmit errors. expr: | rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 @@ -953,7 +953,7 @@ spec: - alert: NodeHighNumberConntrackEntriesUsed annotations: description: '{{ $value | humanizePercentage }} of conntrack entries are used.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodehighnumberconntrackentriesused + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodehighnumberconntrackentriesused summary: Number of conntrack are getting close to the limit. expr: | (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 @@ -962,7 +962,7 @@ spec: - alert: NodeTextFileCollectorScrapeError annotations: description: Node Exporter text file collector failed to scrape. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodetextfilecollectorscrapeerror + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodetextfilecollectorscrapeerror summary: Node Exporter text file collector failed to scrape. expr: | node_textfile_scrape_error{job="node-exporter"} == 1 @@ -971,7 +971,7 @@ spec: - alert: NodeClockSkewDetected annotations: message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodeclockskewdetected + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected summary: Clock skew detected. expr: | ( @@ -991,7 +991,7 @@ spec: - alert: NodeClockNotSynchronising annotations: message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-nodeclocknotsynchronising + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising summary: Clock not synchronising. expr: | min_over_time(node_timex_sync_status[5m]) == 0 @@ -1003,7 +1003,7 @@ spec: - alert: NodeRAIDDegraded annotations: description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-noderaiddegraded + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded summary: RAID Array is degraded expr: | node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 @@ -1013,7 +1013,7 @@ spec: - alert: NodeRAIDDiskFailure annotations: description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-noderaiddiskfailure + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure summary: Failed device in RAID array expr: | node_md_disks{state="fail"} > 0 @@ -1024,7 +1024,7 @@ spec: - alert: PrometheusOperatorListErrors annotations: description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatorlisterrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors summary: Errors while performing list operations in controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 @@ -1034,7 +1034,7 @@ spec: - alert: PrometheusOperatorWatchErrors annotations: description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatorwatcherrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors summary: Errors while performing watch operations in controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 @@ -1044,7 +1044,7 @@ spec: - alert: PrometheusOperatorSyncFailed annotations: description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatorsyncfailed + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed summary: Last controller reconciliation failed expr: | min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 @@ -1054,7 +1054,7 @@ spec: - alert: PrometheusOperatorReconcileErrors annotations: description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatorreconcileerrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors summary: Errors while reconciling controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="monitoring"}[5m]))) > 0.1 @@ -1064,7 +1064,7 @@ spec: - alert: PrometheusOperatorNodeLookupErrors annotations: description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatornodelookuperrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors summary: Errors while reconciling Prometheus. expr: | rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]) > 0.1 @@ -1074,7 +1074,7 @@ spec: - alert: PrometheusOperatorNotReady annotations: description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatornotready + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready summary: Prometheus operator not ready expr: | min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="monitoring"}[5m]) == 0) @@ -1084,7 +1084,7 @@ spec: - alert: PrometheusOperatorRejectedResources annotations: description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatorrejectedresources + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources summary: Resources rejected by Prometheus operator expr: | min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 @@ -1096,7 +1096,7 @@ spec: - alert: KubePodCrashLooping annotations: description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubepodcrashlooping + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping summary: Pod is crash looping. expr: | rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[5m]) * 60 * 5 > 0 @@ -1106,7 +1106,7 @@ spec: - alert: KubePodNotReady annotations: description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubepodnotready + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready summary: Pod has been in a non-ready state for more than 15 minutes. expr: | sum by (namespace, pod) ( @@ -1122,7 +1122,7 @@ spec: - alert: KubeDeploymentGenerationMismatch annotations: description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment }} does not match, this indicates that the Deployment has failed but has not been rolled back. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubedeploymentgenerationmismatch + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch summary: Deployment generation mismatch due to possible roll-back expr: | kube_deployment_status_observed_generation{job="kube-state-metrics"} @@ -1134,7 +1134,7 @@ spec: - alert: KubeDeploymentReplicasMismatch annotations: description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubedeploymentreplicasmismatch + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | ( @@ -1152,7 +1152,7 @@ spec: - alert: KubeStatefulSetReplicasMismatch annotations: description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatefulsetreplicasmismatch + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | ( @@ -1170,7 +1170,7 @@ spec: - alert: KubeStatefulSetGenerationMismatch annotations: description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset }} does not match, this indicates that the StatefulSet has failed but has not been rolled back. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatefulsetgenerationmismatch + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch summary: StatefulSet generation mismatch due to possible roll-back expr: | kube_statefulset_status_observed_generation{job="kube-state-metrics"} @@ -1182,7 +1182,7 @@ spec: - alert: KubeStatefulSetUpdateNotRolledOut annotations: description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} update has not been rolled out. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatefulsetupdatenotrolledout + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout summary: StatefulSet update has not been rolled out. expr: | ( @@ -1208,7 +1208,7 @@ spec: - alert: KubeDaemonSetRolloutStuck annotations: description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has not finished or progressed for at least 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubedaemonsetrolloutstuck + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck summary: DaemonSet rollout is stuck. expr: | ( @@ -1240,7 +1240,7 @@ spec: - alert: KubeContainerWaiting annotations: description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} has been in waiting state for longer than 1 hour. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecontainerwaiting + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting summary: Pod container waiting longer than 1 hour expr: | sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0 @@ -1250,7 +1250,7 @@ spec: - alert: KubeDaemonSetNotScheduled annotations: description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are not scheduled.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubedaemonsetnotscheduled + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled summary: DaemonSet pods are not scheduled. expr: | kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} @@ -1262,7 +1262,7 @@ spec: - alert: KubeDaemonSetMisScheduled annotations: description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are running where they are not supposed to run.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubedaemonsetmisscheduled + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled summary: DaemonSet pods are misscheduled. expr: | kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0 @@ -1272,7 +1272,7 @@ spec: - alert: KubeJobCompletion annotations: description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking more than 12 hours to complete. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubejobcompletion + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion summary: Job did not complete in time expr: | kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0 @@ -1282,7 +1282,7 @@ spec: - alert: KubeJobFailed annotations: description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to complete. Removing failed job after investigation should clear this alert. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubejobfailed + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed summary: Job failed to complete. expr: | kube_job_failed{job="kube-state-metrics"} > 0 @@ -1292,7 +1292,7 @@ spec: - alert: KubeHpaReplicasMismatch annotations: description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched the desired number of replicas for longer than 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubehpareplicasmismatch + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch summary: HPA has not matched descired number of replicas. expr: | (kube_hpa_status_desired_replicas{job="kube-state-metrics"} @@ -1306,7 +1306,7 @@ spec: - alert: KubeHpaMaxedOut annotations: description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running at max replicas for longer than 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubehpamaxedout + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout summary: HPA is running at max replicas expr: | kube_hpa_status_current_replicas{job="kube-state-metrics"} @@ -1320,7 +1320,7 @@ spec: - alert: KubeCPUOvercommit annotations: description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecpuovercommit + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) @@ -1334,7 +1334,7 @@ spec: - alert: KubeMemoryOvercommit annotations: description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubememoryovercommit + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) @@ -1350,7 +1350,7 @@ spec: - alert: KubeCPUQuotaOvercommit annotations: description: Cluster has overcommitted CPU resource requests for Namespaces. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecpuquotaovercommit + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit summary: Cluster has overcommitted CPU resource requests. expr: | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) @@ -1363,7 +1363,7 @@ spec: - alert: KubeMemoryQuotaOvercommit annotations: description: Cluster has overcommitted memory resource requests for Namespaces. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubememoryquotaovercommit + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryquotaovercommit summary: Cluster has overcommitted memory resource requests. expr: | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) @@ -1376,7 +1376,7 @@ spec: - alert: KubeQuotaAlmostFull annotations: description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubequotaalmostfull + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull summary: Namespace quota is going to be full. expr: | kube_resourcequota{job="kube-state-metrics", type="used"} @@ -1389,7 +1389,7 @@ spec: - alert: KubeQuotaFullyUsed annotations: description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubequotafullyused + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused summary: Namespace quota is fully used. expr: | kube_resourcequota{job="kube-state-metrics", type="used"} @@ -1402,7 +1402,7 @@ spec: - alert: KubeQuotaExceeded annotations: description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubequotaexceeded + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded summary: Namespace quota has exceeded the limits. expr: | kube_resourcequota{job="kube-state-metrics", type="used"} @@ -1415,7 +1415,7 @@ spec: - alert: CPUThrottlingHigh annotations: description: '{{ $value | humanizePercentage }} throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ $labels.pod }}.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-cputhrottlinghigh + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh summary: Processes experience elevated CPU throttling. expr: | sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) @@ -1430,7 +1430,7 @@ spec: - alert: KubePersistentVolumeFillingUp annotations: description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage }} free. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubepersistentvolumefillingup + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} @@ -1443,7 +1443,7 @@ spec: - alert: KubePersistentVolumeFillingUp annotations: description: Based on recent sampling, the PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is expected to fill up within four days. Currently {{ $value | humanizePercentage }} is available. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubepersistentvolumefillingup + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | ( @@ -1459,7 +1459,7 @@ spec: - alert: KubePersistentVolumeErrors annotations: description: The persistent volume {{ $labels.persistentvolume }} has status {{ $labels.phase }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubepersistentvolumeerrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors summary: PersistentVolume is having issues with provisioning. expr: | kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 @@ -1471,7 +1471,7 @@ spec: - alert: KubeVersionMismatch annotations: description: There are {{ $value }} different semantic versions of Kubernetes components running. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeversionmismatch + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch summary: Different semantic versions of Kubernetes components running. expr: | count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 @@ -1481,7 +1481,7 @@ spec: - alert: KubeClientErrors annotations: description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance }}' is experiencing {{ $value | humanizePercentage }} errors.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeclienterrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors summary: Kubernetes API server client is experiencing errors. expr: | (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) @@ -1496,7 +1496,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeapierrorbudgetburn + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) @@ -1510,7 +1510,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeapierrorbudgetburn + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) @@ -1524,7 +1524,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeapierrorbudgetburn + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) @@ -1538,7 +1538,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeapierrorbudgetburn + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) @@ -1554,7 +1554,7 @@ spec: - alert: KubeClientCertificateExpiration annotations: description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeclientcertificateexpiration + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 @@ -1563,7 +1563,7 @@ spec: - alert: KubeClientCertificateExpiration annotations: description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeclientcertificateexpiration + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 @@ -1572,7 +1572,7 @@ spec: - alert: AggregatedAPIErrors annotations: description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-aggregatedapierrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors summary: An aggregated API has reported errors. expr: | sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 @@ -1581,7 +1581,7 @@ spec: - alert: AggregatedAPIDown annotations: description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has been only {{ $value | humanize }}% available over the last 10m. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-aggregatedapidown + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown summary: An aggregated API is down. expr: | (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 @@ -1591,7 +1591,7 @@ spec: - alert: KubeAPIDown annotations: description: KubeAPI has disappeared from Prometheus target discovery. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeapidown + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapidown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="apiserver"} == 1) @@ -1603,7 +1603,7 @@ spec: - alert: KubeNodeNotReady annotations: description: '{{ $labels.node }} has been unready for more than 15 minutes.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubenodenotready + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodenotready summary: Node is not ready. expr: | kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 @@ -1613,7 +1613,7 @@ spec: - alert: KubeNodeUnreachable annotations: description: '{{ $labels.node }} is unreachable and some workloads may be rescheduled.' - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubenodeunreachable + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable summary: Node is unreachable. expr: | (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 @@ -1623,7 +1623,7 @@ spec: - alert: KubeletTooManyPods annotations: description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage }} of its Pod capacity. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubelettoomanypods + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods summary: Kubelet is running at capacity. expr: | count by(node) ( @@ -1639,7 +1639,7 @@ spec: - alert: KubeNodeReadinessFlapping annotations: description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubenodereadinessflapping + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping summary: Node readiness status is flapping. expr: | sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 @@ -1649,7 +1649,7 @@ spec: - alert: KubeletPlegDurationHigh annotations: description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletplegdurationhigh + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. expr: | node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 @@ -1659,7 +1659,7 @@ spec: - alert: KubeletPodStartUpLatencyHigh annotations: description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletpodstartuplatencyhigh + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh summary: Kubelet Pod startup latency is too high. expr: | histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 @@ -1669,7 +1669,7 @@ spec: - alert: KubeletClientCertificateExpiration annotations: description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletclientcertificateexpiration + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | kubelet_certificate_manager_client_ttl_seconds < 604800 @@ -1678,7 +1678,7 @@ spec: - alert: KubeletClientCertificateExpiration annotations: description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletclientcertificateexpiration + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | kubelet_certificate_manager_client_ttl_seconds < 86400 @@ -1687,7 +1687,7 @@ spec: - alert: KubeletServerCertificateExpiration annotations: description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletservercertificateexpiration + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | kubelet_certificate_manager_server_ttl_seconds < 604800 @@ -1696,7 +1696,7 @@ spec: - alert: KubeletServerCertificateExpiration annotations: description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletservercertificateexpiration + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | kubelet_certificate_manager_server_ttl_seconds < 86400 @@ -1705,7 +1705,7 @@ spec: - alert: KubeletClientCertificateRenewalErrors annotations: description: Kubelet on node {{ $labels.node }} has failed to renew its client certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletclientcertificaterenewalerrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors summary: Kubelet has failed to renew its client certificate. expr: | increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 @@ -1715,7 +1715,7 @@ spec: - alert: KubeletServerCertificateRenewalErrors annotations: description: Kubelet on node {{ $labels.node }} has failed to renew its server certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletservercertificaterenewalerrors + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors summary: Kubelet has failed to renew its server certificate. expr: | increase(kubelet_server_expiration_renew_errors[5m]) > 0 @@ -1725,7 +1725,7 @@ spec: - alert: KubeletDown annotations: description: Kubelet has disappeared from Prometheus target discovery. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeletdown + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletdown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="kubelet", metrics_path="/metrics"} == 1) @@ -1737,7 +1737,7 @@ spec: - alert: KubeSchedulerDown annotations: description: KubeScheduler has disappeared from Prometheus target discovery. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeschedulerdown + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeschedulerdown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="kube-scheduler"} == 1) @@ -1749,7 +1749,7 @@ spec: - alert: KubeControllerManagerDown annotations: description: KubeControllerManager has disappeared from Prometheus target discovery. - runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubecontrollermanagerdown + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="kube-controller-manager"} == 1) From a05f39b65db128e84c5e81fc0e0466f303d55880 Mon Sep 17 00:00:00 2001 From: Mike Kamornikov Date: Wed, 25 Nov 2020 15:50:11 +0300 Subject: [PATCH 026/388] bump grafana version to 7.1.5 --- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 95ec582d..dec38499 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -114,7 +114,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; _config+:: { namespace: 'default', - versions+:: { grafana: '7.1.0', kubeRbacProxy: 'v0.8.0' }, + versions+:: { grafana: '7.1.5', kubeRbacProxy: 'v0.8.0' }, imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, tlsCipherSuites: [ From 469523e572df8587ab703568525b58b418986af7 Mon Sep 17 00:00:00 2001 From: Mike Kamornikov Date: Wed, 25 Nov 2020 15:53:08 +0300 Subject: [PATCH 027/388] make generate --- manifests/grafana-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 589b1ade..fea10196 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -19,7 +19,7 @@ spec: spec: containers: - env: [] - image: grafana/grafana:7.1.0 + image: grafana/grafana:7.1.5 name: grafana ports: - containerPort: 3000 From 3522d642aa66a42399cf6a998130449eabd1a0ba Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Wed, 25 Nov 2020 15:48:41 +0100 Subject: [PATCH 028/388] OWNERS: Add kakkoyun to the reviewers section --- OWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/OWNERS b/OWNERS index a4d52133..ec5866b0 100644 --- a/OWNERS +++ b/OWNERS @@ -1,5 +1,6 @@ reviewers: - brancz + - kakkoyun - metalmatze - mxinden - s-urbaniak From 6ec37c8be64279caeeb38972e662c999c8a31e84 Mon Sep 17 00:00:00 2001 From: Kemal Akkoyun Date: Thu, 26 Nov 2020 12:48:48 +0300 Subject: [PATCH 029/388] Fix wrong indentation for affinity rule Signed-off-by: Kemal Akkoyun --- jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet index 9fd0eb78..3916fbce 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet @@ -4,6 +4,7 @@ podAntiAffinity: { preferredDuringSchedulingIgnoredDuringExecution: [ { + weight: 100, podAffinityTerm: { namespaces: [namespace], topologyKey: 'kubernetes.io/hostname', @@ -14,7 +15,6 @@ values: values, }], }, - weight: 100, }, }, ], From d2f051745efc3a100c17090f6798cb9bb9a0ceba Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 27 Nov 2020 10:27:53 +0100 Subject: [PATCH 030/388] jsonnet/kube-prometheus: update grafana version to 7.3.4 --- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 71ec5447..26943f12 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -114,7 +114,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; _config+:: { namespace: 'default', - versions+:: { grafana: '7.1.5', kubeRbacProxy: 'v0.8.0' }, + versions+:: { grafana: '7.3.4', kubeRbacProxy: 'v0.8.0' }, imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, tlsCipherSuites: [ From 17cbb1bf8522c53da1e7d750e5738dc2b3215770 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 27 Nov 2020 10:28:09 +0100 Subject: [PATCH 031/388] manifests: regenerate --- manifests/grafana-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index fea10196..221f2c32 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -19,7 +19,7 @@ spec: spec: containers: - env: [] - image: grafana/grafana:7.1.5 + image: grafana/grafana:7.3.4 name: grafana ports: - containerPort: 3000 From 297b6817a4b13b73d6b243891fb3e55167170e77 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Fri, 27 Nov 2020 12:51:43 +0100 Subject: [PATCH 032/388] Add Thanos sidecar alerts Signed-off-by: Simon Pasquier --- jsonnet/kube-prometheus/jsonnetfile.json | 9 +++++++++ .../kube-prometheus-thanos-sidecar.libsonnet | 1 + jsonnetfile.lock.json | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index b495d05a..b74b034d 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -82,6 +82,15 @@ }, "version": "release-2.22", "name": "prometheus" + }, + { + "source": { + "git": { + "remote": "https://github.com/thanos-io/thanos", + "subdir": "mixin" + } + }, + "version": "release-0.17" } ], "legacyImports": true diff --git a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet index 7d98c309..c42811c1 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet @@ -1,3 +1,4 @@ +(import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { _config+:: { versions+:: { thanos: 'v0.14.0' }, diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 883c61e7..a525a227 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -133,6 +133,16 @@ "sum": "CGxvaHkP7z/gnsLB/8Imvt/AnW+9nJUnTcL+fvIAZUs=", "name": "prometheus" }, + { + "source": { + "git": { + "remote": "https://github.com/thanos-io/thanos.git", + "subdir": "mixin" + } + }, + "version": "f6ffb89898a966d87dcc2ad4a0bc6c0db1e61a0b", + "sum": "OptiWUMOHFrRGTZhSfxV1RCeXZ90qsefGNTD4lDYVG0=" + }, { "source": { "local": { From 874be477b4a898fe795646c6df7b6dc006135f9c Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Fri, 27 Nov 2020 15:49:50 +0100 Subject: [PATCH 033/388] Thanos sidecar: use fields from the prometheus object Instead of name and namespace fields coming from the global config. Signed-off-by: Simon Pasquier --- .../kube-prometheus-thanos-sidecar.libsonnet | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet index 7d98c309..63501454 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet @@ -10,6 +10,8 @@ }, }, prometheus+:: { + local p = self, + // Add the grpc port to the Prometheus service to be able to query it with the Thanos Querier service+: { spec+: { @@ -23,16 +25,16 @@ apiVersion: 'v1', kind: 'Service', metadata: { - name: 'prometheus-' + $._config.prometheus.name + '-thanos-sidecar', - namespace: $._config.namespace, - labels: { prometheus: $._config.prometheus.name, app: 'thanos-sidecar' }, + name: 'prometheus-' + p.name + '-thanos-sidecar', + namespace: p.namespace, + labels: { prometheus: p.name, app: 'thanos-sidecar' }, }, spec: { ports: [ { name: 'grpc', port: 10901, targetPort: 10901 }, { name: 'http', port: 10902, targetPort: 10902 }, ], - selector: { app: 'prometheus', prometheus: $._config.prometheus.name }, + selector: { app: 'prometheus', prometheus: p.name }, clusterIP: 'None', }, }, @@ -51,7 +53,7 @@ kind: 'ServiceMonitor', metadata: { name: 'thanos-sidecar', - namespace: $._config.namespace, + namespace: p.namespace, labels: { 'k8s-app': 'prometheus', }, @@ -61,7 +63,7 @@ jobLabel: 'app', selector: { matchLabels: { - prometheus: $._config.prometheus.name, + prometheus: p.name, app: 'thanos-sidecar', }, }, From 91fc8c92c2381721858d348ce186e279a6a318b1 Mon Sep 17 00:00:00 2001 From: Jake Hill Date: Mon, 30 Nov 2020 10:27:40 +0000 Subject: [PATCH 034/388] Sync kubernetes-mixin Updated to fix doubled CPU issue; https://github.com/kubernetes-monitoring/kubernetes-mixin/pull/456 Signed-off-by: Jake Hill --- jsonnetfile.lock.json | 24 +- manifests/grafana-dashboardDefinitions.yaml | 432 +++++++++++++------- manifests/prometheus-rules.yaml | 10 +- 3 files changed, 302 insertions(+), 164 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index a525a227..32e23654 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "02ac326459f46d6f30a766ce2f9a45337a745db0", - "sum": "r7kj5f5w7aVB7vO++dI9vbHhzoW8PpyVLSA7gOiouZ0=" + "version": "3dd98c495e511ee7d5c0ba9b27697bd0f703b537", + "sum": "61N5W/7mcAKNQ1CS38XUsNNQbR1T7M3wCv3R7UgHcr0=" }, { "source": { @@ -18,8 +18,8 @@ "subdir": "Documentation/etcd-mixin" } }, - "version": "7da5182f1d02c0baaefd52f361fd0459d5b6703e", - "sum": "L+PGlPK9mykGCJ9TIoEWdhMBjz+9lKuQ4YZ8fOeP9sk=" + "version": "28d1af294e4394df1ed967a4ac4fbaf437be3463", + "sum": "bLqTqEr0jky9zz5MV/7ucn6H5mph2NlXas0TVnGNB1Y=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "fe3e027c5a0d8311e1bd6cd9de2c295707c3ae76", + "version": "12bd9ba3ae568159f8e3b04dfab0ba6f8a3ae2c0", "sum": "mD0zEP9FVFXeag7EaeS5OvUr2A9D6DQhGemoNn6+PLc=" }, { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "8a98e9c6fab000ef090b8d313292043696a8b3bb", - "sum": "btFPZfE2paWZdvLtFwv4gfDoygj1axt7Q4ACGSdeuJ8=" + "version": "7e3f51759542483f7395ea29cf2dc46ea4dbc699", + "sum": "+pR3jhdG/EZTNjy8S9TBWjMXUJLTmx7HcQC5oKzwi6k=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "8a98e9c6fab000ef090b8d313292043696a8b3bb", + "version": "7e3f51759542483f7395ea29cf2dc46ea4dbc699", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "a4867d8809ba60a59013034646d0a4bc89576b9c", + "version": "eba9142028841d5181ce09836fb1e0c2cf54f90c", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "7134bc321bda7e69db0aacc9a41949167de7a56f", + "version": "56720e5bc058f42c1879f6f449f7a605e18ac0a8", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -119,7 +119,7 @@ "subdir": "docs/node-mixin" } }, - "version": "f645d4924224f1f3abab7b20798ca8e24957724c", + "version": "8b466360a35581e0301bd22918be7011cf4203c3", "sum": "rvyiD/yCB4BeYAWqYF53bP8c+aCUt2ipLHW2Ea8ELO8=" }, { @@ -129,7 +129,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "00f16d1ac3a4c94561e5133b821d8e4d9ef78ec2", + "version": "de1c1243f4dd66fbac3e8213e9a7bd8dbc9f38b2", "sum": "CGxvaHkP7z/gnsLB/8Imvt/AnW+9nJUnTcL+fvIAZUs=", "name": "prometheus" }, diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index e11e95af..1247bd91 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -142,7 +142,7 @@ items: "dashes": false, "datasource": "$datasource", "decimals": 3, - "description": "How much error budget is left looking at our 0.990% availability gurantees?", + "description": "How much error budget is left looking at our 0.990% availability guarantees?", "fill": 10, "fillGradient": 0, "gridPos": { @@ -1839,7 +1839,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -1942,7 +1942,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -2243,7 +2243,7 @@ items: ], "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2252,7 +2252,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2261,7 +2261,7 @@ items: "step": 10 }, { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2270,7 +2270,7 @@ items: "step": 10 }, { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2279,7 +2279,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2288,7 +2288,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2297,7 +2297,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2306,7 +2306,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "table", "instant": true, "intervalFactor": 2, @@ -2386,7 +2386,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -2489,7 +2489,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -2620,7 +2620,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -2721,7 +2721,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -2833,7 +2833,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -2934,7 +2934,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -3055,7 +3055,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -3156,7 +3156,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{namespace}}", @@ -3261,7 +3261,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs[$interval:$resolution])) by (instance))", + "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{instance}}", @@ -3366,7 +3366,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs[$interval:$resolution])) by (instance))", + "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{instance}}", @@ -3530,6 +3530,32 @@ items: "refresh": 1, "regex": "", "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false } ] }, @@ -4768,7 +4794,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[$__interval]))", + "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[$__rate_interval]))", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -6294,7 +6320,7 @@ items: ], "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6303,7 +6329,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6312,7 +6338,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6321,7 +6347,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6330,7 +6356,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6339,7 +6365,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6439,7 +6465,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -6537,7 +6563,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -6635,7 +6661,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -6733,7 +6759,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -6831,7 +6857,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -6929,7 +6955,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -7027,7 +7053,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -7125,7 +7151,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__interval])) by (namespace)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -8733,7 +8759,7 @@ items: ], "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8742,7 +8768,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8751,7 +8777,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8760,7 +8786,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8769,7 +8795,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8778,7 +8804,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8878,7 +8904,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -8976,7 +9002,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -9074,7 +9100,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -9172,7 +9198,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -9270,7 +9296,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -9368,7 +9394,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11564,7 +11590,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11663,7 +11689,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11762,7 +11788,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11861,7 +11887,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11960,7 +11986,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -12059,7 +12085,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13219,7 +13245,7 @@ items: ], "targets": [ { - "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13228,7 +13254,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13237,7 +13263,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13246,7 +13272,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13255,7 +13281,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13264,7 +13290,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -13364,7 +13390,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13462,7 +13488,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13560,7 +13586,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13658,7 +13684,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13756,7 +13782,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13854,7 +13880,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -13952,7 +13978,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -14050,7 +14076,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -15420,7 +15446,7 @@ items: ], "targets": [ { - "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15429,7 +15455,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15438,7 +15464,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15447,7 +15473,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15456,7 +15482,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15465,7 +15491,7 @@ items: "step": 10 }, { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15565,7 +15591,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -15663,7 +15689,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -15761,7 +15787,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -15859,7 +15885,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -15957,7 +15983,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -16055,7 +16081,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -16153,7 +16179,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -16251,7 +16277,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}}", @@ -19131,7 +19157,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution]))", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", "format": "time_series", "instant": null, "intervalFactor": 1, @@ -19258,7 +19284,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution]))", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", "format": "time_series", "instant": null, "intervalFactor": 1, @@ -19490,7 +19516,7 @@ items: ], "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -19499,7 +19525,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -19508,7 +19534,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -19517,7 +19543,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -19526,7 +19552,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -19535,7 +19561,7 @@ items: "step": 10 }, { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -19623,7 +19649,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -19724,7 +19750,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -19836,7 +19862,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -19937,7 +19963,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -20058,7 +20084,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -20159,7 +20185,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -20244,6 +20270,32 @@ items: "regex": "", "type": "datasource" }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, { "allValue": ".+", "auto": false, @@ -20254,7 +20306,7 @@ items: "value": "kube-system" }, "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total, namespace)", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "hide": 0, "includeAll": true, "label": null, @@ -20263,7 +20315,7 @@ items: "options": [ ], - "query": "label_values(container_network_receive_packets_total, namespace)", + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -20504,7 +20556,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ workload }}", @@ -20607,7 +20659,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ workload }}", @@ -20908,7 +20960,7 @@ items: ], "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20917,7 +20969,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20926,7 +20978,7 @@ items: "step": 10 }, { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20935,7 +20987,7 @@ items: "step": 10 }, { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20944,7 +20996,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20953,7 +21005,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20962,7 +21014,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -20971,7 +21023,7 @@ items: "step": 10 }, { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -21051,7 +21103,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ workload }}", @@ -21154,7 +21206,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ workload }}", @@ -21285,7 +21337,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{workload}}", @@ -21386,7 +21438,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{workload}}", @@ -21498,7 +21550,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{workload}}", @@ -21599,7 +21651,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{workload}}", @@ -21720,7 +21772,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{workload}}", @@ -21821,7 +21873,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{workload}}", @@ -21906,6 +21958,32 @@ items: "regex": "", "type": "datasource" }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, { "allValue": null, "auto": false, @@ -21916,7 +21994,7 @@ items: "value": "kube-system" }, "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total, namespace)", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "hide": 0, "includeAll": false, "label": null, @@ -21925,7 +22003,7 @@ items: "options": [ ], - "query": "label_values(container_network_receive_packets_total, namespace)", + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -21948,7 +22026,7 @@ items: "value": "deployment" }, "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", "hide": 0, "includeAll": false, "label": null, @@ -21957,7 +22035,7 @@ items: "options": [ ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -25716,7 +25794,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", "format": "time_series", "instant": null, "intervalFactor": 1, @@ -25843,7 +25921,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", "format": "time_series", "instant": null, "intervalFactor": 1, @@ -25940,7 +26018,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -26041,7 +26119,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -26153,7 +26231,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -26254,7 +26332,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -26375,7 +26453,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -26476,7 +26554,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -26561,6 +26639,32 @@ items: "regex": "", "type": "datasource" }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, { "allValue": ".+", "auto": false, @@ -26571,7 +26675,7 @@ items: "value": "kube-system" }, "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total, namespace)", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "hide": 0, "includeAll": true, "label": null, @@ -26580,7 +26684,7 @@ items: "options": [ ], - "query": "label_values(container_network_receive_packets_total, namespace)", + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -26603,7 +26707,7 @@ items: "value": "" }, "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{namespace=~\"$namespace\"}, pod)", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", "hide": 0, "includeAll": false, "label": null, @@ -26612,7 +26716,7 @@ items: "options": [ ], - "query": "label_values(container_network_receive_packets_total{namespace=~\"$namespace\"}, pod)", + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -31972,7 +32076,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))", + "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -32055,7 +32159,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3", + "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -32138,7 +32242,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))", + "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -32903,7 +33007,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ pod }}", @@ -33006,7 +33110,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ pod }}", @@ -33120,7 +33224,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ pod }}", @@ -33223,7 +33327,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ pod }}", @@ -33354,7 +33458,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -33455,7 +33559,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -33567,7 +33671,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -33668,7 +33772,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -33789,7 +33893,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -33890,7 +33994,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -33975,6 +34079,32 @@ items: "regex": "", "type": "datasource" }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, { "allValue": ".+", "auto": false, @@ -33985,7 +34115,7 @@ items: "value": "kube-system" }, "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total, namespace)", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "hide": 0, "includeAll": true, "label": null, @@ -33994,7 +34124,7 @@ items: "options": [ ], - "query": "label_values(container_network_receive_packets_total, namespace)", + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -34017,7 +34147,7 @@ items: "value": "" }, "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\"}, workload)", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", "hide": 0, "includeAll": false, "label": null, @@ -34026,7 +34156,7 @@ items: "options": [ ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\"}, workload)", + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", "refresh": 1, "regex": "", "skipUrlSync": false, @@ -34049,7 +34179,7 @@ items: "value": "deployment" }, "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", "hide": 0, "includeAll": false, "label": null, @@ -34058,7 +34188,7 @@ items: "options": [ ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", "refresh": 1, "regex": "", "skipUrlSync": false, diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index cf1bf4ea..988ec85f 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -1299,6 +1299,14 @@ spec: != kube_hpa_status_current_replicas{job="kube-state-metrics"}) and + (kube_hpa_status_current_replicas{job="kube-state-metrics"} + > + kube_hpa_spec_min_replicas{job="kube-state-metrics"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics"} + < + kube_hpa_spec_max_replicas{job="kube-state-metrics"}) + and changes(kube_hpa_status_current_replicas[15m]) == 0 for: 15m labels: @@ -1368,7 +1376,7 @@ spec: expr: | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) / - sum(kube_node_status_allocatable_memory_bytes{job="node-exporter"}) + sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) > 1.5 for: 5m labels: From c02e0c0e31d06e1d621138341516a05c0da499e0 Mon Sep 17 00:00:00 2001 From: Samuel Lockart Date: Tue, 1 Dec 2020 09:18:31 +1100 Subject: [PATCH 035/388] make the alert rule better represent the alert --- jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet index c4230e19..d4dd9652 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet @@ -72,7 +72,7 @@ name: 'kube-prometheus-eks.rules', rules: [ { - expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $._config.eks.minimumAvailableIPs, + expr: 'sum by(instance) (awscni_ip_max) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $._config.eks.minimumAvailableIPs, labels: { severity: 'critical', }, From e0358a4b26dcc334909ca27ffa10a8c7994e2770 Mon Sep 17 00:00:00 2001 From: Samuel Lockart Date: Tue, 1 Dec 2020 09:37:22 +1100 Subject: [PATCH 036/388] following contributer steps * Update the pinned kube-prometheus dependency in jsonnetfile.lock.json: `jb update` * Generate dependent *.yaml files: make generate --- go.mod | 1 + go.sum | 7 + manifests/prometheus-rules.yaml | 301 +- ...managerConfigCustomResourceDefinition.yaml | 420 +- ...0alertmanagerCustomResourceDefinition.yaml | 3049 ++++++++++--- ...r-0podmonitorCustomResourceDefinition.yaml | 231 +- ...erator-0probeCustomResourceDefinition.yaml | 100 +- ...r-0prometheusCustomResourceDefinition.yaml | 3967 +++++++++++++---- ...rometheusruleCustomResourceDefinition.yaml | 13 +- ...ervicemonitorCustomResourceDefinition.yaml | 247 +- ...-0thanosrulerCustomResourceDefinition.yaml | 3093 ++++++++++--- 11 files changed, 8725 insertions(+), 2704 deletions(-) diff --git a/go.mod b/go.mod index b0bfa19c..36b8d347 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.15 require ( github.com/Jeffail/gabs v1.4.0 + github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 // indirect github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.8.0 k8s.io/apimachinery v0.19.3 diff --git a/go.sum b/go.sum index 1fca7e54..e4e8ee5f 100644 --- a/go.sum +++ b/go.sum @@ -54,6 +54,7 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -208,6 +209,8 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUptJtnUpai802MibFc= +github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -233,6 +236,8 @@ github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRU github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.6 h1:SrwhHcpV4nWrMGdNcC2kXpMfcBVYGDuTArqyhocJgvA= +github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -443,6 +448,8 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index 988ec85f..ddef42e8 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -762,17 +762,21 @@ spec: record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - name: kube-prometheus-node-recording.rules rules: - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) + BY (instance) record: instance:node_cpu:rate:sum - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) record: instance:node_network_receive_bytes:rate:sum - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) record: instance:node_network_transmit_bytes:rate:sum - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) + BY (instance, cpu)) BY (instance) record: instance:node_cpu:ratio - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) record: cluster:node_cpu:sum_rate5m - - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) + BY (instance, cpu)) record: cluster:node_cpu:ratio - name: kube-prometheus-general.rules rules: @@ -784,7 +788,9 @@ spec: rules: - alert: KubeStateMetricsListErrors annotations: - description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + description: kube-state-metrics is experiencing errors at an elevated rate + in list operations. This is likely causing it to not be able to expose metrics + about Kubernetes objects correctly or at all. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors summary: kube-state-metrics is experiencing errors in list operations. expr: | @@ -797,7 +803,9 @@ spec: severity: critical - alert: KubeStateMetricsWatchErrors annotations: - description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + description: kube-state-metrics is experiencing errors at an elevated rate + in watch operations. This is likely causing it to not be able to expose + metrics about Kubernetes objects correctly or at all. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors summary: kube-state-metrics is experiencing errors in watch operations. expr: | @@ -812,7 +820,9 @@ spec: rules: - alert: NodeFilesystemSpaceFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left and is filling + up. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 24 hours. expr: | @@ -828,7 +838,9 @@ spec: severity: warning - alert: NodeFilesystemSpaceFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left and is filling + up fast. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 4 hours. expr: | @@ -844,7 +856,8 @@ spec: severity: critical - alert: NodeFilesystemAlmostOutOfSpace annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 5% space left. expr: | @@ -858,7 +871,8 @@ spec: severity: warning - alert: NodeFilesystemAlmostOutOfSpace annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available space left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 3% space left. expr: | @@ -872,7 +886,9 @@ spec: severity: critical - alert: NodeFilesystemFilesFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left and is filling + up. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 24 hours. expr: | @@ -888,7 +904,9 @@ spec: severity: warning - alert: NodeFilesystemFilesFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left and is filling + up fast. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 4 hours. expr: | @@ -904,7 +922,8 @@ spec: severity: critical - alert: NodeFilesystemAlmostOutOfFiles annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 5% inodes left. expr: | @@ -918,7 +937,8 @@ spec: severity: warning - alert: NodeFilesystemAlmostOutOfFiles annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} + has only {{ printf "%.2f" $value }}% available inodes left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 3% inodes left. expr: | @@ -932,7 +952,8 @@ spec: severity: critical - alert: NodeNetworkReceiveErrs annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered + {{ printf "%.0f" $value }} receive errors in the last two minutes.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs summary: Network interface is reporting many receive errors. expr: | @@ -942,7 +963,8 @@ spec: severity: warning - alert: NodeNetworkTransmitErrs annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered + {{ printf "%.0f" $value }} transmit errors in the last two minutes.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs summary: Network interface is reporting many transmit errors. expr: | @@ -970,7 +992,8 @@ spec: severity: warning - alert: NodeClockSkewDetected annotations: - message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + message: Clock on {{ $labels.instance }} is out of sync by more than 300s. + Ensure NTP is configured correctly on this host. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected summary: Clock skew detected. expr: | @@ -990,7 +1013,8 @@ spec: severity: warning - alert: NodeClockNotSynchronising annotations: - message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. + message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP + is configured on this host. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising summary: Clock not synchronising. expr: | @@ -1002,7 +1026,9 @@ spec: severity: warning - alert: NodeRAIDDegraded annotations: - description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. + description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is + in degraded state due to one or more disks failures. Number of spare drives + is insufficient to fix issue automatically. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded summary: RAID Array is degraded expr: | @@ -1012,7 +1038,8 @@ spec: severity: critical - alert: NodeRAIDDiskFailure annotations: - description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. + description: At least one device in RAID array on {{ $labels.instance }} failed. + Array '{{ $labels.device }}' needs attention and possibly a disk swap. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure summary: Failed device in RAID array expr: | @@ -1023,7 +1050,8 @@ spec: rules: - alert: PrometheusOperatorListErrors annotations: - description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. + description: Errors while performing List operations in controller {{$labels.controller}} + in {{$labels.namespace}} namespace. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors summary: Errors while performing list operations in controller. expr: | @@ -1033,7 +1061,8 @@ spec: severity: warning - alert: PrometheusOperatorWatchErrors annotations: - description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. + description: Errors while performing watch operations in controller {{$labels.controller}} + in {{$labels.namespace}} namespace. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors summary: Errors while performing watch operations in controller. expr: | @@ -1043,7 +1072,8 @@ spec: severity: warning - alert: PrometheusOperatorSyncFailed annotations: - description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. + description: Controller {{ $labels.controller }} in {{ $labels.namespace }} + namespace fails to reconcile {{ $value }} objects. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed summary: Last controller reconciliation failed expr: | @@ -1053,7 +1083,9 @@ spec: severity: warning - alert: PrometheusOperatorReconcileErrors annotations: - description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' + description: '{{ $value | humanizePercentage }} of reconciling operations + failed for {{ $labels.controller }} controller in {{ $labels.namespace }} + namespace.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors summary: Errors while reconciling controller. expr: | @@ -1063,7 +1095,8 @@ spec: severity: warning - alert: PrometheusOperatorNodeLookupErrors annotations: - description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. + description: Errors while reconciling Prometheus in {{ $labels.namespace }} + Namespace. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors summary: Errors while reconciling Prometheus. expr: | @@ -1073,7 +1106,8 @@ spec: severity: warning - alert: PrometheusOperatorNotReady annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. + description: Prometheus operator in {{ $labels.namespace }} namespace isn't + ready to reconcile {{ $labels.controller }} resources. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready summary: Prometheus operator not ready expr: | @@ -1083,7 +1117,9 @@ spec: severity: warning - alert: PrometheusOperatorRejectedResources annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. + description: Prometheus operator in {{ $labels.namespace }} namespace rejected + {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource + }} resources. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources summary: Resources rejected by Prometheus operator expr: | @@ -1095,7 +1131,8 @@ spec: rules: - alert: KubePodCrashLooping annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container + }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping summary: Pod is crash looping. expr: | @@ -1105,7 +1142,8 @@ spec: severity: warning - alert: KubePodNotReady annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 15 minutes. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready + state for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready summary: Pod has been in a non-ready state for more than 15 minutes. expr: | @@ -1121,7 +1159,9 @@ spec: severity: warning - alert: KubeDeploymentGenerationMismatch annotations: - description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment }} does not match, this indicates that the Deployment has failed but has not been rolled back. + description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment + }} does not match, this indicates that the Deployment has failed but has + not been rolled back. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch summary: Deployment generation mismatch due to possible roll-back expr: | @@ -1133,7 +1173,8 @@ spec: severity: warning - alert: KubeDeploymentReplicasMismatch annotations: - description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has not matched the expected number of replicas for longer than 15 minutes. + description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has + not matched the expected number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | @@ -1151,7 +1192,8 @@ spec: severity: warning - alert: KubeStatefulSetReplicasMismatch annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. + description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} + has not matched the expected number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | @@ -1169,7 +1211,9 @@ spec: severity: warning - alert: KubeStatefulSetGenerationMismatch annotations: - description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset }} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset + }} does not match, this indicates that the StatefulSet has failed but has + not been rolled back. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch summary: StatefulSet generation mismatch due to possible roll-back expr: | @@ -1181,7 +1225,8 @@ spec: severity: warning - alert: KubeStatefulSetUpdateNotRolledOut annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} update has not been rolled out. + description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} + update has not been rolled out. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout summary: StatefulSet update has not been rolled out. expr: | @@ -1207,7 +1252,8 @@ spec: severity: warning - alert: KubeDaemonSetRolloutStuck annotations: - description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has not finished or progressed for at least 15 minutes. + description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has + not finished or progressed for at least 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck summary: DaemonSet rollout is stuck. expr: | @@ -1239,7 +1285,8 @@ spec: severity: warning - alert: KubeContainerWaiting annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} has been in waiting state for longer than 1 hour. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} + has been in waiting state for longer than 1 hour. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting summary: Pod container waiting longer than 1 hour expr: | @@ -1249,7 +1296,8 @@ spec: severity: warning - alert: KubeDaemonSetNotScheduled annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are not scheduled.' + description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset + }} are not scheduled.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled summary: DaemonSet pods are not scheduled. expr: | @@ -1261,7 +1309,8 @@ spec: severity: warning - alert: KubeDaemonSetMisScheduled annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are running where they are not supposed to run.' + description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset + }} are running where they are not supposed to run.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled summary: DaemonSet pods are misscheduled. expr: | @@ -1271,7 +1320,8 @@ spec: severity: warning - alert: KubeJobCompletion annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking more than 12 hours to complete. + description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking + more than 12 hours to complete. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion summary: Job did not complete in time expr: | @@ -1281,7 +1331,8 @@ spec: severity: warning - alert: KubeJobFailed annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to complete. Removing failed job after investigation should clear this alert. + description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to + complete. Removing failed job after investigation should clear this alert. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed summary: Job failed to complete. expr: | @@ -1291,7 +1342,8 @@ spec: severity: warning - alert: KubeHpaReplicasMismatch annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched the desired number of replicas for longer than 15 minutes. + description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched + the desired number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch summary: HPA has not matched descired number of replicas. expr: | @@ -1313,7 +1365,8 @@ spec: severity: warning - alert: KubeHpaMaxedOut annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running at max replicas for longer than 15 minutes. + description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running + at max replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout summary: HPA is running at max replicas expr: | @@ -1327,7 +1380,8 @@ spec: rules: - alert: KubeCPUOvercommit annotations: - description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + description: Cluster has overcommitted CPU resource requests for Pods and + cannot tolerate node failure. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | @@ -1341,7 +1395,8 @@ spec: severity: warning - alert: KubeMemoryOvercommit annotations: - description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + description: Cluster has overcommitted memory resource requests for Pods and + cannot tolerate node failure. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | @@ -1383,7 +1438,8 @@ spec: severity: warning - alert: KubeQuotaAlmostFull annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage + }} of its {{ $labels.resource }} quota. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull summary: Namespace quota is going to be full. expr: | @@ -1396,7 +1452,8 @@ spec: severity: info - alert: KubeQuotaFullyUsed annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage + }} of its {{ $labels.resource }} quota. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused summary: Namespace quota is fully used. expr: | @@ -1409,7 +1466,8 @@ spec: severity: info - alert: KubeQuotaExceeded annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage + }} of its {{ $labels.resource }} quota. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded summary: Namespace quota has exceeded the limits. expr: | @@ -1422,7 +1480,9 @@ spec: severity: warning - alert: CPUThrottlingHigh annotations: - description: '{{ $value | humanizePercentage }} throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ $labels.pod }}.' + description: '{{ $value | humanizePercentage }} throttling of CPU in namespace + {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ + $labels.pod }}.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh summary: Processes experience elevated CPU throttling. expr: | @@ -1437,7 +1497,9 @@ spec: rules: - alert: KubePersistentVolumeFillingUp annotations: - description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage }} free. + description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim + }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage + }} free. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | @@ -1450,7 +1512,10 @@ spec: severity: critical - alert: KubePersistentVolumeFillingUp annotations: - description: Based on recent sampling, the PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is expected to fill up within four days. Currently {{ $value | humanizePercentage }} is available. + description: Based on recent sampling, the PersistentVolume claimed by {{ + $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is + expected to fill up within four days. Currently {{ $value | humanizePercentage + }} is available. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | @@ -1466,7 +1531,8 @@ spec: severity: warning - alert: KubePersistentVolumeErrors annotations: - description: The persistent volume {{ $labels.persistentvolume }} has status {{ $labels.phase }}. + description: The persistent volume {{ $labels.persistentvolume }} has status + {{ $labels.phase }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors summary: PersistentVolume is having issues with provisioning. expr: | @@ -1478,7 +1544,8 @@ spec: rules: - alert: KubeVersionMismatch annotations: - description: There are {{ $value }} different semantic versions of Kubernetes components running. + description: There are {{ $value }} different semantic versions of Kubernetes + components running. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch summary: Different semantic versions of Kubernetes components running. expr: | @@ -1488,7 +1555,8 @@ spec: severity: warning - alert: KubeClientErrors annotations: - description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance }}' is experiencing {{ $value | humanizePercentage }} errors.' + description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance + }}' is experiencing {{ $value | humanizePercentage }} errors.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors summary: Kubernetes API server client is experiencing errors. expr: | @@ -1561,7 +1629,8 @@ spec: rules: - alert: KubeClientCertificateExpiration annotations: - description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + description: A client certificate used to authenticate to the apiserver is + expiring in less than 7.0 days. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | @@ -1570,7 +1639,8 @@ spec: severity: warning - alert: KubeClientCertificateExpiration annotations: - description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + description: A client certificate used to authenticate to the apiserver is + expiring in less than 24.0 hours. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | @@ -1579,7 +1649,10 @@ spec: severity: critical - alert: AggregatedAPIErrors annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} + has reported errors. The number of errors have increased for it in the past + five minutes. High values indicate that the availability of the service + changes too often. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors summary: An aggregated API has reported errors. expr: | @@ -1588,7 +1661,8 @@ spec: severity: warning - alert: AggregatedAPIDown annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has been only {{ $value | humanize }}% available over the last 10m. + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} + has been only {{ $value | humanize }}% available over the last 10m. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown summary: An aggregated API is down. expr: | @@ -1620,7 +1694,8 @@ spec: severity: warning - alert: KubeNodeUnreachable annotations: - description: '{{ $labels.node }} is unreachable and some workloads may be rescheduled.' + description: '{{ $labels.node }} is unreachable and some workloads may be + rescheduled.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable summary: Node is unreachable. expr: | @@ -1630,7 +1705,8 @@ spec: severity: warning - alert: KubeletTooManyPods annotations: - description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage }} of its Pod capacity. + description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage + }} of its Pod capacity. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods summary: Kubelet is running at capacity. expr: | @@ -1646,7 +1722,8 @@ spec: severity: warning - alert: KubeNodeReadinessFlapping annotations: - description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. + description: The readiness status of node {{ $labels.node }} has changed {{ + $value }} times in the last 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping summary: Node readiness status is flapping. expr: | @@ -1656,7 +1733,8 @@ spec: severity: warning - alert: KubeletPlegDurationHigh annotations: - description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{ $value }} seconds on node {{ $labels.node }}. + description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile + duration of {{ $value }} seconds on node {{ $labels.node }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. expr: | @@ -1666,7 +1744,8 @@ spec: severity: warning - alert: KubeletPodStartUpLatencyHigh annotations: - description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds on node {{ $labels.node }}. + description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds + on node {{ $labels.node }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh summary: Kubelet Pod startup latency is too high. expr: | @@ -1676,7 +1755,8 @@ spec: severity: warning - alert: KubeletClientCertificateExpiration annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + description: Client certificate for Kubelet on node {{ $labels.node }} expires + in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | @@ -1685,7 +1765,8 @@ spec: severity: warning - alert: KubeletClientCertificateExpiration annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + description: Client certificate for Kubelet on node {{ $labels.node }} expires + in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | @@ -1694,7 +1775,8 @@ spec: severity: critical - alert: KubeletServerCertificateExpiration annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + description: Server certificate for Kubelet on node {{ $labels.node }} expires + in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | @@ -1703,7 +1785,8 @@ spec: severity: warning - alert: KubeletServerCertificateExpiration annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + description: Server certificate for Kubelet on node {{ $labels.node }} expires + in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | @@ -1712,7 +1795,8 @@ spec: severity: critical - alert: KubeletClientCertificateRenewalErrors annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its client certificate ({{ $value | humanize }} errors in the last 5 minutes). + description: Kubelet on node {{ $labels.node }} has failed to renew its client + certificate ({{ $value | humanize }} errors in the last 5 minutes). runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors summary: Kubelet has failed to renew its client certificate. expr: | @@ -1722,7 +1806,8 @@ spec: severity: warning - alert: KubeletServerCertificateRenewalErrors annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its server certificate ({{ $value | humanize }} errors in the last 5 minutes). + description: Kubelet on node {{ $labels.node }} has failed to renew its server + certificate ({{ $value | humanize }} errors in the last 5 minutes). runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors summary: Kubelet has failed to renew its server certificate. expr: | @@ -1756,7 +1841,8 @@ spec: rules: - alert: KubeControllerManagerDown annotations: - description: KubeControllerManager has disappeared from Prometheus target discovery. + description: KubeControllerManager has disappeared from Prometheus target + discovery. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown summary: Target disappeared from Prometheus target discovery. expr: | @@ -1768,7 +1854,8 @@ spec: rules: - alert: PrometheusBadConfig annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to reload its configuration. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to + reload its configuration. summary: Failed Prometheus configuration reload. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -1779,8 +1866,10 @@ spec: severity: critical - alert: PrometheusNotificationQueueRunningFull annotations: - description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. - summary: Prometheus alert notification queue predicted to run full in less than 30m. + description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} + is running full. + summary: Prometheus alert notification queue predicted to run full in less + than 30m. expr: | # Without min_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. @@ -1794,8 +1883,10 @@ spec: severity: warning - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers annotations: - description: '{{ printf "%.1f" $value }}% errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' - summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. + description: '{{ printf "%.1f" $value }}% errors while sending alerts from + Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' + summary: Prometheus has encountered more than 1% errors sending alerts to + a specific Alertmanager. expr: | ( rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) @@ -1809,7 +1900,8 @@ spec: severity: warning - alert: PrometheusErrorSendingAlertsToAnyAlertmanager annotations: - description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' + description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts + from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. expr: | min without(alertmanager) ( @@ -1824,7 +1916,8 @@ spec: severity: critical - alert: PrometheusNotConnectedToAlertmanagers annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected + to any Alertmanagers. summary: Prometheus is not connected to any Alertmanagers. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -1835,7 +1928,8 @@ spec: severity: warning - alert: PrometheusTSDBReloadsFailing annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} reload failures over the last 3h. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected + {{$value | humanize}} reload failures over the last 3h. summary: Prometheus has issues reloading blocks from disk. expr: | increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -1844,7 +1938,8 @@ spec: severity: warning - alert: PrometheusTSDBCompactionsFailing annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} compaction failures over the last 3h. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected + {{$value | humanize}} compaction failures over the last 3h. summary: Prometheus has issues compacting blocks. expr: | increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -1853,7 +1948,8 @@ spec: severity: warning - alert: PrometheusNotIngestingSamples annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting + samples. summary: Prometheus is not ingesting samples. expr: | rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 @@ -1862,7 +1958,9 @@ spec: severity: warning - alert: PrometheusDuplicateTimestamps annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with different values but duplicated timestamp. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping + {{ printf "%.4g" $value }} samples/s with different values but duplicated + timestamp. summary: Prometheus is dropping samples with duplicate timestamps. expr: | rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -1871,7 +1969,8 @@ spec: severity: warning - alert: PrometheusOutOfOrderTimestamps annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping + {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. summary: Prometheus drops samples with out-of-order timestamps. expr: | rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -1880,7 +1979,9 @@ spec: severity: warning - alert: PrometheusRemoteStorageFailures annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ $labels.url }} + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send + {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ + $labels.url }} summary: Prometheus fails to send samples to remote storage. expr: | ( @@ -1899,7 +2000,9 @@ spec: severity: critical - alert: PrometheusRemoteWriteBehind annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url }}. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write + is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url + }}. summary: Prometheus remote write is behind. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -1915,8 +2018,13 @@ spec: severity: critical - alert: PrometheusRemoteWriteDesiredShards annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write desired shards calculation wants to run {{ $value }} shards for queue {{ $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` $labels.instance | query | first | value }}. - summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write + desired shards calculation wants to run {{ $value }} shards for queue {{ + $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ + printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` + $labels.instance | query | first | value }}. + summary: Prometheus remote write desired shards calculation wants to run more + than configured max shards. expr: | # Without max_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. @@ -1930,7 +2038,8 @@ spec: severity: warning - alert: PrometheusRuleFailures annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to evaluate {{ printf "%.0f" $value }} rules in the last 5m. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to + evaluate {{ printf "%.0f" $value }} rules in the last 5m. summary: Prometheus is failing rule evaluations. expr: | increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -1939,7 +2048,8 @@ spec: severity: critical - alert: PrometheusMissingRuleEvaluations annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ printf "%.0f" $value }} rule group evaluations in the last 5m. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ + printf "%.0f" $value }} rule group evaluations in the last 5m. summary: Prometheus is missing rule evaluations due to slow rule group evaluation. expr: | increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -1948,8 +2058,11 @@ spec: severity: warning - alert: PrometheusTargetLimitHit annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because the number of targets exceeded the configured target_limit. - summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped + {{ printf "%.0f" $value }} targets because the number of targets exceeded + the configured target_limit. + summary: Prometheus has dropped targets because some scrape configs have exceeded + the targets limit. expr: | increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 for: 15m @@ -1971,7 +2084,8 @@ spec: severity: critical - alert: AlertmanagerFailedReload annotations: - message: Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod}}. + message: Reloading Alertmanager's configuration has failed for {{ $labels.namespace + }}/{{ $labels.pod}}. expr: | alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"} == 0 for: 10m @@ -1991,8 +2105,10 @@ spec: rules: - alert: TargetDown annotations: - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' - expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 + message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service + }} targets in {{ $labels.namespace }} namespace are down.' + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, + namespace, service)) > 10 for: 10m labels: severity: warning @@ -2011,7 +2127,8 @@ spec: rules: - alert: NodeNetworkInterfaceFlapping annotations: - message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" + message: Network interface "{{ $labels.device }}" changing it's up status + often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 for: 2m diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index 9c923d54..d41e7b48 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -17,13 +17,18 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager. + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to + be aggregated across multiple namespaces configuring one Alertmanager. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -78,13 +83,17 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -108,50 +117,69 @@ spec: httpConfig: properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate + over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a Secret. + description: SecretKeySelector selects a key of a + Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -159,71 +187,98 @@ spec: proxyURL: type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration parameters. + description: SafeTLSConfig specifies safe TLS configuration + parameters. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to + use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use + for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert + file for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to + use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use + for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -233,22 +288,29 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key + file for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object serverName: - description: Used to verify the hostname for the targets. + description: Used to verify the hostname for the + targets. type: string type: object type: object @@ -309,50 +371,69 @@ spec: httpConfig: properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate + over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a Secret. + description: SecretKeySelector selects a key of a + Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -360,71 +441,98 @@ spec: proxyURL: type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration parameters. + description: SafeTLSConfig specifies safe TLS configuration + parameters. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to + use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use + for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert + file for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to + use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use + for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -434,22 +542,29 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key + file for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object serverName: - description: Used to verify the hostname for the targets. + description: Used to verify the hostname for the + targets. type: string type: object type: object @@ -457,13 +572,17 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -474,13 +593,17 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -497,50 +620,69 @@ spec: httpConfig: properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate + over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor + namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor + namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a Secret. + description: SecretKeySelector selects a key of a + Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -548,71 +690,98 @@ spec: proxyURL: type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration parameters. + description: SafeTLSConfig specifies safe TLS configuration + parameters. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to + use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use + for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert + file for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to + use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use + for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to + select from. Must be a valid secret + key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - key @@ -622,22 +791,29 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key + file for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object serverName: - description: Used to verify the hostname for the targets. + description: Used to verify the hostname for the + targets. type: string type: object type: object @@ -652,13 +828,17 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key diff --git a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index e567a350..88ac7b99 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -32,18 +32,24 @@ spec: description: Alertmanager describes an Alertmanager cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: 'Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalPeers: - description: AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + description: AdditionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. items: type: string type: array @@ -51,29 +57,59 @@ spec: description: If specified, the pod's scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the pod. + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). properties: preference: - description: A node selector term, associated with the corresponding weight. + description: A node selector term, associated with the + corresponding weight. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -83,18 +119,33 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -105,7 +156,8 @@ spec: type: array type: object weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -114,26 +166,50 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. + description: Required. A list of node selector terms. + The terms are ORed. items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -143,18 +219,33 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -170,32 +261,61 @@ spec: type: object type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that + the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -207,22 +327,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -231,26 +365,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -262,16 +422,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -279,32 +452,62 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that + the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -316,22 +519,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -340,26 +557,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -371,16 +614,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -389,21 +645,32 @@ spec: type: object type: object alertmanagerConfigNamespaceSelector: - description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + description: Namespaces to be selected for AlertmanagerConfig discovery. + If nil, only check own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -415,25 +682,40 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object alertmanagerConfigSelector: - description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. + description: AlertmanagerConfigs to be selected for to merge and configure + Alertmanager with. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -445,51 +727,96 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object baseImage: - description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' + description: 'Base image that is used to deploy pods, without tag. + Deprecated: use ''image'' instead' type: string clusterAdvertiseAddress: - description: 'ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918' + description: 'ClusterAdvertiseAddress is the explicit address to advertise + in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918' type: string configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. items: type: string type: array configSecret: - description: ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. type: string containers: - description: 'Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. Containers described here modify an operator generated container + if they share the same name and modifications are done via a strategic + merge patch. The current container names are: `alertmanager` and + `config-reloader`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run within a pod. + description: A single application container that you want to run + within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. Cannot be updated. + description: List of environment variables to set in the container. + Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -498,34 +825,49 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -534,16 +876,22 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -554,28 +902,41 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap must be + defined type: boolean type: object prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: description: Specify whether the Secret must be defined @@ -584,22 +945,41 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -608,12 +988,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -633,38 +1017,66 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -673,12 +1085,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -698,25 +1114,33 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -724,31 +1148,47 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -768,101 +1208,150 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port in a + single container. properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -882,158 +1371,256 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root + filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies + to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies + to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies + to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies + to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1053,71 +1640,117 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices to be + used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1125,27 +1758,40 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1153,59 +1799,107 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array externalUrl: - description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. type: string forceEnableClusterMode: - description: ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + description: ForceEnableClusterMode ensures Alertmanager does not + deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes + clusters with a single replica in each. type: boolean image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Alertmanager + is being configured. type: string imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any + time without notice.' items: - description: A single application container that you want to run within a pod. + description: A single application container that you want to run + within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. Cannot be updated. + description: List of environment variables to set in the container. + Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1214,34 +1908,49 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -1250,16 +1959,22 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -1270,28 +1985,41 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap must be + defined type: boolean type: object prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: description: Specify whether the Secret must be defined @@ -1300,22 +2028,41 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -1324,12 +2071,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1349,38 +2100,66 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -1389,12 +2168,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1414,25 +2197,33 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1440,31 +2231,47 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1484,101 +2291,150 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port in a + single container. properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1598,158 +2454,256 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root + filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies + to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies + to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies + to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies + to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1769,71 +2723,117 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices to be + used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1841,27 +2841,40 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1869,14 +2882,18 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. type: boolean logFormat: description: Log format for Alertmanager to be configured with. @@ -1890,33 +2907,48 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object paused: - description: If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions. + description: If set to true all actions on the underlaying managed + objects are not goint to be performed, except for delete actions. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This defaults to web + description: Port name used for the pods and governing service. This + defaults to web type: string priorityClassName: description: Priority class assigned to the Pods type: string replicas: - description: Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. format: int32 type: integer resources: @@ -1925,70 +2957,121 @@ spec: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object retention: - description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). type: string routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + description: The route prefix Alertmanager registers HTTP handlers + for. This is useful, if using ExternalURL and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, + but the server serves requests under a different route prefix. For + example for use with `kubectl proxy`. type: string secrets: - description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + description: Secrets is a list of Secrets in the same namespace as + the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified defaults to "Always".' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies to + the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies to + the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies to + the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies to + the container. type: string type: object supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. items: description: Sysctl defines a kernel parameter to be set properties: @@ -2004,80 +3087,148 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. type: string sha: - description: 'SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + description: 'SHA of Alertmanager container image to be deployed. + Defaults to the value of `version`. Similar to a tag, but the SHA + explicitly deploys an immutable container image. Version and Tag + are ignored if SHA is set. Deprecated: use ''image'' instead. The + image digest can be specified as part of the image URL.' type: string storage: - description: Storage is the definition of how storage will be used by the Alertmanager instances. + description: Storage is the definition of how storage will be used + by the Alertmanager instances. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be disabled by default + in a future release, this option will become unnecessary. DisableMountSubPath + allows to remove any subPath usage in volume mounts.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot + - Beta) * An existing PVC (PersistentVolumeClaim) * + An existing custom resource/object that implements data + population (Alpha) In order to use VolumeSnapshot object + types, the appropriate feature gate must be enabled + (VolumeSnapshotDataSource or AnyVolumeDataSource) If + the provisioner or an external controller can support + the specified data source, it will create a new volume + based on the contents of the specified data source. + If the specified data source is not supported, the volume + will not be created and the failure will be reported + as an event. In the future, we plan to support more + data source types and the behavior of the provisioner + may change.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -2090,35 +3241,53 @@ spec: - name type: object resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object selector: - description: A label query over volumes to consider for binding. + description: A label query over volumes to consider for + binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -2130,55 +3299,76 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'Name of the StorageClass required by the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array capacity: additionalProperties: type: string - description: Represents the actual resources of the underlying volume. + description: Represents the actual resources of the underlying + volume. type: object conditions: - description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails details about state of pvc + description: PersistentVolumeClaimCondition contails + details about state of pvc properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned + from one status to another. format: date-time type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details + about last transition. type: string reason: - description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is + being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -2192,52 +3382,85 @@ spec: type: object type: object tag: - description: 'Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + description: 'Tag of Alertmanager container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag is + set. Deprecated: use ''image'' instead. The image tag can be specified + as part of the image URL.' type: string tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: description: If specified, the pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array @@ -2249,18 +3472,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object maxSkew: - description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology domains + of a given topology type. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 + to become 1/1/1; scheduling it onto zone1(zone2) would make + the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any zone. + It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In + other words, the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -2272,27 +3525,41 @@ spec: description: Version the cluster should be on. type: string volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume within + a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume should + be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -2300,31 +3567,50 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' @@ -2336,26 +3622,35 @@ spec: description: The URI the data disk in the blob storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage Account Name and Key + description: the name of secret that contains Azure Storage + Account Name and Key type: string shareName: description: Share Name @@ -2365,66 +3660,99 @@ spec: - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Required: Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate this volume + description: ConfigMap represents a configMap that should populate + this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -2432,11 +3760,19 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. type: string required: - key @@ -2444,78 +3780,121 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must be defined + description: Specify whether the ConfigMap or its keys must + be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). properties: driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to + the associated CSI driver which will determine the default + filesystem to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + description: NodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + description: Specifies a read-only configuration for the + volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object required: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume + description: DownwardAPI represents downward API about the pod + that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -2529,27 +3908,44 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'EmptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for + this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + description: FC represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' @@ -2557,19 +3953,26 @@ spec: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for this volume. + description: Driver is the name of the driver to use for + this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. type: string options: additionalProperties: @@ -2577,52 +3980,85 @@ spec: description: 'Optional: Extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the + plugin scripts. This may be empty if no secret object + is specified. If the secret object contains more than + one secret, all secrets are passed to the plugin scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + description: Flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset + description: UUID of the dataset. This is unique identifier + of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + description: Target directory name. Must not contain or + start with '..'. If '.' is supplied, the volume directory + will be the git repository. Otherwise, if specified, + the volume will contain the git repository in the subdirectory + with the given name. type: string repository: description: Repository URL @@ -2634,35 +4070,51 @@ spec: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: 'Glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication @@ -2671,38 +4123,55 @@ spec: description: whether support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator authentication + description: CHAP Secret for iSCSI target and initiator + authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -2710,56 +4179,76 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'ReadOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'PersistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. + description: Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent disk + description: ID that identifies Photon Controller persistent + disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume @@ -2768,34 +4257,62 @@ spec: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, and downward API + description: Items for all in one resources secrets, configmaps, + and downward API properties: defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set. format: int32 type: integer sources: description: list of volume projections items: - description: Projection that may be projected along with other supported volume types + description: Projection that may be projected along with + other supported volume types properties: configMap: - description: information about the configMap data to project + description: information about the configMap data + to project properties: items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. type: string required: - key @@ -2803,50 +4320,81 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must be defined + description: Specify whether the ConfigMap or + its keys must be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI data to project + description: information about the downwardAPI data + to project properties: items: - description: Items is a list of DownwardAPIVolume file + description: Items is a list of DownwardAPIVolume + file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format + of the exposed resources, defaults + to "1" type: string resource: - description: 'Required: resource to select' + description: 'Required: resource to + select' type: string required: - resource @@ -2857,22 +4405,43 @@ spec: type: array type: object secret: - description: information about the secret data to project + description: information about the secret data to + project properties: items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. type: string required: - key @@ -2880,24 +4449,44 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken data to project + description: information about the serviceAccountToken + data to project properties: audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + description: Audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: Path is the path relative to the mount point of the file to project the token into. + description: Path is the path relative to the + mount point of the file to project the token + into. type: string required: - path @@ -2908,103 +4497,143 @@ spec: - sources type: object quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no group + description: Group to map volume access to Default is no + group type: string readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. type: boolean registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount user + description: User to map volume access to Defaults to serivceaccount + user type: string volume: - description: Volume is a string that references an already created Quobyte volume by name. + description: Volume is a string that references an already + created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. + description: The name of the ScaleIO Protection Domain for + the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false + description: Flag to enable/disable SSL communication with + Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. + description: The ScaleIO Storage Pool associated with the + protection domain. type: string system: - description: The name of the storage system as configured in ScaleIO. + description: The name of the storage system as configured + in ScaleIO. type: string volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + description: The name of a volume already created in the + ScaleIO system that is associated with this volume source. type: string required: - gateway @@ -3012,14 +4641,28 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair in the + Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -3027,11 +4670,19 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. type: string required: - key @@ -3039,46 +4690,69 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must be defined + description: Specify whether the Secret or its keys must + be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + description: VolumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. + description: Storage Policy Based Management (SPBM) profile + name. type: string volumePath: description: Path that identifies vSphere volume vmdk @@ -3092,25 +4766,32 @@ spec: type: array type: object status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the Alertmanager cluster. + Read-only. Not included when requesting from the apiserver, only from + the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. format: int32 type: integer paused: - description: Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). + description: Total number of non-terminated pods targeted by this + Alertmanager cluster (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager cluster. + description: Total number of unavailable pods targeted by this Alertmanager + cluster. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. + description: Total number of non-terminated pods targeted by this + Alertmanager cluster that have the desired version spec. format: int32 type: integer required: diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 50096e73..fba2956f 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -20,24 +20,31 @@ spec: description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Pod selection for target discovery by Prometheus. + description: Specification of desired Pod selection for target discovery + by Prometheus. properties: jobLabel: description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Endpoints objects are discovered from. + description: Selector to select which namespaces the Endpoints objects + are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names. @@ -48,94 +55,126 @@ spec: podMetricsEndpoints: description: A list of endpoints allowed as part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. + description: PodMetricsEndpoint defines a scrapeable endpoint of + a Kubernetes Pod serving Prometheus metrics. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor namespace + that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor namespace + that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + pod monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object honorLabels: - description: HonorLabels chooses the metric's labels on collisions with target labels. + description: HonorLabels chooses the metric's labels on collisions + with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. type: boolean interval: description: Interval at which metrics should be scraped type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. + description: MetricRelabelConfigs to apply to samples before + ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. Default is 'replace' + description: Action to perform based on regex matching. + Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source label values. + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array @@ -150,39 +189,56 @@ spec: description: HTTP path to scrape for metrics. type: string port: - description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. Default is 'replace' + description: Action to perform based on regex matching. + Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source label values. + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array @@ -202,19 +258,24 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -223,32 +284,41 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file for + the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -257,13 +327,17 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -273,16 +347,20 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -294,30 +372,42 @@ spec: type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. format: int64 type: integer selector: description: Selector to select Pod objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -329,11 +419,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object targetLimit: - description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. format: int64 type: integer required: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 691b1e9f..47d871ac 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -20,27 +20,37 @@ spec: description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Ingress selection for target discovery by Prometheus. + description: Specification of desired Ingress selection for target discovery + by Prometheus. properties: interval: - description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + description: Interval at which targets are probed using the configured + prober. If not specified Prometheus' global scrape interval is used. type: string jobName: description: The job name assigned to scraped metrics by default. type: string module: - description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + description: 'The module to use for probing specifying how to probe + the target. Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string prober: - description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. + description: Specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if + left empty. properties: path: description: Path to collect metrics from. Defaults to `/probe`. @@ -58,16 +68,19 @@ spec: description: Timeout for scraping metrics from the Prometheus exporter. type: string targets: - description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. + description: Targets defines a set of static and/or dynamically discovered + targets to be probed using the prober. properties: ingress: - description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. + description: Ingress defines the set of dynamically discovered + ingress objects which hosts are considered for probing. properties: namespaceSelector: description: Select Ingress objects by namespace. properties: any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + description: Boolean describing whether all namespaces + are selected in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names. @@ -76,33 +89,48 @@ spec: type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. Default is 'replace' + description: Action to perform based on regex matching. + Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source label values. + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array @@ -110,18 +138,29 @@ spec: description: Select Ingress objects by labels. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. items: type: string type: array @@ -133,20 +172,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: object staticConfig: - description: 'StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + description: 'StaticConfig defines static targets which are considers + for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string - description: Labels assigned to all metrics scraped from the targets. + description: Labels assigned to all metrics scraped from the + targets. type: object static: - description: Targets is a list of URLs to probe using the configured prober. + description: Targets is a list of URLs to probe using the + configured prober. items: type: string type: array diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index eb40f0fc..45de1c2b 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -32,24 +32,41 @@ spec: description: Prometheus defines a Prometheus deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Specification of the desired behavior of the Prometheus + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalAlertManagerConfigs: - description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible AlertManager + configs are going to break Prometheus after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -58,13 +75,25 @@ spec: - key type: object additionalAlertRelabelConfigs: - description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -73,13 +102,25 @@ spec: - key type: object additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.' + description: 'AdditionalScrapeConfigs allows specifying a key of a + Secret containing additional Prometheus scrape configurations. Scrape + configurations specified are appended to the configurations generated + by the Prometheus Operator. Job configurations specified must have + the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are + going to break Prometheus after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -91,29 +132,59 @@ spec: description: If specified, the pod's scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the pod. + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). properties: preference: - description: A node selector term, associated with the corresponding weight. + description: A node selector term, associated with the + corresponding weight. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -123,18 +194,33 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -145,7 +231,8 @@ spec: type: array type: object weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -154,26 +241,50 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. + description: Required. A list of node selector terms. + The terms are ORed. items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -183,18 +294,33 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -210,32 +336,61 @@ spec: type: object type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that + the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -247,22 +402,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -271,26 +440,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -302,16 +497,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -319,32 +527,62 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that + the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -356,22 +594,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -380,26 +632,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -411,16 +689,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -432,15 +723,20 @@ spec: description: Define details regarding alerting. properties: alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts against. + description: AlertmanagerEndpoints Prometheus should fire alerts + against. items: - description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. + description: AlertmanagerEndpoints defines a selection of a + single Endpoints object containing alertmanager IPs to fire + alerts against. properties: apiVersion: - description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". type: string bearerTokenFile: - description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. + description: BearerTokenFile to read from filesystem to + use when authenticating to Alertmanager. type: string name: description: Name of Endpoints object in Namespace. @@ -449,7 +745,8 @@ spec: description: Namespace of Endpoints object. type: string pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. + description: Prefix for the HTTP path alerts are pushed + to. type: string port: anyOf: @@ -461,102 +758,135 @@ spec: description: Scheme to use when firing alerts. type: string timeout: - description: Timeout is a per-target Alertmanager timeout when pushing alerts. + description: Timeout is a per-target Alertmanager timeout + when pushing alerts. type: string tlsConfig: description: TLS Config to use for alertmanager connection. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for + the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for + the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file + for the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for + the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the targets. + description: Secret containing data to use for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for + the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key @@ -575,40 +905,54 @@ spec: - alertmanagers type: object allowOverlappingBlocks: - description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. + description: AllowOverlappingBlocks enables vertical compaction and + vertical query merge in Prometheus. This is still experimental in + Prometheus so it may change in any upcoming release. type: boolean apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run + inside of the cluster and will discover API servers automatically + and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. properties: basicAuth: - description: BasicAuth allow an endpoint to authenticate over basic authentication + description: BasicAuth allow an endpoint to authenticate over + basic authentication properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor namespace that + contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor namespace that + contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -621,25 +965,31 @@ spec: description: File to read bearer token for accessing apiserver. type: string host: - description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number + description: Host of apiserver. A valid string consisting of a + hostname or IP followed by an optional port number type: string tlsConfig: description: TLS Config to use for accessing apiserver. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -648,35 +998,45 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -685,38 +1045,48 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -729,47 +1099,87 @@ spec: - host type: object arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. properties: deny: type: boolean type: object baseImage: - description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' + description: 'Base image to use for a Prometheus deployment. Deprecated: + use ''image'' instead' type: string configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. items: type: string type: array containers: - description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to a Prometheus pod or to change + the behavior of an operator generated container. Containers described + here modify an operator generated container if they share the same + name and modifications are done via a strategic merge patch. The + current container names are: `prometheus`, `config-reloader`, and + `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run within a pod. + description: A single application container that you want to run + within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. Cannot be updated. + description: List of environment variables to set in the container. + Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -778,34 +1188,49 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -814,16 +1239,22 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -834,28 +1265,41 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap must be + defined type: boolean type: object prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: description: Specify whether the Secret must be defined @@ -864,22 +1308,41 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -888,12 +1351,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -913,38 +1380,66 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -953,12 +1448,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -978,25 +1477,33 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1004,31 +1511,47 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1048,101 +1571,150 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port in a + single container. properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1162,158 +1734,256 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root + filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies + to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies + to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies + to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies + to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1333,71 +2003,117 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices to be + used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1405,27 +2121,40 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1433,7 +2162,9 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name @@ -1443,17 +2174,35 @@ spec: description: Disable prometheus compaction. type: boolean enableAdminAPI: - description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + description: 'Enable access to prometheus web admin API. Defaults + to the value of `false`. WARNING: Enabling the admin APIs enables + mutating endpoints, to delete data, shutdown Prometheus, and more. + Enabling this should be done with care and the user is advised to + add additional authentication authorization via a proxy to ensure + only clients authorized to perform these actions can do so. For + more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' type: boolean enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + description: EnforcedSampleLimit defines global limit on number of + scraped samples that will be accepted. This overrides any SampleLimit + set per ServiceMonitor or/and PodMonitor. It is meant to be used + by admins to enforce the SampleLimit to keep overall number of samples/series + under the desired limit. Note that if SampleLimit is lower that + value will be taken instead. format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. + description: EnforcedTargetLimit defines a global limit on the number + of scraped targets. This overrides any TargetLimit set per ServiceMonitor + or/and PodMonitor. It is meant to be used by admins to enforce the + TargetLimit to keep overall number of targets under the desired + limit. Note that if TargetLimit is higher that value will be taken + instead. format: int64 type: integer evaluationInterval: @@ -1462,55 +2211,102 @@ spec: externalLabels: additionalProperties: type: string - description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). type: object externalUrl: - description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. type: string ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. type: boolean image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Prometheus + is being configured. type: string imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any + time without notice.' items: - description: A single application container that you want to run within a pod. + description: A single application container that you want to run + within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. Cannot be updated. + description: List of environment variables to set in the container. + Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1519,34 +2315,49 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -1555,16 +2366,22 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -1575,28 +2392,41 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap must be + defined type: boolean type: object prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: description: Specify whether the Secret must be defined @@ -1605,22 +2435,41 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -1629,12 +2478,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1654,38 +2507,66 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -1694,12 +2575,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1719,25 +2604,33 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1745,31 +2638,47 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1789,101 +2698,150 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port in a + single container. properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1903,158 +2861,256 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root + filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies + to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies + to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies + to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies + to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -2074,71 +3130,117 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices to be + used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -2146,27 +3248,40 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -2174,14 +3289,17 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. type: boolean logFormat: description: Log format for Prometheus to be configured with. @@ -2195,47 +3313,73 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object overrideHonorLabels: - description: OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. + description: OverrideHonorLabels if set to true overrides all user + configured honor_labels. If HonorLabels is set in ServiceMonitor + or PodMonitor to true, this overrides honor_labels to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. type: boolean paused: - description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object podMonitorNamespaceSelector: - description: Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace. + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2247,25 +3391,41 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object podMonitorSelector: - description: '*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.' + description: '*Experimental* PodMonitors to be selected for target + discovery. *Deprecated:* if neither this nor serviceMonitorSelector + are specified, configuration is unmanaged.' properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2277,31 +3437,47 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object portName: - description: Port name used for the pods and governing service. This defaults to web + description: Port name used for the pods and governing service. This + defaults to web type: string priorityClassName: description: Priority class assigned to the Pods type: string probeNamespaceSelector: - description: '*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.' + description: '*Experimental* Namespaces to be selected for Probe discovery. + If nil, only check own namespace.' properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2313,25 +3489,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object probeSelector: description: '*Experimental* Probes to be selected for target discovery.' properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2343,16 +3533,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object prometheusExternalLabelName: - description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). type: string prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + description: PrometheusRulesExcludedFromEnforce - list of prometheus + rules to be excluded from enforcing of adding namespace labels. + Works only if enforcedNamespaceLabel set to true. Make sure both + ruleNamespace and ruleName are set for each pair items: - description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + description: PrometheusRuleExcludeConfig enables users to configure + excluded PrometheusRule names and their namespaces to be ignored + while enforcing namespace label for alerts and metrics. properties: ruleName: description: RuleNamespace - name of excluded rule @@ -2366,17 +3567,22 @@ spec: type: object type: array query: - description: QuerySpec defines the query command line flags when starting Prometheus. + description: QuerySpec defines the query command line flags when starting + Prometheus. properties: lookbackDelta: - description: The delta difference allowed for retrieving metrics during expression evaluations. + description: The delta difference allowed for retrieving metrics + during expression evaluations. type: string maxConcurrency: description: Number of concurrent queries that can be run at once. format: int32 type: integer maxSamples: - description: Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. + description: Maximum number of samples a single query can load + into memory. Note that queries will fail if they would load + more samples than this into memory, so this also limits the + number of samples a query can return. format: int32 type: integer timeout: @@ -2384,42 +3590,58 @@ spec: type: string type: object queryLogFile: - description: QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + description: QueryLogFile specifies the file to which PromQL queries + are logged. Note that this location must be writable, and can be + persisted using an attached volume. Alternatively, the location + can be set to a stdout location such as `/dev/stdout` to log querie + information to the default Prometheus log stream. This is only available + in versions of Prometheus >= 2.16.0. For more details, see the Prometheus + docs (https://prometheus.io/docs/guides/query-log/) type: string remoteRead: - description: If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. items: - description: RemoteReadSpec defines the remote_read configuration for prometheus. + description: RemoteReadSpec defines the remote_read configuration + for prometheus. properties: basicAuth: description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor namespace + that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor namespace + that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -2432,13 +3654,17 @@ spec: description: File to read bearer token for remote read. type: string name: - description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. + description: The name of the remote read queue, must be unique + if specified. The name is used in metrics and logging in order + to differentiate read configurations. Only valid in Prometheus + versions 2.15.0 and newer. type: string proxyUrl: description: Optional ProxyURL type: string readRecent: - description: Whether reads should be made for queries for time ranges that the local storage should have complete data for. + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. type: boolean remoteTimeout: description: Timeout for requests to the remote read endpoint. @@ -2446,25 +3672,31 @@ spec: requiredMatchers: additionalProperties: type: string - description: An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. type: object tlsConfig: description: TLS Config to use for remote read. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -2473,35 +3705,45 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file for + the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -2510,38 +3752,48 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -2558,39 +3810,49 @@ spec: type: object type: array remoteWrite: - description: If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. items: - description: RemoteWriteSpec defines the remote_write configuration for prometheus. + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. properties: basicAuth: description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor namespace + that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor namespace + that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -2603,37 +3865,48 @@ spec: description: File to read bearer token for remote write. type: string name: - description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. + description: The name of the remote write queue, must be unique + if specified. The name is used in metrics and logging in order + to differentiate queues. Only valid in Prometheus versions + 2.15.0 and newer. type: string proxyUrl: description: Optional ProxyURL type: string queueConfig: - description: QueueConfig allows tuning of the remote write queue parameters. + description: QueueConfig allows tuning of the remote write queue + parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample will wait in buffer. + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. type: string capacity: - description: Capacity is the number of samples to buffer per shard before we start dropping them. + description: Capacity is the number of samples to buffer + per shard before we start dropping them. type: integer maxBackoff: description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times to retry a batch on recoverable errors. + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples per send. + description: MaxSamplesPerSend is the maximum number of + samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, i.e. amount of concurrency. + description: MaxShards is the maximum number of shards, + i.e. amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled for every retry. + description: MinBackoff is the initial retry delay. Gets + doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, i.e. amount of concurrency. + description: MinShards is the minimum number of shards, + i.e. amount of concurrency. type: integer type: object remoteTimeout: @@ -2643,19 +3916,24 @@ spec: description: TLS Config to use for remote write. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -2664,35 +3942,45 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file for + the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -2701,38 +3989,48 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -2747,31 +4045,45 @@ spec: writeRelabelConfigs: description: The list of remote write relabel configurations. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. Default is 'replace' + description: Action to perform based on regex matching. + Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source label values. + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array @@ -2780,7 +4092,9 @@ spec: type: object type: array replicaExternalLabelName: - description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). type: string replicas: description: Number of instances to deploy for a Prometheus deployment. @@ -2792,39 +4106,61 @@ spec: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object retention: - description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). type: string retentionSize: description: Maximum amount of disk space used by blocks. type: string routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. type: string ruleNamespaceSelector: - description: Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object + is in is used. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2836,25 +4172,44 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object ruleSelector: - description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. + description: A selector to select which PrometheusRules to mount for + loading alerting/recording rules from. Until (excluding) Prometheus + Operator v0.24.0 Prometheus Operator will migrate any legacy rule + ConfigMaps to PrometheusRule custom resources selected by RuleSelector. + Make sure it does not match any config maps that you do not want + to be migrated. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2866,7 +4221,11 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object rules: @@ -2876,13 +4235,17 @@ spec: description: /--rules.alert.*/ command-line arguments properties: forGracePeriod: - description: Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. type: string forOutageTolerance: - description: Max time to tolerate prometheus outage for restoring 'for' state of alert. + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. type: string resendDelay: - description: Minimum amount of time to wait before resending an alert to Alertmanager. + description: Minimum amount of time to wait before resending + an alert to Alertmanager. type: string type: object type: object @@ -2890,58 +4253,100 @@ spec: description: Interval between consecutive scrapes. type: string scrapeTimeout: - description: Number of seconds to wait for target to respond before erroring. + description: Number of seconds to wait for target to respond before + erroring. type: string secrets: - description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. + description: Secrets is a list of Secrets in the same namespace as + the Prometheus object, which shall be mounted into the Prometheus + Pods. The Secrets are mounted into /etc/prometheus/secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified defaults to "Always".' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies to + the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies to + the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies to + the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies to + the container. type: string type: object supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. items: description: Sysctl defines a kernel parameter to be set properties: @@ -2957,38 +4362,61 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. type: string serviceMonitorNamespaceSelector: - description: Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3000,25 +4428,41 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object serviceMonitorSelector: - description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. + description: ServiceMonitors to be selected for target discovery. + *Deprecated:* if neither this nor podMonitorSelector are specified, + configuration is unmanaged. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3030,67 +4474,126 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object sha: - description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + description: 'SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. Deprecated: use ''image'' instead. The image digest + can be specified as part of the image URL.' type: string storage: description: Storage spec to specify how storage shall be used. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be disabled by default + in a future release, this option will become unnecessary. DisableMountSubPath + allows to remove any subPath usage in volume mounts.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot + - Beta) * An existing PVC (PersistentVolumeClaim) * + An existing custom resource/object that implements data + population (Alpha) In order to use VolumeSnapshot object + types, the appropriate feature gate must be enabled + (VolumeSnapshotDataSource or AnyVolumeDataSource) If + the provisioner or an external controller can support + the specified data source, it will create a new volume + based on the contents of the specified data source. + If the specified data source is not supported, the volume + will not be created and the failure will be reported + as an event. In the future, we plan to support more + data source types and the behavior of the provisioner + may change.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -3103,35 +4606,53 @@ spec: - name type: object resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object selector: - description: A label query over volumes to consider for binding. + description: A label query over volumes to consider for + binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -3143,55 +4664,76 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'Name of the StorageClass required by the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array capacity: additionalProperties: type: string - description: Represents the actual resources of the underlying volume. + description: Represents the actual resources of the underlying + volume. type: object conditions: - description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails details about state of pvc + description: PersistentVolumeClaimCondition contails + details about state of pvc properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned + from one status to another. format: date-time type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details + about last transition. type: string reason: - description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is + being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -3205,31 +4747,47 @@ spec: type: object type: object tag: - description: 'Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + description: 'Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. Deprecated: + use ''image'' instead. The image tag can be specified as part of + the image URL.' type: string thanos: - description: "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section + is experimental, it may change significantly without deprecation + notice in any release. \n This is experimental and may change significantly + without backward compatibility in any release." properties: baseImage: - description: 'Thanos base image if other than default. Deprecated: use ''image'' instead' + description: 'Thanos base image if other than default. Deprecated: + use ''image'' instead' type: string grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. + Maps to the ''--grpc-server-tls-*'' CLI args.' properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -3238,35 +4796,45 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -3275,38 +4843,48 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -3316,10 +4894,14 @@ spec: type: string type: object image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. + description: Image if specified has precedence over baseImage, + tag and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. type: string listenLocal: - description: ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. type: boolean logFormat: description: LogFormat for Thanos sidecar to be configured with. @@ -3328,54 +4910,79 @@ spec: description: LogLevel for Thanos sidecar to be configured with. type: string minTime: - description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. + description: MinTime for Thanos sidecar to be configured with. + Option can be a constant time in RFC3339 format or time duration + relative to current time, such as -1d or 2h45m. Valid duration + units are ms, s, m, h, d, w, y. type: string objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. + description: ObjectStorageConfig configures object storage in + Thanos. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be + a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must be + defined type: boolean required: - key type: object resources: - description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be + set properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object sha: - description: 'SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + description: 'SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. Deprecated: use ''image'' instead. The image + digest can be specified as part of the image URL.' type: string tag: - description: 'Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + description: 'Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. Deprecated: use ''image'' instead. The image tag can + be specified as part of the image URL.' type: string tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + description: TracingConfig configures tracing in Thanos. This + is an experimental feature, it may change in any upcoming release + in a breaking way. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be + a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must be + defined type: boolean required: - key @@ -3387,47 +4994,77 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: description: If specified, the pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array @@ -3439,18 +5076,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object maxSkew: - description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology domains + of a given topology type. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 + to become 1/1/1; scheduling it onto zone1(zone2) would make + the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any zone. + It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In + other words, the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -3462,27 +5129,41 @@ spec: description: Version of Prometheus to be deployed. type: string volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects. + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume within + a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume should + be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -3490,31 +5171,50 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' @@ -3526,26 +5226,35 @@ spec: description: The URI the data disk in the blob storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage Account Name and Key + description: the name of secret that contains Azure Storage + Account Name and Key type: string shareName: description: Share Name @@ -3555,66 +5264,99 @@ spec: - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Required: Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate this volume + description: ConfigMap represents a configMap that should populate + this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -3622,11 +5364,19 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. type: string required: - key @@ -3634,78 +5384,121 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must be defined + description: Specify whether the ConfigMap or its keys must + be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). properties: driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to + the associated CSI driver which will determine the default + filesystem to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + description: NodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + description: Specifies a read-only configuration for the + volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object required: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume + description: DownwardAPI represents downward API about the pod + that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -3719,27 +5512,44 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'EmptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for + this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + description: FC represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' @@ -3747,19 +5557,26 @@ spec: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for this volume. + description: Driver is the name of the driver to use for + this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. type: string options: additionalProperties: @@ -3767,52 +5584,85 @@ spec: description: 'Optional: Extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the + plugin scripts. This may be empty if no secret object + is specified. If the secret object contains more than + one secret, all secrets are passed to the plugin scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + description: Flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset + description: UUID of the dataset. This is unique identifier + of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + description: Target directory name. Must not contain or + start with '..'. If '.' is supplied, the volume directory + will be the git repository. Otherwise, if specified, + the volume will contain the git repository in the subdirectory + with the given name. type: string repository: description: Repository URL @@ -3824,35 +5674,51 @@ spec: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: 'Glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication @@ -3861,38 +5727,55 @@ spec: description: whether support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator authentication + description: CHAP Secret for iSCSI target and initiator + authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -3900,56 +5783,76 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'ReadOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'PersistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. + description: Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent disk + description: ID that identifies Photon Controller persistent + disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume @@ -3958,34 +5861,62 @@ spec: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, and downward API + description: Items for all in one resources secrets, configmaps, + and downward API properties: defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set. format: int32 type: integer sources: description: list of volume projections items: - description: Projection that may be projected along with other supported volume types + description: Projection that may be projected along with + other supported volume types properties: configMap: - description: information about the configMap data to project + description: information about the configMap data + to project properties: items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. type: string required: - key @@ -3993,50 +5924,81 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must be defined + description: Specify whether the ConfigMap or + its keys must be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI data to project + description: information about the downwardAPI data + to project properties: items: - description: Items is a list of DownwardAPIVolume file + description: Items is a list of DownwardAPIVolume + file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format + of the exposed resources, defaults + to "1" type: string resource: - description: 'Required: resource to select' + description: 'Required: resource to + select' type: string required: - resource @@ -4047,22 +6009,43 @@ spec: type: array type: object secret: - description: information about the secret data to project + description: information about the secret data to + project properties: items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. type: string required: - key @@ -4070,24 +6053,44 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken data to project + description: information about the serviceAccountToken + data to project properties: audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + description: Audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: Path is the path relative to the mount point of the file to project the token into. + description: Path is the path relative to the + mount point of the file to project the token + into. type: string required: - path @@ -4098,103 +6101,143 @@ spec: - sources type: object quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no group + description: Group to map volume access to Default is no + group type: string readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. type: boolean registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount user + description: User to map volume access to Defaults to serivceaccount + user type: string volume: - description: Volume is a string that references an already created Quobyte volume by name. + description: Volume is a string that references an already + created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. + description: The name of the ScaleIO Protection Domain for + the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false + description: Flag to enable/disable SSL communication with + Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. + description: The ScaleIO Storage Pool associated with the + protection domain. type: string system: - description: The name of the storage system as configured in ScaleIO. + description: The name of the storage system as configured + in ScaleIO. type: string volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + description: The name of a volume already created in the + ScaleIO system that is associated with this volume source. type: string required: - gateway @@ -4202,14 +6245,28 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair in the + Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -4217,11 +6274,19 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. type: string required: - key @@ -4229,46 +6294,69 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must be defined + description: Specify whether the Secret or its keys must + be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + description: VolumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. + description: Storage Policy Based Management (SPBM) profile + name. type: string volumePath: description: Path that identifies vSphere volume vmdk @@ -4281,10 +6369,12 @@ spec: type: object type: array walCompression: - description: Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. type: boolean web: - description: WebSpec defines the web command line flags when starting Prometheus. + description: WebSpec defines the web command line flags when starting + Prometheus. properties: pageTitle: description: The prometheus web page title @@ -4292,25 +6382,32 @@ spec: type: object type: object status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. format: int32 type: integer paused: - description: Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). + description: Total number of non-terminated pods targeted by this + Prometheus deployment (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus deployment. + description: Total number of unavailable pods targeted by this Prometheus + deployment. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. + description: Total number of non-terminated pods targeted by this + Prometheus deployment that have the desired version spec. format: int32 type: integer required: diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml index cf990715..6c8404f6 100644 --- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml @@ -20,10 +20,14 @@ spec: description: PrometheusRule defines alerting rules for a Prometheus instance properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -33,7 +37,10 @@ spec: groups: description: Content of Prometheus rule file items: - description: 'RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used + by ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' properties: interval: type: string diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 6d946998..8c84ec93 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -20,50 +20,65 @@ spec: description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Service selection for target discovery by Prometheus. + description: Specification of desired Service selection for target discovery + by Prometheus. properties: endpoints: description: A list of endpoints allowed as part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace that contains the password for authentication. + description: The secret in the service monitor namespace + that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that contains the username for authentication. + description: The secret in the service monitor namespace + that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -73,57 +88,79 @@ spec: description: File to read bearer token for scraping targets. type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object honorLabels: - description: HonorLabels chooses the metric's labels on collisions with target labels. + description: HonorLabels chooses the metric's labels on collisions + with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. type: boolean interval: description: Interval at which metrics should be scraped type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. + description: MetricRelabelConfigs to apply to samples before + ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. Default is 'replace' + description: Action to perform based on regex matching. + Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source label values. + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array @@ -138,39 +175,56 @@ spec: description: HTTP path to scrape for metrics. type: string port: - description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. Default is 'replace' + description: Action to perform based on regex matching. + Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source label values. + description: Modulus to take of the hash of the source + label values. format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted + value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator placed between concatenated source + label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. type: string type: object type: array @@ -184,25 +238,32 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. + description: Name or number of the target port of the Pod behind + the Service, the port must be specified with container port + property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: description: TLS configuration to use when scraping the endpoint properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -211,35 +272,45 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container + to use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Struct containing the client cert file for + the targets. properties: configMap: - description: ConfigMap containing data to use for the targets. + description: ConfigMap containing data to use for the + targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its + key must be defined type: boolean required: - key @@ -248,38 +319,48 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key + must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus + container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus + container for the targets. type: string keySecret: - description: Secret containing the client key file for the targets. + description: Secret containing the client key file for the + targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key @@ -294,10 +375,12 @@ spec: description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Endpoints objects are discovered from. + description: Selector to select which namespaces the Endpoints objects + are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names. @@ -306,30 +389,42 @@ spec: type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. format: int64 type: integer selector: description: Selector to select Endpoints objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -341,16 +436,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service onto the target. + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. format: int64 type: integer required: diff --git a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml index a6c61355..80805772 100644 --- a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml @@ -20,43 +20,78 @@ spec: description: ThanosRuler defines a ThanosRuler deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Specification of the desired behavior of the ThanosRuler + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: affinity: description: If specified, the pod's scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the pod. + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). properties: preference: - description: A node selector term, associated with the corresponding weight. + description: A node selector term, associated with the + corresponding weight. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -66,18 +101,33 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -88,7 +138,8 @@ spec: type: array type: object weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -97,26 +148,50 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. + description: Required. A list of node selector terms. + The terms are ORed. items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements by node's labels. + description: A list of node selector requirements + by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -126,18 +201,33 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements by node's fields. + description: A list of node selector requirements + by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: The label key that the selector applies to. + description: The label key that the selector + applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -153,32 +243,61 @@ spec: type: object type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that + the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -190,22 +309,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -214,26 +347,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -245,16 +404,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -262,32 +434,62 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that + the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -299,22 +501,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -323,26 +539,52 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the + selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. items: type: string type: array @@ -354,16 +596,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -372,21 +627,29 @@ spec: type: object type: object alertDropLabels: - description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. items: type: string type: array alertQueryUrl: - description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. type: string alertmanagersConfig: - description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -395,38 +658,76 @@ spec: - key type: object alertmanagersUrl: - description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.' + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. + Maps to the `alertmanagers.url` arg.' items: type: string type: array containers: - description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to a ThanosRuler pod or to change + the behavior of an operator generated container. Containers described + here modify an operator generated container if they share the same + name and modifications are done via a strategic merge patch. The + current container names are: `thanos-ruler` and `config-reloader`. + Overriding containers is entirely outside the scope of what the + maintainers will support and by doing so, you accept that this behaviour + may break at any time without notice.' items: - description: A single application container that you want to run within a pod. + description: A single application container that you want to run + within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. Cannot be updated. + description: List of environment variables to set in the container. + Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -435,34 +736,49 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -471,16 +787,22 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -491,28 +813,41 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap must be + defined type: boolean type: object prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: description: Specify whether the Secret must be defined @@ -521,22 +856,41 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -545,12 +899,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -570,38 +928,66 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -610,12 +996,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -635,25 +1025,33 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -661,31 +1059,47 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -705,101 +1119,150 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port in a + single container. properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -819,158 +1282,256 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root + filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies + to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies + to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies + to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies + to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -990,71 +1551,117 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices to be + used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1062,27 +1669,40 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1090,23 +1710,32 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. type: string evaluationInterval: description: Interval between consecutive evaluations. type: string externalPrefix: - description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. type: string grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently only + the CAFile, CertFile, and KeyFile fields are supported. Maps to + the ''--grpc-server-tls-*'' CLI args.' properties: ca: description: Struct containing the CA cert to use for the targets. @@ -1118,10 +1747,12 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key @@ -1130,20 +1761,24 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. + description: Path to the CA cert in the Prometheus container to + use for the targets. type: string cert: description: Struct containing the client cert file for the targets. @@ -1155,10 +1790,12 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or its key + must be defined type: boolean required: - key @@ -1167,38 +1804,46 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must + be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container for the targets. + description: Path to the client cert file in the Prometheus container + for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container for the targets. + description: Path to the client key file in the Prometheus container + for the targets. type: string keySecret: description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be + a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its key must be + defined type: boolean required: - key @@ -1211,43 +1856,80 @@ spec: description: Thanos container image URL. type: string imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to secrets in the same + namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any + time without notice.' items: - description: A single application container that you want to run within a pod. + description: A single application container that you want to run + within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. Cannot be updated. + description: List of environment variables to set in the container. + Cannot be updated. items: - description: EnvVar represents an environment variable present in a Container. + description: EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: Name of the environment variable. Must be + a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1256,34 +1938,49 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be defined + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -1292,16 +1989,22 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's namespace + description: Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must + be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean required: - key @@ -1312,28 +2015,41 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set of ConfigMaps + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap must be defined + description: Specify whether the ConfigMap must be + defined type: boolean type: object prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: description: Specify whether the Secret must be defined @@ -1342,22 +2058,41 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -1366,12 +2101,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1391,38 +2130,66 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should + be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. items: type: string type: array @@ -1431,12 +2198,16 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. + HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1456,25 +2227,33 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1482,31 +2261,47 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1526,101 +2321,150 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will be + accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a single container. + description: ContainerPort represents a network port in a + single container. properties: containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1640,158 +2484,256 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities type + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. + description: Whether this container has a read-only root + filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies + to the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies + to the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies + to the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies + to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. This is a beta feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be specified. Exec specifies the action to take. + description: One and only one of the following should be + specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP + allows repeated headers. items: - description: HTTPHeader describes a custom header to be used in HTTP probes + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: description: The header field name @@ -1811,71 +2753,117 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a + TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. type: boolean stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. + description: volumeDevices is the list of block devices to be + used by the container. items: - description: volumeDevice describes a mapping of a raw block device within a container. + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim in the pod + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1883,27 +2871,40 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume within a container. + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. + description: Path within the container at which the volume + should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. type: string required: - mountPath @@ -1911,7 +2912,9 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name @@ -1920,10 +2923,13 @@ spec: labels: additionalProperties: type: string - description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. type: object listenLocal: - description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. type: boolean logFormat: description: Log format for ThanosRuler to be configured with. @@ -1940,10 +2946,12 @@ spec: description: ObjectStorageConfig configures object storage in Thanos. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -1952,35 +2960,53 @@ spec: - key type: object paused: - description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. type: boolean podMetadata: - description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This defaults to web + description: Port name used for the pods and governing service. This + defaults to web type: string priorityClassName: description: Priority class assigned to the Pods type: string prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + description: PrometheusRulesExcludedFromEnforce - list of Prometheus + rules to be excluded from enforcing of adding namespace labels. + Works only if enforcedNamespaceLabel set to true. Make sure both + ruleNamespace and ruleName are set for each pair items: - description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + description: PrometheusRuleExcludeConfig enables users to configure + excluded PrometheusRule names and their namespaces to be ignored + while enforcing namespace label for alerts and metrics. properties: ruleName: description: RuleNamespace - name of excluded rule @@ -1994,13 +3020,18 @@ spec: type: object type: array queryConfig: - description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -2009,7 +3040,8 @@ spec: - key type: object queryEndpoints: - description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. + description: QueryEndpoints defines Thanos querier endpoints from + which to query metrics. Maps to the --query flag of thanos ruler. items: type: string type: array @@ -2018,41 +3050,60 @@ spec: format: int32 type: integer resources: - description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object retention: - description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). type: string routePrefix: - description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. + description: The route prefix ThanosRuler registers HTTP handlers + for. This allows thanos UI to be served on a sub-path. type: string ruleNamespaceSelector: - description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2064,25 +3115,40 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object ruleSelector: - description: A label selector to select which PrometheusRules to mount for alerting and recording. + description: A label selector to select which PrometheusRules to mount + for alerting and recording. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector applies + to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2094,54 +3160,97 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. type: object type: object securityContext: - description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified defaults to "Always".' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. properties: level: - description: Level is SELinux level label that applies to the container. + description: Level is SELinux level label that applies to + the container. type: string role: - description: Role is a SELinux role label that applies to the container. + description: Role is a SELinux role label that applies to + the container. type: string type: - description: Type is a SELinux type label that applies to the container. + description: Type is a SELinux type label that applies to + the container. type: string user: - description: User is a SELinux user label that applies to the container. + description: User is a SELinux user label that applies to + the container. type: string type: object supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. items: description: Sysctl defines a kernel parameter to be set properties: @@ -2157,77 +3266,140 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Thanos Ruler Pods. type: string storage: description: Storage spec to specify how storage shall be used. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be disabled by default + in a future release, this option will become unnecessary. DisableMountSubPath + allows to remove any subPath usage in volume mounts.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + description: 'This field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot + - Beta) * An existing PVC (PersistentVolumeClaim) * + An existing custom resource/object that implements data + population (Alpha) In order to use VolumeSnapshot object + types, the appropriate feature gate must be enabled + (VolumeSnapshotDataSource or AnyVolumeDataSource) If + the provisioner or an external controller can support + the specified data source, it will create a new volume + based on the contents of the specified data source. + If the specified data source is not supported, the volume + will not be created and the failure will be reported + as an event. In the future, we plan to support more + data source types and the behavior of the provisioner + may change.' properties: apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -2240,35 +3412,53 @@ spec: - name type: object resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object selector: - description: A label query over volumes to consider for binding. + description: A label query over volumes to consider for + binding. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -2280,55 +3470,76 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'Name of the StorageClass required by the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array capacity: additionalProperties: type: string - description: Represents the actual resources of the underlying volume. + description: Represents the actual resources of the underlying + volume. type: object conditions: - description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails details about state of pvc + description: PersistentVolumeClaimCondition contails + details about state of pvc properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned + from one status to another. format: date-time type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details + about last transition. type: string reason: - description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is + being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -2344,47 +3555,77 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: description: If specified, the pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: key: - description: key is the label key that the selector applies to. + description: key is the label key that the selector + applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array @@ -2396,18 +3637,48 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object maxSkew: - description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology domains + of a given topology type. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 + to become 1/1/1; scheduling it onto zone1(zone2) would make + the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled onto any zone. + It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In + other words, the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -2416,13 +3687,17 @@ spec: type: object type: array tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a + breaking way. properties: key: - description: The key of the secret to select from. Must be a valid secret key. + description: The key of the secret to select from. Must be a + valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -2431,31 +3706,50 @@ spec: - key type: object volumes: - description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Unique ID of the persistent disk resource + in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' @@ -2467,26 +3761,35 @@ spec: description: The URI the data disk in the blob storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage Account Name and Key + description: the name of secret that contains Azure Storage + Account Name and Key type: string shareName: description: Share Name @@ -2496,66 +3799,99 @@ spec: - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Required: Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather + than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate this volume + description: ConfigMap represents a configMap that should populate + this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair in the + Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -2563,11 +3899,19 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. type: string required: - key @@ -2575,78 +3919,121 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must be defined + description: Specify whether the ConfigMap or its keys must + be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). properties: driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to + the associated CSI driver which will determine the default + filesystem to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + description: NodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + description: Specifies a read-only configuration for the + volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object required: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume + description: DownwardAPI represents downward API about the pod + that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select in the + specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format of the + exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -2660,27 +4047,44 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'EmptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for + this EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory medium + EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + description: FC represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' @@ -2688,19 +4092,26 @@ spec: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + description: FlexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for this volume. + description: Driver is the name of the driver to use for + this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. type: string options: additionalProperties: @@ -2708,52 +4119,85 @@ spec: description: 'Optional: Extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the + plugin scripts. This may be empty if no secret object + is specified. If the secret object contains more than + one secret, all secrets are passed to the plugin scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + description: Flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset + description: UUID of the dataset. This is unique identifier + of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'The partition in the volume that you want + to mount. If omitted, the default is to mount by volume + name. Examples: For volume /dev/sda1, you specify the + partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + description: Target directory name. Must not contain or + start with '..'. If '.' is supplied, the volume directory + will be the git repository. Otherwise, if specified, + the volume will contain the git repository in the subdirectory + with the given name. type: string repository: description: Repository URL @@ -2765,35 +4209,51 @@ spec: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: 'Glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication @@ -2802,38 +4262,55 @@ spec: description: whether support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator authentication + description: CHAP Secret for iSCSI target and initiator + authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -2841,56 +4318,76 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Volume''s name. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'ReadOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'PersistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. + description: Will force the ReadOnly setting in VolumeMounts. + Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent disk + description: ID that identifies Photon Controller persistent + disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume @@ -2899,34 +4396,62 @@ spec: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, and downward API + description: Items for all in one resources secrets, configmaps, + and downward API properties: defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set. format: int32 type: integer sources: description: list of volume projections items: - description: Projection that may be projected along with other supported volume types + description: Projection that may be projected along with + other supported volume types properties: configMap: - description: information about the configMap data to project + description: information about the configMap data + to project properties: items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. type: string required: - key @@ -2934,50 +4459,81 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must be defined + description: Specify whether the ConfigMap or + its keys must be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI data to project + description: information about the downwardAPI data + to project properties: items: - description: Items is a list of DownwardAPIVolume file + description: Items is a list of DownwardAPIVolume + file items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' properties: apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". type: string fieldPath: - description: Path of the field to select in the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + description: Specifies the output format + of the exposed resources, defaults + to "1" type: string resource: - description: 'Required: resource to select' + description: 'Required: resource to + select' type: string required: - resource @@ -2988,22 +4544,43 @@ spec: type: array type: object secret: - description: information about the secret data to project + description: information about the secret data to + project properties: items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. items: - description: Maps a string key to a path within a volume. + description: Maps a string key to a path within + a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. type: string required: - key @@ -3011,24 +4588,44 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: - description: Specify whether the Secret or its key must be defined + description: Specify whether the Secret or its + key must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken data to project + description: information about the serviceAccountToken + data to project properties: audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + description: Audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: Path is the path relative to the mount point of the file to project the token into. + description: Path is the path relative to the + mount point of the file to project the token + into. type: string required: - path @@ -3039,103 +4636,143 @@ spec: - sources type: object quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + description: Quobyte represents a Quobyte mount on the host + that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no group + description: Group to map volume access to Default is no + group type: string readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + description: ReadOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. type: boolean registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount user + description: User to map volume access to Defaults to serivceaccount + user type: string volume: - description: Volume is a string that references an already created Quobyte volume by name. + description: Volume is a string that references an already + created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'A collection of Ceph monitors. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + description: ScaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. + description: The name of the ScaleIO Protection Domain for + the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false + description: Flag to enable/disable SSL communication with + Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + description: Indicates whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. Default + is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. + description: The ScaleIO Storage Pool associated with the + protection domain. type: string system: - description: The name of the storage system as configured in ScaleIO. + description: The name of the storage system as configured + in ScaleIO. type: string volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + description: The name of a volume already created in the + ScaleIO system that is associated with this volume source. type: string required: - gateway @@ -3143,14 +4780,28 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + description: If unspecified, each key-value pair in the + Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -3158,11 +4809,19 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + description: The relative path of the file to map + the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. type: string required: - key @@ -3170,46 +4829,69 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must be defined + description: Specify whether the Secret or its keys must + be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + description: VolumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. + description: Storage Policy Based Management (SPBM) profile + name. type: string volumePath: description: Path that identifies vSphere volume vmdk @@ -3223,25 +4905,32 @@ spec: type: array type: object status: - description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the ThanosRuler cluster. + Read-only. Not included when requesting from the apiserver, only from + the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. format: int32 type: integer paused: - description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). + description: Total number of non-terminated pods targeted by this + ThanosRuler deployment (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this ThanosRuler deployment. + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. + description: Total number of non-terminated pods targeted by this + ThanosRuler deployment that have the desired version spec. format: int32 type: integer required: From 6fb6cae970018e5fb704568980824493e8e26a5f Mon Sep 17 00:00:00 2001 From: Samuel Lockart Date: Wed, 2 Dec 2020 15:10:01 +1100 Subject: [PATCH 037/388] Revert "following contributer steps" This reverts commit e0358a4b26dcc334909ca27ffa10a8c7994e2770. --- go.mod | 1 - go.sum | 7 - manifests/prometheus-rules.yaml | 301 +- ...managerConfigCustomResourceDefinition.yaml | 420 +- ...0alertmanagerCustomResourceDefinition.yaml | 3049 +++---------- ...r-0podmonitorCustomResourceDefinition.yaml | 231 +- ...erator-0probeCustomResourceDefinition.yaml | 100 +- ...r-0prometheusCustomResourceDefinition.yaml | 3967 ++++------------- ...rometheusruleCustomResourceDefinition.yaml | 13 +- ...ervicemonitorCustomResourceDefinition.yaml | 247 +- ...-0thanosrulerCustomResourceDefinition.yaml | 3093 +++---------- 11 files changed, 2704 insertions(+), 8725 deletions(-) diff --git a/go.mod b/go.mod index 36b8d347..b0bfa19c 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.15 require ( github.com/Jeffail/gabs v1.4.0 - github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 // indirect github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.8.0 k8s.io/apimachinery v0.19.3 diff --git a/go.sum b/go.sum index e4e8ee5f..1fca7e54 100644 --- a/go.sum +++ b/go.sum @@ -54,7 +54,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -209,8 +208,6 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUptJtnUpai802MibFc= -github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -236,8 +233,6 @@ github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRU github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.6 h1:SrwhHcpV4nWrMGdNcC2kXpMfcBVYGDuTArqyhocJgvA= -github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -448,8 +443,6 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index ddef42e8..988ec85f 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -762,21 +762,17 @@ spec: record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - name: kube-prometheus-node-recording.rules rules: - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) - BY (instance) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) record: instance:node_cpu:rate:sum - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) record: instance:node_network_receive_bytes:rate:sum - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) record: instance:node_network_transmit_bytes:rate:sum - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) - WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) - BY (instance, cpu)) BY (instance) + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) record: instance:node_cpu:ratio - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) record: cluster:node_cpu:sum_rate5m - - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) - BY (instance, cpu)) + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) record: cluster:node_cpu:ratio - name: kube-prometheus-general.rules rules: @@ -788,9 +784,7 @@ spec: rules: - alert: KubeStateMetricsListErrors annotations: - description: kube-state-metrics is experiencing errors at an elevated rate - in list operations. This is likely causing it to not be able to expose metrics - about Kubernetes objects correctly or at all. + description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors summary: kube-state-metrics is experiencing errors in list operations. expr: | @@ -803,9 +797,7 @@ spec: severity: critical - alert: KubeStateMetricsWatchErrors annotations: - description: kube-state-metrics is experiencing errors at an elevated rate - in watch operations. This is likely causing it to not be able to expose - metrics about Kubernetes objects correctly or at all. + description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors summary: kube-state-metrics is experiencing errors in watch operations. expr: | @@ -820,9 +812,7 @@ spec: rules: - alert: NodeFilesystemSpaceFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left and is filling - up. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 24 hours. expr: | @@ -838,9 +828,7 @@ spec: severity: warning - alert: NodeFilesystemSpaceFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left and is filling - up fast. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 4 hours. expr: | @@ -856,8 +844,7 @@ spec: severity: critical - alert: NodeFilesystemAlmostOutOfSpace annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 5% space left. expr: | @@ -871,8 +858,7 @@ spec: severity: warning - alert: NodeFilesystemAlmostOutOfSpace annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available space left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 3% space left. expr: | @@ -886,9 +872,7 @@ spec: severity: critical - alert: NodeFilesystemFilesFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left and is filling - up. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 24 hours. expr: | @@ -904,9 +888,7 @@ spec: severity: warning - alert: NodeFilesystemFilesFillingUp annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left and is filling - up fast. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 4 hours. expr: | @@ -922,8 +904,7 @@ spec: severity: critical - alert: NodeFilesystemAlmostOutOfFiles annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 5% inodes left. expr: | @@ -937,8 +918,7 @@ spec: severity: warning - alert: NodeFilesystemAlmostOutOfFiles annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} - has only {{ printf "%.2f" $value }}% available inodes left. + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 3% inodes left. expr: | @@ -952,8 +932,7 @@ spec: severity: critical - alert: NodeNetworkReceiveErrs annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered - {{ printf "%.0f" $value }} receive errors in the last two minutes.' + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs summary: Network interface is reporting many receive errors. expr: | @@ -963,8 +942,7 @@ spec: severity: warning - alert: NodeNetworkTransmitErrs annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered - {{ printf "%.0f" $value }} transmit errors in the last two minutes.' + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs summary: Network interface is reporting many transmit errors. expr: | @@ -992,8 +970,7 @@ spec: severity: warning - alert: NodeClockSkewDetected annotations: - message: Clock on {{ $labels.instance }} is out of sync by more than 300s. - Ensure NTP is configured correctly on this host. + message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected summary: Clock skew detected. expr: | @@ -1013,8 +990,7 @@ spec: severity: warning - alert: NodeClockNotSynchronising annotations: - message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP - is configured on this host. + message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising summary: Clock not synchronising. expr: | @@ -1026,9 +1002,7 @@ spec: severity: warning - alert: NodeRAIDDegraded annotations: - description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is - in degraded state due to one or more disks failures. Number of spare drives - is insufficient to fix issue automatically. + description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded summary: RAID Array is degraded expr: | @@ -1038,8 +1012,7 @@ spec: severity: critical - alert: NodeRAIDDiskFailure annotations: - description: At least one device in RAID array on {{ $labels.instance }} failed. - Array '{{ $labels.device }}' needs attention and possibly a disk swap. + description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure summary: Failed device in RAID array expr: | @@ -1050,8 +1023,7 @@ spec: rules: - alert: PrometheusOperatorListErrors annotations: - description: Errors while performing List operations in controller {{$labels.controller}} - in {{$labels.namespace}} namespace. + description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors summary: Errors while performing list operations in controller. expr: | @@ -1061,8 +1033,7 @@ spec: severity: warning - alert: PrometheusOperatorWatchErrors annotations: - description: Errors while performing watch operations in controller {{$labels.controller}} - in {{$labels.namespace}} namespace. + description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors summary: Errors while performing watch operations in controller. expr: | @@ -1072,8 +1043,7 @@ spec: severity: warning - alert: PrometheusOperatorSyncFailed annotations: - description: Controller {{ $labels.controller }} in {{ $labels.namespace }} - namespace fails to reconcile {{ $value }} objects. + description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed summary: Last controller reconciliation failed expr: | @@ -1083,9 +1053,7 @@ spec: severity: warning - alert: PrometheusOperatorReconcileErrors annotations: - description: '{{ $value | humanizePercentage }} of reconciling operations - failed for {{ $labels.controller }} controller in {{ $labels.namespace }} - namespace.' + description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors summary: Errors while reconciling controller. expr: | @@ -1095,8 +1063,7 @@ spec: severity: warning - alert: PrometheusOperatorNodeLookupErrors annotations: - description: Errors while reconciling Prometheus in {{ $labels.namespace }} - Namespace. + description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors summary: Errors while reconciling Prometheus. expr: | @@ -1106,8 +1073,7 @@ spec: severity: warning - alert: PrometheusOperatorNotReady annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace isn't - ready to reconcile {{ $labels.controller }} resources. + description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready summary: Prometheus operator not ready expr: | @@ -1117,9 +1083,7 @@ spec: severity: warning - alert: PrometheusOperatorRejectedResources annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace rejected - {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource - }} resources. + description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources summary: Resources rejected by Prometheus operator expr: | @@ -1131,8 +1095,7 @@ spec: rules: - alert: KubePodCrashLooping annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container - }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping summary: Pod is crash looping. expr: | @@ -1142,8 +1105,7 @@ spec: severity: warning - alert: KubePodNotReady annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready - state for longer than 15 minutes. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready summary: Pod has been in a non-ready state for more than 15 minutes. expr: | @@ -1159,9 +1121,7 @@ spec: severity: warning - alert: KubeDeploymentGenerationMismatch annotations: - description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment - }} does not match, this indicates that the Deployment has failed but has - not been rolled back. + description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment }} does not match, this indicates that the Deployment has failed but has not been rolled back. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch summary: Deployment generation mismatch due to possible roll-back expr: | @@ -1173,8 +1133,7 @@ spec: severity: warning - alert: KubeDeploymentReplicasMismatch annotations: - description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has - not matched the expected number of replicas for longer than 15 minutes. + description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has not matched the expected number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | @@ -1192,8 +1151,7 @@ spec: severity: warning - alert: KubeStatefulSetReplicasMismatch annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} - has not matched the expected number of replicas for longer than 15 minutes. + description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | @@ -1211,9 +1169,7 @@ spec: severity: warning - alert: KubeStatefulSetGenerationMismatch annotations: - description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset - }} does not match, this indicates that the StatefulSet has failed but has - not been rolled back. + description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset }} does not match, this indicates that the StatefulSet has failed but has not been rolled back. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch summary: StatefulSet generation mismatch due to possible roll-back expr: | @@ -1225,8 +1181,7 @@ spec: severity: warning - alert: KubeStatefulSetUpdateNotRolledOut annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} - update has not been rolled out. + description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} update has not been rolled out. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout summary: StatefulSet update has not been rolled out. expr: | @@ -1252,8 +1207,7 @@ spec: severity: warning - alert: KubeDaemonSetRolloutStuck annotations: - description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has - not finished or progressed for at least 15 minutes. + description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has not finished or progressed for at least 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck summary: DaemonSet rollout is stuck. expr: | @@ -1285,8 +1239,7 @@ spec: severity: warning - alert: KubeContainerWaiting annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} - has been in waiting state for longer than 1 hour. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} has been in waiting state for longer than 1 hour. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting summary: Pod container waiting longer than 1 hour expr: | @@ -1296,8 +1249,7 @@ spec: severity: warning - alert: KubeDaemonSetNotScheduled annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset - }} are not scheduled.' + description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are not scheduled.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled summary: DaemonSet pods are not scheduled. expr: | @@ -1309,8 +1261,7 @@ spec: severity: warning - alert: KubeDaemonSetMisScheduled annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset - }} are running where they are not supposed to run.' + description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are running where they are not supposed to run.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled summary: DaemonSet pods are misscheduled. expr: | @@ -1320,8 +1271,7 @@ spec: severity: warning - alert: KubeJobCompletion annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking - more than 12 hours to complete. + description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking more than 12 hours to complete. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion summary: Job did not complete in time expr: | @@ -1331,8 +1281,7 @@ spec: severity: warning - alert: KubeJobFailed annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to - complete. Removing failed job after investigation should clear this alert. + description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to complete. Removing failed job after investigation should clear this alert. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed summary: Job failed to complete. expr: | @@ -1342,8 +1291,7 @@ spec: severity: warning - alert: KubeHpaReplicasMismatch annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched - the desired number of replicas for longer than 15 minutes. + description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched the desired number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch summary: HPA has not matched descired number of replicas. expr: | @@ -1365,8 +1313,7 @@ spec: severity: warning - alert: KubeHpaMaxedOut annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running - at max replicas for longer than 15 minutes. + description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running at max replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout summary: HPA is running at max replicas expr: | @@ -1380,8 +1327,7 @@ spec: rules: - alert: KubeCPUOvercommit annotations: - description: Cluster has overcommitted CPU resource requests for Pods and - cannot tolerate node failure. + description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | @@ -1395,8 +1341,7 @@ spec: severity: warning - alert: KubeMemoryOvercommit annotations: - description: Cluster has overcommitted memory resource requests for Pods and - cannot tolerate node failure. + description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | @@ -1438,8 +1383,7 @@ spec: severity: warning - alert: KubeQuotaAlmostFull annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage - }} of its {{ $labels.resource }} quota. + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull summary: Namespace quota is going to be full. expr: | @@ -1452,8 +1396,7 @@ spec: severity: info - alert: KubeQuotaFullyUsed annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage - }} of its {{ $labels.resource }} quota. + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused summary: Namespace quota is fully used. expr: | @@ -1466,8 +1409,7 @@ spec: severity: info - alert: KubeQuotaExceeded annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage - }} of its {{ $labels.resource }} quota. + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded summary: Namespace quota has exceeded the limits. expr: | @@ -1480,9 +1422,7 @@ spec: severity: warning - alert: CPUThrottlingHigh annotations: - description: '{{ $value | humanizePercentage }} throttling of CPU in namespace - {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ - $labels.pod }}.' + description: '{{ $value | humanizePercentage }} throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ $labels.pod }}.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh summary: Processes experience elevated CPU throttling. expr: | @@ -1497,9 +1437,7 @@ spec: rules: - alert: KubePersistentVolumeFillingUp annotations: - description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim - }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage - }} free. + description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage }} free. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | @@ -1512,10 +1450,7 @@ spec: severity: critical - alert: KubePersistentVolumeFillingUp annotations: - description: Based on recent sampling, the PersistentVolume claimed by {{ - $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is - expected to fill up within four days. Currently {{ $value | humanizePercentage - }} is available. + description: Based on recent sampling, the PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is expected to fill up within four days. Currently {{ $value | humanizePercentage }} is available. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | @@ -1531,8 +1466,7 @@ spec: severity: warning - alert: KubePersistentVolumeErrors annotations: - description: The persistent volume {{ $labels.persistentvolume }} has status - {{ $labels.phase }}. + description: The persistent volume {{ $labels.persistentvolume }} has status {{ $labels.phase }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors summary: PersistentVolume is having issues with provisioning. expr: | @@ -1544,8 +1478,7 @@ spec: rules: - alert: KubeVersionMismatch annotations: - description: There are {{ $value }} different semantic versions of Kubernetes - components running. + description: There are {{ $value }} different semantic versions of Kubernetes components running. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch summary: Different semantic versions of Kubernetes components running. expr: | @@ -1555,8 +1488,7 @@ spec: severity: warning - alert: KubeClientErrors annotations: - description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance - }}' is experiencing {{ $value | humanizePercentage }} errors.' + description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance }}' is experiencing {{ $value | humanizePercentage }} errors.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors summary: Kubernetes API server client is experiencing errors. expr: | @@ -1629,8 +1561,7 @@ spec: rules: - alert: KubeClientCertificateExpiration annotations: - description: A client certificate used to authenticate to the apiserver is - expiring in less than 7.0 days. + description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | @@ -1639,8 +1570,7 @@ spec: severity: warning - alert: KubeClientCertificateExpiration annotations: - description: A client certificate used to authenticate to the apiserver is - expiring in less than 24.0 hours. + description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | @@ -1649,10 +1579,7 @@ spec: severity: critical - alert: AggregatedAPIErrors annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} - has reported errors. The number of errors have increased for it in the past - five minutes. High values indicate that the availability of the service - changes too often. + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors summary: An aggregated API has reported errors. expr: | @@ -1661,8 +1588,7 @@ spec: severity: warning - alert: AggregatedAPIDown annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} - has been only {{ $value | humanize }}% available over the last 10m. + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has been only {{ $value | humanize }}% available over the last 10m. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown summary: An aggregated API is down. expr: | @@ -1694,8 +1620,7 @@ spec: severity: warning - alert: KubeNodeUnreachable annotations: - description: '{{ $labels.node }} is unreachable and some workloads may be - rescheduled.' + description: '{{ $labels.node }} is unreachable and some workloads may be rescheduled.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable summary: Node is unreachable. expr: | @@ -1705,8 +1630,7 @@ spec: severity: warning - alert: KubeletTooManyPods annotations: - description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage - }} of its Pod capacity. + description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage }} of its Pod capacity. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods summary: Kubelet is running at capacity. expr: | @@ -1722,8 +1646,7 @@ spec: severity: warning - alert: KubeNodeReadinessFlapping annotations: - description: The readiness status of node {{ $labels.node }} has changed {{ - $value }} times in the last 15 minutes. + description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping summary: Node readiness status is flapping. expr: | @@ -1733,8 +1656,7 @@ spec: severity: warning - alert: KubeletPlegDurationHigh annotations: - description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile - duration of {{ $value }} seconds on node {{ $labels.node }}. + description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{ $value }} seconds on node {{ $labels.node }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. expr: | @@ -1744,8 +1666,7 @@ spec: severity: warning - alert: KubeletPodStartUpLatencyHigh annotations: - description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds - on node {{ $labels.node }}. + description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds on node {{ $labels.node }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh summary: Kubelet Pod startup latency is too high. expr: | @@ -1755,8 +1676,7 @@ spec: severity: warning - alert: KubeletClientCertificateExpiration annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. + description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | @@ -1765,8 +1685,7 @@ spec: severity: warning - alert: KubeletClientCertificateExpiration annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. + description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | @@ -1775,8 +1694,7 @@ spec: severity: critical - alert: KubeletServerCertificateExpiration annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. + description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | @@ -1785,8 +1703,7 @@ spec: severity: warning - alert: KubeletServerCertificateExpiration annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires - in {{ $value | humanizeDuration }}. + description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | @@ -1795,8 +1712,7 @@ spec: severity: critical - alert: KubeletClientCertificateRenewalErrors annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its client - certificate ({{ $value | humanize }} errors in the last 5 minutes). + description: Kubelet on node {{ $labels.node }} has failed to renew its client certificate ({{ $value | humanize }} errors in the last 5 minutes). runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors summary: Kubelet has failed to renew its client certificate. expr: | @@ -1806,8 +1722,7 @@ spec: severity: warning - alert: KubeletServerCertificateRenewalErrors annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its server - certificate ({{ $value | humanize }} errors in the last 5 minutes). + description: Kubelet on node {{ $labels.node }} has failed to renew its server certificate ({{ $value | humanize }} errors in the last 5 minutes). runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors summary: Kubelet has failed to renew its server certificate. expr: | @@ -1841,8 +1756,7 @@ spec: rules: - alert: KubeControllerManagerDown annotations: - description: KubeControllerManager has disappeared from Prometheus target - discovery. + description: KubeControllerManager has disappeared from Prometheus target discovery. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown summary: Target disappeared from Prometheus target discovery. expr: | @@ -1854,8 +1768,7 @@ spec: rules: - alert: PrometheusBadConfig annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to - reload its configuration. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to reload its configuration. summary: Failed Prometheus configuration reload. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -1866,10 +1779,8 @@ spec: severity: critical - alert: PrometheusNotificationQueueRunningFull annotations: - description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} - is running full. - summary: Prometheus alert notification queue predicted to run full in less - than 30m. + description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. + summary: Prometheus alert notification queue predicted to run full in less than 30m. expr: | # Without min_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. @@ -1883,10 +1794,8 @@ spec: severity: warning - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers annotations: - description: '{{ printf "%.1f" $value }}% errors while sending alerts from - Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' - summary: Prometheus has encountered more than 1% errors sending alerts to - a specific Alertmanager. + description: '{{ printf "%.1f" $value }}% errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' + summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. expr: | ( rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) @@ -1900,8 +1809,7 @@ spec: severity: warning - alert: PrometheusErrorSendingAlertsToAnyAlertmanager annotations: - description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts - from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' + description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. expr: | min without(alertmanager) ( @@ -1916,8 +1824,7 @@ spec: severity: critical - alert: PrometheusNotConnectedToAlertmanagers annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected - to any Alertmanagers. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. summary: Prometheus is not connected to any Alertmanagers. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -1928,8 +1835,7 @@ spec: severity: warning - alert: PrometheusTSDBReloadsFailing annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected - {{$value | humanize}} reload failures over the last 3h. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} reload failures over the last 3h. summary: Prometheus has issues reloading blocks from disk. expr: | increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -1938,8 +1844,7 @@ spec: severity: warning - alert: PrometheusTSDBCompactionsFailing annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected - {{$value | humanize}} compaction failures over the last 3h. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} compaction failures over the last 3h. summary: Prometheus has issues compacting blocks. expr: | increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -1948,8 +1853,7 @@ spec: severity: warning - alert: PrometheusNotIngestingSamples annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting - samples. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. summary: Prometheus is not ingesting samples. expr: | rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 @@ -1958,9 +1862,7 @@ spec: severity: warning - alert: PrometheusDuplicateTimestamps annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping - {{ printf "%.4g" $value }} samples/s with different values but duplicated - timestamp. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with different values but duplicated timestamp. summary: Prometheus is dropping samples with duplicate timestamps. expr: | rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -1969,8 +1871,7 @@ spec: severity: warning - alert: PrometheusOutOfOrderTimestamps annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping - {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. summary: Prometheus drops samples with out-of-order timestamps. expr: | rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -1979,9 +1880,7 @@ spec: severity: warning - alert: PrometheusRemoteStorageFailures annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send - {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ - $labels.url }} + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ $labels.url }} summary: Prometheus fails to send samples to remote storage. expr: | ( @@ -2000,9 +1899,7 @@ spec: severity: critical - alert: PrometheusRemoteWriteBehind annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write - is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url - }}. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url }}. summary: Prometheus remote write is behind. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -2018,13 +1915,8 @@ spec: severity: critical - alert: PrometheusRemoteWriteDesiredShards annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write - desired shards calculation wants to run {{ $value }} shards for queue {{ - $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ - printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` - $labels.instance | query | first | value }}. - summary: Prometheus remote write desired shards calculation wants to run more - than configured max shards. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write desired shards calculation wants to run {{ $value }} shards for queue {{ $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` $labels.instance | query | first | value }}. + summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. expr: | # Without max_over_time, failed scrapes could create false negatives, see # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. @@ -2038,8 +1930,7 @@ spec: severity: warning - alert: PrometheusRuleFailures annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to - evaluate {{ printf "%.0f" $value }} rules in the last 5m. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to evaluate {{ printf "%.0f" $value }} rules in the last 5m. summary: Prometheus is failing rule evaluations. expr: | increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -2048,8 +1939,7 @@ spec: severity: critical - alert: PrometheusMissingRuleEvaluations annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ - printf "%.0f" $value }} rule group evaluations in the last 5m. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ printf "%.0f" $value }} rule group evaluations in the last 5m. summary: Prometheus is missing rule evaluations due to slow rule group evaluation. expr: | increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -2058,11 +1948,8 @@ spec: severity: warning - alert: PrometheusTargetLimitHit annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped - {{ printf "%.0f" $value }} targets because the number of targets exceeded - the configured target_limit. - summary: Prometheus has dropped targets because some scrape configs have exceeded - the targets limit. + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because the number of targets exceeded the configured target_limit. + summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. expr: | increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 for: 15m @@ -2084,8 +1971,7 @@ spec: severity: critical - alert: AlertmanagerFailedReload annotations: - message: Reloading Alertmanager's configuration has failed for {{ $labels.namespace - }}/{{ $labels.pod}}. + message: Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod}}. expr: | alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"} == 0 for: 10m @@ -2105,10 +1991,8 @@ spec: rules: - alert: TargetDown annotations: - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service - }} targets in {{ $labels.namespace }} namespace are down.' - expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, - namespace, service)) > 10 + message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 for: 10m labels: severity: warning @@ -2127,8 +2011,7 @@ spec: rules: - alert: NodeNetworkInterfaceFlapping annotations: - message: Network interface "{{ $labels.device }}" changing it's up status - often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" + message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 for: 2m diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index d41e7b48..9c923d54 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -17,18 +17,13 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to - be aggregated across multiple namespaces configuring one Alertmanager. + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -83,17 +78,13 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -117,69 +108,50 @@ spec: httpConfig: properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate - over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a - Secret. + description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -187,98 +159,71 @@ spec: proxyURL: type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration - parameters. + description: SafeTLSConfig specifies safe TLS configuration parameters. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to - use for the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use - for the targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret - or its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert - file for the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to - use for the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use - for the targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret - or its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -288,29 +233,22 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key - file for the targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object serverName: - description: Used to verify the hostname for the - targets. + description: Used to verify the hostname for the targets. type: string type: object type: object @@ -371,69 +309,50 @@ spec: httpConfig: properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate - over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a - Secret. + description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -441,98 +360,71 @@ spec: proxyURL: type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration - parameters. + description: SafeTLSConfig specifies safe TLS configuration parameters. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to - use for the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use - for the targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret - or its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert - file for the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to - use for the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use - for the targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret - or its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -542,29 +434,22 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key - file for the targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object serverName: - description: Used to verify the hostname for the - targets. + description: Used to verify the hostname for the targets. type: string type: object type: object @@ -572,17 +457,13 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -593,17 +474,13 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -620,69 +497,50 @@ spec: httpConfig: properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate - over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a - Secret. + description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -690,98 +548,71 @@ spec: proxyURL: type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration - parameters. + description: SafeTLSConfig specifies safe TLS configuration parameters. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to - use for the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use - for the targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret - or its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert - file for the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to - use for the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use - for the targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to - select from. Must be a valid secret - key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret - or its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -791,29 +622,22 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key - file for the targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or - its key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object serverName: - description: Used to verify the hostname for the - targets. + description: Used to verify the hostname for the targets. type: string type: object type: object @@ -828,17 +652,13 @@ spec: description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key diff --git a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index 88ac7b99..e567a350 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -32,24 +32,18 @@ spec: description: Alertmanager describes an Alertmanager cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalPeers: - description: AdditionalPeers allows injecting a set of additional - Alertmanagers to peer with to form a highly available cluster. + description: AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. items: type: string type: array @@ -57,59 +51,29 @@ spec: description: If specified, the pod's scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. + description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. + description: A node selector term, associated with the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. + description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -119,33 +83,18 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. + description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -156,8 +105,7 @@ spec: type: array type: object weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -166,50 +114,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. + description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. + description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -219,33 +143,18 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. + description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -261,61 +170,32 @@ spec: type: object type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that - the selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -327,36 +207,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -365,52 +231,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -422,29 +262,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -452,62 +279,32 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that - the selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -519,36 +316,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -557,52 +340,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -614,29 +371,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -645,32 +389,21 @@ spec: type: object type: object alertmanagerConfigNamespaceSelector: - description: Namespaces to be selected for AlertmanagerConfig discovery. - If nil, only check own namespace. + description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -682,40 +415,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object alertmanagerConfigSelector: - description: AlertmanagerConfigs to be selected for to merge and configure - Alertmanager with. + description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -727,96 +445,51 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object baseImage: - description: 'Base image that is used to deploy pods, without tag. - Deprecated: use ''image'' instead' + description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' type: string clusterAdvertiseAddress: - description: 'ClusterAdvertiseAddress is the explicit address to advertise - in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. - [1] RFC1918: https://tools.ietf.org/html/rfc1918' + description: 'ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918' type: string configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the Alertmanager object, which shall be mounted into the Alertmanager - Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. items: type: string type: array configSecret: - description: ConfigSecret is the name of a Kubernetes Secret in the - same namespace as the Alertmanager object, which contains configuration - for this Alertmanager instance. Defaults to 'alertmanager-' - The secret is mounted into /etc/alertmanager/config. + description: ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. type: string containers: - description: 'Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. Containers described here modify an operator generated container - if they share the same name and modifications are done via a strategic - merge patch. The current container names are: `alertmanager` and - `config-reloader`. Overriding containers is entirely outside the - scope of what the maintainers will support and by doing so, you - accept that this behaviour may break at any time without notice.' + description: 'Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run - within a pod. + description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -825,49 +498,34 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -876,22 +534,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -902,41 +554,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -945,41 +584,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -988,16 +608,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1017,66 +633,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -1085,16 +673,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1114,33 +698,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1148,47 +724,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1208,150 +768,101 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1371,256 +882,158 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1640,117 +1053,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -1758,40 +1125,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1799,107 +1153,59 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name type: object type: array externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. + description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. type: string forceEnableClusterMode: - description: ForceEnableClusterMode ensures Alertmanager does not - deactivate the cluster mode when running with a single replica. - Use case is e.g. spanning an Alertmanager cluster across Kubernetes - clusters with a single replica in each. + description: ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. type: boolean image: - description: Image if specified has precedence over baseImage, tag - and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Alertmanager - is being configured. + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. type: string imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling prometheus and alertmanager images - from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the Alertmanager configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart - of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching - is entirely outside the scope of what the maintainers will support - and by doing so, you accept that this behaviour may break at any - time without notice.' + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run - within a pod. + description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1908,49 +1214,34 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -1959,22 +1250,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -1985,41 +1270,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -2028,41 +1300,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -2071,16 +1324,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2100,66 +1349,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -2168,16 +1389,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2197,33 +1414,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2231,47 +1440,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2291,150 +1484,101 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2454,256 +1598,158 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2723,117 +1769,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -2841,40 +1841,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -2882,18 +1869,14 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name type: object type: array listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. + description: ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. type: boolean logFormat: description: Log format for Alertmanager to be configured with. @@ -2907,48 +1890,33 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object paused: - description: If set to true all actions on the underlaying managed - objects are not goint to be performed, except for delete actions. + description: If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to the alertmanager pods. + description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to web + description: Port name used for the pods and governing service. This defaults to web type: string priorityClassName: description: Priority class assigned to the Pods type: string replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. + description: Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. format: int32 type: integer resources: @@ -2957,121 +1925,70 @@ spec: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object retention: - description: Time duration Alertmanager shall retain data for. Default - is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` - (milliseconds seconds minutes hours). + description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). type: string routePrefix: - description: The route prefix Alertmanager registers HTTP handlers - for. This is useful, if using ExternalURL and a proxy is rewriting - HTTP routes of a request, and the actual ExternalURL is still true, - but the server serves requests under a different route prefix. For - example for use with `kubectl proxy`. + description: The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. type: string secrets: - description: Secrets is a list of Secrets in the same namespace as - the Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume." + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified defaults to "Always".' + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. properties: level: - description: Level is SELinux level label that applies to - the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies to - the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies to - the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies to - the container. + description: User is a SELinux user label that applies to the container. type: string type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. items: description: Sysctl defines a kernel parameter to be set properties: @@ -3087,148 +2004,80 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use to run the Prometheus Pods. + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string sha: - description: 'SHA of Alertmanager container image to be deployed. - Defaults to the value of `version`. Similar to a tag, but the SHA - explicitly deploys an immutable container image. Version and Tag - are ignored if SHA is set. Deprecated: use ''image'' instead. The - image digest can be specified as part of the image URL.' + description: 'SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' type: string storage: - description: Storage is the definition of how storage will be used - by the Alertmanager instances. + description: Storage is the definition of how storage will be used by the Alertmanager instances. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) * - An existing custom resource/object that implements data - population (Alpha) In order to use VolumeSnapshot object - types, the appropriate feature gate must be enabled - (VolumeSnapshotDataSource or AnyVolumeDataSource) If - the provisioner or an external controller can support - the specified data source, it will create a new volume - based on the contents of the specified data source. - If the specified data source is not supported, the volume - will not be created and the failure will be reported - as an event. In the future, we plan to support more - data source types and the behavior of the provisioner - may change.' + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -3241,53 +2090,35 @@ spec: - name type: object resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: A label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3299,76 +2130,55 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. + description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array capacity: additionalProperties: type: string - description: Represents the actual resources of the underlying - volume. + description: Represents the actual resources of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails - details about state of pvc + description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: Last time the condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: Human-readable message indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -3382,85 +2192,52 @@ spec: type: object type: object tag: - description: 'Tag of Alertmanager container image to be deployed. - Defaults to the value of `version`. Version is ignored if Tag is - set. Deprecated: use ''image'' instead. The image tag can be specified - as part of the image URL.' + description: 'Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' type: string tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: description: If specified, the pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3472,48 +2249,18 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology domains - of a given topology type. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 - to become 1/1/1; scheduling it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - It''s a required field. Default value is 1 and 0 is not allowed.' + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In - other words, the cluster can still be imbalanced, but scheduler - won''t make it *more* imbalanced. It''s a required field.' + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -3525,41 +2272,27 @@ spec: description: Version the cluster should be on. type: string volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified will - be appended to other VolumeMounts in the alertmanager container, - that are generated as a result of StorageSpec objects. + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. items: - description: VolumeMount describes a mounting of a Volume within - a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -3567,50 +2300,31 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' @@ -3622,35 +2336,26 @@ spec: description: The URI the data disk in the blob storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name @@ -3660,99 +2365,66 @@ spec: - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeID: - description: 'volume id used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate - this volume + description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -3760,19 +2432,11 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -3780,121 +2444,78 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). properties: driver: - description: Driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object required: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod - that should populate this volume + description: DownwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field + description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -3908,44 +2529,27 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' @@ -3953,26 +2557,19 @@ spec: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for - this volume. + description: Driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -3980,85 +2577,52 @@ spec: description: 'Optional: Extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. type: string repository: description: Repository URL @@ -4070,51 +2634,35 @@ spec: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication @@ -4123,55 +2671,38 @@ spec: description: whether support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -4179,76 +2710,56 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume @@ -4257,62 +2768,34 @@ spec: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set. + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: description: list of volume projections items: - description: Projection that may be projected along with - other supported volume types + description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: information about the configMap data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. + description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -4320,81 +2803,50 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI data - to project + description: information about the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file + description: Items is a list of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field + description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format - of the exposed resources, defaults - to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: - description: 'Required: resource to - select' + description: 'Required: resource to select' type: string required: - resource @@ -4405,43 +2857,22 @@ spec: type: array type: object secret: - description: information about the secret data to - project + description: information about the secret data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. + description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -4449,44 +2880,24 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: Path is the path relative to the - mount point of the file to project the token - into. + description: Path is the path relative to the mount point of the file to project the token into. type: string required: - path @@ -4497,143 +2908,103 @@ spec: - sources type: object quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no - group + description: Group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount - user + description: User to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already - created Quobyte volume by name. + description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: The ScaleIO Storage Pool associated with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: The name of the storage system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. type: string required: - gateway @@ -4641,28 +3012,14 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -4670,19 +3027,11 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -4690,69 +3039,46 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: Specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeName: - description: VolumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk @@ -4766,32 +3092,25 @@ spec: type: array type: object status: - description: 'Most recent observed status of the Alertmanager cluster. - Read-only. Not included when requesting from the apiserver, only from - the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. format: int32 type: integer paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this - Alertmanager cluster (their labels match the selector). + description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. + description: Total number of unavailable pods targeted by this Alertmanager cluster. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this - Alertmanager cluster that have the desired version spec. + description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. format: int32 type: integer required: diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index fba2956f..50096e73 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -20,31 +20,24 @@ spec: description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. + description: Specification of desired Pod selection for target discovery by Prometheus. properties: jobLabel: description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. + description: Selector to select which namespaces the Endpoints objects are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names. @@ -55,126 +48,94 @@ spec: podMetricsEndpoints: description: A list of endpoints allowed as part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. + description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. + description: HonorLabels chooses the metric's labels on collisions with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. type: boolean interval: description: Interval at which metrics should be scraped type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. + description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. - Default is 'replace' + description: Action to perform based on regex matching. Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array @@ -189,56 +150,39 @@ spec: description: HTTP path to scrape for metrics. type: string port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. + description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before ingestion. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. - Default is 'replace' + description: Action to perform based on regex matching. Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array @@ -258,24 +202,19 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -284,41 +223,32 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object cert: - description: Struct containing the client cert file for - the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -327,17 +257,13 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -347,20 +273,16 @@ spec: description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -372,42 +294,30 @@ spec: type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. format: int64 type: integer selector: description: Selector to select Pod objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -419,16 +329,11 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. format: int64 type: integer required: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 47d871ac..691b1e9f 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -20,37 +20,27 @@ spec: description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. + description: Specification of desired Ingress selection for target discovery by Prometheus. properties: interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. + description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. type: string jobName: description: The job name assigned to scraped metrics by default. type: string module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. + description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. properties: path: description: Path to collect metrics from. Defaults to `/probe`. @@ -68,19 +58,16 @@ spec: description: Timeout for scraping metrics from the Prometheus exporter. type: string targets: - description: Targets defines a set of static and/or dynamically discovered - targets to be probed using the prober. + description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. properties: ingress: - description: Ingress defines the set of dynamically discovered - ingress objects which hosts are considered for probing. + description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. properties: namespaceSelector: description: Select Ingress objects by namespace. properties: any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names. @@ -89,48 +76,33 @@ spec: type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to samples before ingestion. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. - Default is 'replace' + description: Action to perform based on regex matching. Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array @@ -138,29 +110,18 @@ spec: description: Select Ingress objects by labels. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -172,27 +133,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object type: object staticConfig: - description: 'StaticConfig defines static targets which are considers - for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + description: 'StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string - description: Labels assigned to all metrics scraped from the - targets. + description: Labels assigned to all metrics scraped from the targets. type: object static: - description: Targets is a list of URLs to probe using the - configured prober. + description: Targets is a list of URLs to probe using the configured prober. items: type: string type: array diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 45de1c2b..eb40f0fc 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -32,41 +32,24 @@ spec: description: Prometheus defines a Prometheus deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: 'Specification of the desired behavior of the Prometheus - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalAlertManagerConfigs: - description: 'AdditionalAlertManagerConfigs allows specifying a key - of a Secret containing additional Prometheus AlertManager configurations. - AlertManager configurations specified are appended to the configurations - generated by the Prometheus Operator. Job configurations specified - must have the form as specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. - As AlertManager configs are appended, the user is responsible to - make sure it is valid. Note that using this feature may expose the - possibility to break upgrades of Prometheus. It is advised to review - Prometheus release notes to ensure that no incompatible AlertManager - configs are going to break Prometheus after the upgrade.' + description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -75,25 +58,13 @@ spec: - key type: object additionalAlertRelabelConfigs: - description: 'AdditionalAlertRelabelConfigs allows specifying a key - of a Secret containing additional Prometheus alert relabel configurations. - Alert relabel configurations specified are appended to the configurations - generated by the Prometheus Operator. Alert relabel configurations - specified must have the form as specified in the official Prometheus - documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. - As alert relabel configs are appended, the user is responsible to - make sure it is valid. Note that using this feature may expose the - possibility to break upgrades of Prometheus. It is advised to review - Prometheus release notes to ensure that no incompatible alert relabel - configs are going to break Prometheus after the upgrade.' + description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -102,25 +73,13 @@ spec: - key type: object additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Prometheus scrape configurations. Scrape - configurations specified are appended to the configurations generated - by the Prometheus Operator. Job configurations specified must have - the form as specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Prometheus. It is advised to review Prometheus - release notes to ensure that no incompatible scrape configs are - going to break Prometheus after the upgrade.' + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -132,59 +91,29 @@ spec: description: If specified, the pod's scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. + description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. + description: A node selector term, associated with the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. + description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -194,33 +123,18 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. + description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -231,8 +145,7 @@ spec: type: array type: object weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -241,50 +154,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. + description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. + description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -294,33 +183,18 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. + description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -336,61 +210,32 @@ spec: type: object type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that - the selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -402,36 +247,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -440,52 +271,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -497,29 +302,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -527,62 +319,32 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that - the selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -594,36 +356,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -632,52 +380,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -689,29 +411,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -723,20 +432,15 @@ spec: description: Define details regarding alerting. properties: alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. + description: AlertmanagerEndpoints Prometheus should fire alerts against. items: - description: AlertmanagerEndpoints defines a selection of a - single Endpoints object containing alertmanager IPs to fire - alerts against. + description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. properties: apiVersion: - description: Version of the Alertmanager API that Prometheus - uses to send alerts. It can be "v1" or "v2". + description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". type: string bearerTokenFile: - description: BearerTokenFile to read from filesystem to - use when authenticating to Alertmanager. + description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. type: string name: description: Name of Endpoints object in Namespace. @@ -745,8 +449,7 @@ spec: description: Namespace of Endpoints object. type: string pathPrefix: - description: Prefix for the HTTP path alerts are pushed - to. + description: Prefix for the HTTP path alerts are pushed to. type: string port: anyOf: @@ -758,135 +461,102 @@ spec: description: Scheme to use when firing alerts. type: string timeout: - description: Timeout is a per-target Alertmanager timeout - when pushing alerts. + description: Timeout is a per-target Alertmanager timeout when pushing alerts. type: string tlsConfig: description: TLS Config to use for alertmanager connection. properties: ca: - description: Struct containing the CA cert to use for - the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for - the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the - targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file - for the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for - the targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object secret: - description: Secret containing data to use for the - targets. + description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -905,54 +575,40 @@ spec: - alertmanagers type: object allowOverlappingBlocks: - description: AllowOverlappingBlocks enables vertical compaction and - vertical query merge in Prometheus. This is still experimental in - Prometheus so it may change in any upcoming release. + description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. type: boolean apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods - to access apiserver. If left empty, Prometheus is assumed to run - inside of the cluster and will discover API servers automatically - and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. properties: basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication + description: BasicAuth allow an endpoint to authenticate over basic authentication properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace that - contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -965,31 +621,25 @@ spec: description: File to read bearer token for accessing apiserver. type: string host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number + description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number type: string tlsConfig: description: TLS Config to use for accessing apiserver. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -998,45 +648,35 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -1045,48 +685,38 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -1099,87 +729,47 @@ spec: - host type: object arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a service monitor can access arbitrary files on the file - system of the Prometheus container e.g. bearer token files. + description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. properties: deny: type: boolean type: object baseImage: - description: 'Base image to use for a Prometheus deployment. Deprecated: - use ''image'' instead' + description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' type: string configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace - as the Prometheus object, which shall be mounted into the Prometheus - Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. items: type: string type: array containers: - description: 'Containers allows injecting additional containers or - modifying operator generated containers. This can be used to allow - adding an authentication proxy to a Prometheus pod or to change - the behavior of an operator generated container. Containers described - here modify an operator generated container if they share the same - name and modifications are done via a strategic merge patch. The - current container names are: `prometheus`, `config-reloader`, and - `thanos-sidecar`. Overriding containers is entirely outside the - scope of what the maintainers will support and by doing so, you - accept that this behaviour may break at any time without notice.' + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run - within a pod. + description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1188,49 +778,34 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -1239,22 +814,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -1265,41 +834,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -1308,41 +864,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -1351,16 +888,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1380,66 +913,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -1448,16 +953,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1477,33 +978,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1511,47 +1004,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1571,150 +1048,101 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1734,256 +1162,158 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2003,117 +1333,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -2121,40 +1405,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -2162,9 +1433,7 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name @@ -2174,35 +1443,17 @@ spec: description: Disable prometheus compaction. type: boolean enableAdminAPI: - description: 'Enable access to prometheus web admin API. Defaults - to the value of `false`. WARNING: Enabling the admin APIs enables - mutating endpoints, to delete data, shutdown Prometheus, and more. - Enabling this should be done with care and the user is advised to - add additional authentication authorization via a proxy to ensure - only clients authorized to perform these actions can do so. For - more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' type: boolean enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label - of origin for each alert and metric that is user created. The label - value will always be the namespace of the object that is being created. + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on number of - scraped samples that will be accepted. This overrides any SampleLimit - set per ServiceMonitor or/and PodMonitor. It is meant to be used - by admins to enforce the SampleLimit to keep overall number of samples/series - under the desired limit. Note that if SampleLimit is lower that - value will be taken instead. + description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number - of scraped targets. This overrides any TargetLimit set per ServiceMonitor - or/and PodMonitor. It is meant to be used by admins to enforce the - TargetLimit to keep overall number of targets under the desired - limit. Note that if TargetLimit is higher that value will be taken - instead. + description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. format: int64 type: integer evaluationInterval: @@ -2211,102 +1462,55 @@ spec: externalLabels: additionalProperties: type: string - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). + description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). type: object externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. + description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. type: string ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector - settings from the podmonitor and servicemonitor configs, and they - will only discover endpoints within their current namespace. Defaults - to false. + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. type: boolean image: - description: Image if specified has precedence over baseImage, tag - and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Prometheus - is being configured. + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. type: string imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling prometheus and alertmanager images - from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the Prometheus configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart - of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching - is entirely outside the scope of what the maintainers will support - and by doing so, you accept that this behaviour may break at any - time without notice.' + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run - within a pod. + description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -2315,49 +1519,34 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -2366,22 +1555,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -2392,41 +1575,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -2435,41 +1605,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -2478,16 +1629,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2507,66 +1654,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -2575,16 +1694,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2604,33 +1719,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2638,47 +1745,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2698,150 +1789,101 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2861,256 +1903,158 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -3130,117 +2074,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -3248,40 +2146,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -3289,17 +2174,14 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name type: object type: array listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. + description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. type: boolean logFormat: description: Log format for Prometheus to be configured with. @@ -3313,73 +2195,47 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object overrideHonorLabels: - description: OverrideHonorLabels if set to true overrides all user - configured honor_labels. If HonorLabels is set in ServiceMonitor - or PodMonitor to true, this overrides honor_labels to false. + description: OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows to globally enforce honoring - timestamps in all scrape configs. + description: OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. type: boolean paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. + description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to the prometheus pods. + description: PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object podMonitorNamespaceSelector: - description: Namespaces to be selected for PodMonitor discovery. If - nil, only check own namespace. + description: Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3391,41 +2247,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object podMonitorSelector: - description: '*Experimental* PodMonitors to be selected for target - discovery. *Deprecated:* if neither this nor serviceMonitorSelector - are specified, configuration is unmanaged.' + description: '*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.' properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3437,47 +2277,31 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object portName: - description: Port name used for the pods and governing service. This - defaults to web + description: Port name used for the pods and governing service. This defaults to web type: string priorityClassName: description: Priority class assigned to the Pods type: string probeNamespaceSelector: - description: '*Experimental* Namespaces to be selected for Probe discovery. - If nil, only check own namespace.' + description: '*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.' properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3489,39 +2313,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object probeSelector: description: '*Experimental* Probes to be selected for target discovery.' properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3533,27 +2343,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object prometheusExternalLabelName: - description: Name of Prometheus external label used to denote Prometheus - instance name. Defaults to the value of `prometheus`. External label - will _not_ be added when value is set to empty string (`""`). + description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). type: string prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of prometheus - rules to be excluded from enforcing of adding namespace labels. - Works only if enforcedNamespaceLabel set to true. Make sure both - ruleNamespace and ruleName are set for each pair + description: PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair items: - description: PrometheusRuleExcludeConfig enables users to configure - excluded PrometheusRule names and their namespaces to be ignored - while enforcing namespace label for alerts and metrics. + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. properties: ruleName: description: RuleNamespace - name of excluded rule @@ -3567,22 +2366,17 @@ spec: type: object type: array query: - description: QuerySpec defines the query command line flags when starting - Prometheus. + description: QuerySpec defines the query command line flags when starting Prometheus. properties: lookbackDelta: - description: The delta difference allowed for retrieving metrics - during expression evaluations. + description: The delta difference allowed for retrieving metrics during expression evaluations. type: string maxConcurrency: description: Number of concurrent queries that can be run at once. format: int32 type: integer maxSamples: - description: Maximum number of samples a single query can load - into memory. Note that queries will fail if they would load - more samples than this into memory, so this also limits the - number of samples a query can return. + description: Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. format: int32 type: integer timeout: @@ -3590,58 +2384,42 @@ spec: type: string type: object queryLogFile: - description: QueryLogFile specifies the file to which PromQL queries - are logged. Note that this location must be writable, and can be - persisted using an attached volume. Alternatively, the location - can be set to a stdout location such as `/dev/stdout` to log querie - information to the default Prometheus log stream. This is only available - in versions of Prometheus >= 2.16.0. For more details, see the Prometheus - docs (https://prometheus.io/docs/guides/query-log/) + description: QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) type: string remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. + description: If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. + description: RemoteReadSpec defines the remote_read configuration for prometheus. properties: basicAuth: description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -3654,17 +2432,13 @@ spec: description: File to read bearer token for remote read. type: string name: - description: The name of the remote read queue, must be unique - if specified. The name is used in metrics and logging in order - to differentiate read configurations. Only valid in Prometheus - versions 2.15.0 and newer. + description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. type: string proxyUrl: description: Optional ProxyURL type: string readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. + description: Whether reads should be made for queries for time ranges that the local storage should have complete data for. type: boolean remoteTimeout: description: Timeout for requests to the remote read endpoint. @@ -3672,31 +2446,25 @@ spec: requiredMatchers: additionalProperties: type: string - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. + description: An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. type: object tlsConfig: description: TLS Config to use for remote read. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -3705,45 +2473,35 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -3752,48 +2510,38 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -3810,49 +2558,39 @@ spec: type: object type: array remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. + description: If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. + description: RemoteWriteSpec defines the remote_write configuration for prometheus. properties: basicAuth: description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -3865,48 +2603,37 @@ spec: description: File to read bearer token for remote write. type: string name: - description: The name of the remote write queue, must be unique - if specified. The name is used in metrics and logging in order - to differentiate queues. Only valid in Prometheus versions - 2.15.0 and newer. + description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. type: string proxyUrl: description: Optional ProxyURL type: string queueConfig: - description: QueueConfig allows tuning of the remote write queue - parameters. + description: QueueConfig allows tuning of the remote write queue parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. + description: BatchSendDeadline is the maximum time a sample will wait in buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before we start dropping them. + description: Capacity is the number of samples to buffer per shard before we start dropping them. type: integer maxBackoff: description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. + description: MaxRetries is the maximum number of times to retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of - samples per send. + description: MaxSamplesPerSend is the maximum number of samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e. amount of concurrency. + description: MaxShards is the maximum number of shards, i.e. amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. Gets - doubled for every retry. + description: MinBackoff is the initial retry delay. Gets doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e. amount of concurrency. + description: MinShards is the minimum number of shards, i.e. amount of concurrency. type: integer type: object remoteTimeout: @@ -3916,24 +2643,19 @@ spec: description: TLS Config to use for remote write. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -3942,45 +2664,35 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -3989,48 +2701,38 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -4045,45 +2747,31 @@ spec: writeRelabelConfigs: description: The list of remote write relabel configurations. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. - Default is 'replace' + description: Action to perform based on regex matching. Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array @@ -4092,9 +2780,7 @@ spec: type: object type: array replicaExternalLabelName: - description: Name of Prometheus external label used to denote replica - name. Defaults to the value of `prometheus_replica`. External label - will _not_ be added when value is set to empty string (`""`). + description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). type: string replicas: description: Number of instances to deploy for a Prometheus deployment. @@ -4106,61 +2792,39 @@ spec: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object retention: - description: Time duration Prometheus shall retain data for. Default - is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` - (milliseconds seconds minutes hours days weeks years). + description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). type: string retentionSize: description: Maximum amount of disk space used by blocks. type: string routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. + description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. type: string ruleNamespaceSelector: - description: Namespaces to be selected for PrometheusRules discovery. - If unspecified, only the same namespace as the Prometheus object - is in is used. + description: Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4172,44 +2836,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object ruleSelector: - description: A selector to select which PrometheusRules to mount for - loading alerting/recording rules from. Until (excluding) Prometheus - Operator v0.24.0 Prometheus Operator will migrate any legacy rule - ConfigMaps to PrometheusRule custom resources selected by RuleSelector. - Make sure it does not match any config maps that you do not want - to be migrated. + description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4221,11 +2866,7 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object rules: @@ -4235,17 +2876,13 @@ spec: description: /--rules.alert.*/ command-line arguments properties: forGracePeriod: - description: Minimum duration between alert and restored 'for' - state. This is maintained only for alerts with configured - 'for' time greater than grace period. + description: Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. type: string forOutageTolerance: - description: Max time to tolerate prometheus outage for restoring - 'for' state of alert. + description: Max time to tolerate prometheus outage for restoring 'for' state of alert. type: string resendDelay: - description: Minimum amount of time to wait before resending - an alert to Alertmanager. + description: Minimum amount of time to wait before resending an alert to Alertmanager. type: string type: object type: object @@ -4253,100 +2890,58 @@ spec: description: Interval between consecutive scrapes. type: string scrapeTimeout: - description: Number of seconds to wait for target to respond before - erroring. + description: Number of seconds to wait for target to respond before erroring. type: string secrets: - description: Secrets is a list of Secrets in the same namespace as - the Prometheus object, which shall be mounted into the Prometheus - Pods. The Secrets are mounted into /etc/prometheus/secrets/. + description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume." + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified defaults to "Always".' + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. properties: level: - description: Level is SELinux level label that applies to - the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies to - the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies to - the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies to - the container. + description: User is a SELinux user label that applies to the container. type: string type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. items: description: Sysctl defines a kernel parameter to be set properties: @@ -4362,61 +2957,38 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use to run the Prometheus Pods. + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string serviceMonitorNamespaceSelector: - description: Namespaces to be selected for ServiceMonitor discovery. - If nil, only check own namespace. + description: Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4428,41 +3000,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object serviceMonitorSelector: - description: ServiceMonitors to be selected for target discovery. - *Deprecated:* if neither this nor podMonitorSelector are specified, - configuration is unmanaged. + description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4474,126 +3030,67 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object sha: - description: 'SHA of Prometheus container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. Deprecated: use ''image'' instead. The image digest - can be specified as part of the image URL.' + description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' type: string storage: description: Storage spec to specify how storage shall be used. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) * - An existing custom resource/object that implements data - population (Alpha) In order to use VolumeSnapshot object - types, the appropriate feature gate must be enabled - (VolumeSnapshotDataSource or AnyVolumeDataSource) If - the provisioner or an external controller can support - the specified data source, it will create a new volume - based on the contents of the specified data source. - If the specified data source is not supported, the volume - will not be created and the failure will be reported - as an event. In the future, we plan to support more - data source types and the behavior of the provisioner - may change.' + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -4606,53 +3103,35 @@ spec: - name type: object resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: A label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -4664,76 +3143,55 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. + description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array capacity: additionalProperties: type: string - description: Represents the actual resources of the underlying - volume. + description: Represents the actual resources of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails - details about state of pvc + description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: Last time the condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: Human-readable message indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -4747,47 +3205,31 @@ spec: type: object type: object tag: - description: 'Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. Version is ignored if Tag is set. Deprecated: - use ''image'' instead. The image tag can be specified as part of - the image URL.' + description: 'Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' type: string thanos: - description: "Thanos configuration allows configuring various aspects - of a Prometheus server in a Thanos environment. \n This section - is experimental, it may change significantly without deprecation - notice in any release. \n This is experimental and may change significantly - without backward compatibility in any release." + description: "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." properties: baseImage: - description: 'Thanos base image if other than default. Deprecated: - use ''image'' instead' + description: 'Thanos base image if other than default. Deprecated: use ''image'' instead' type: string grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from - which Thanos Querier reads recorded rule data. Note: Currently - only the CAFile, CertFile, and KeyFile fields are supported. - Maps to the ''--grpc-server-tls-*'' CLI args.' + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -4796,45 +3238,35 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -4843,48 +3275,38 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -4894,14 +3316,10 @@ spec: type: string type: object image: - description: Image if specified has precedence over baseImage, - tag and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Thanos - is being configured. + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. type: string listenLocal: - description: ListenLocal makes the Thanos sidecar listen on loopback, - so that it does not bind against the Pod IP. + description: ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. type: boolean logFormat: description: LogFormat for Thanos sidecar to be configured with. @@ -4910,79 +3328,54 @@ spec: description: LogLevel for Thanos sidecar to be configured with. type: string minTime: - description: MinTime for Thanos sidecar to be configured with. - Option can be a constant time in RFC3339 format or time duration - relative to current time, such as -1d or 2h45m. Valid duration - units are ms, s, m, h, d, w, y. + description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. type: string objectStorageConfig: - description: ObjectStorageConfig configures object storage in - Thanos. + description: ObjectStorageConfig configures object storage in Thanos. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object resources: - description: Resources defines the resource requirements for the - Thanos sidecar. If not provided, no requests/limits will be - set + description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object sha: - description: 'SHA of Thanos container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. Deprecated: use ''image'' instead. The image - digest can be specified as part of the image URL.' + description: 'SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' type: string tag: - description: 'Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. Version is ignored if Tag - is set. Deprecated: use ''image'' instead. The image tag can - be specified as part of the image URL.' + description: 'Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' type: string tracingConfig: - description: TracingConfig configures tracing in Thanos. This - is an experimental feature, it may change in any upcoming release - in a breaking way. + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -4994,77 +3387,47 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: description: If specified, the pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -5076,48 +3439,18 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology domains - of a given topology type. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 - to become 1/1/1; scheduling it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - It''s a required field. Default value is 1 and 0 is not allowed.' + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In - other words, the cluster can still be imbalanced, but scheduler - won''t make it *more* imbalanced. It''s a required field.' + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -5129,41 +3462,27 @@ spec: description: Version of Prometheus to be deployed. type: string volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified will - be appended to other VolumeMounts in the prometheus container, that - are generated as a result of StorageSpec objects. + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects. items: - description: VolumeMount describes a mounting of a Volume within - a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -5171,50 +3490,31 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' @@ -5226,35 +3526,26 @@ spec: description: The URI the data disk in the blob storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name @@ -5264,99 +3555,66 @@ spec: - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeID: - description: 'volume id used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate - this volume + description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -5364,19 +3622,11 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -5384,121 +3634,78 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). properties: driver: - description: Driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object required: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod - that should populate this volume + description: DownwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field + description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -5512,44 +3719,27 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' @@ -5557,26 +3747,19 @@ spec: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for - this volume. + description: Driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -5584,85 +3767,52 @@ spec: description: 'Optional: Extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. type: string repository: description: Repository URL @@ -5674,51 +3824,35 @@ spec: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication @@ -5727,55 +3861,38 @@ spec: description: whether support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -5783,76 +3900,56 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume @@ -5861,62 +3958,34 @@ spec: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set. + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: description: list of volume projections items: - description: Projection that may be projected along with - other supported volume types + description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: information about the configMap data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. + description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -5924,81 +3993,50 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI data - to project + description: information about the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file + description: Items is a list of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field + description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format - of the exposed resources, defaults - to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: - description: 'Required: resource to - select' + description: 'Required: resource to select' type: string required: - resource @@ -6009,43 +4047,22 @@ spec: type: array type: object secret: - description: information about the secret data to - project + description: information about the secret data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. + description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -6053,44 +4070,24 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: Path is the path relative to the - mount point of the file to project the token - into. + description: Path is the path relative to the mount point of the file to project the token into. type: string required: - path @@ -6101,143 +4098,103 @@ spec: - sources type: object quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no - group + description: Group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount - user + description: User to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already - created Quobyte volume by name. + description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: The ScaleIO Storage Pool associated with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: The name of the storage system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. type: string required: - gateway @@ -6245,28 +4202,14 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -6274,19 +4217,11 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -6294,69 +4229,46 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: Specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeName: - description: VolumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk @@ -6369,12 +4281,10 @@ spec: type: object type: array walCompression: - description: Enable compression of the write-ahead log using Snappy. - This flag is only available in versions of Prometheus >= 2.11.0. + description: Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. type: boolean web: - description: WebSpec defines the web command line flags when starting - Prometheus. + description: WebSpec defines the web command line flags when starting Prometheus. properties: pageTitle: description: The prometheus web page title @@ -6382,32 +4292,25 @@ spec: type: object type: object status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. format: int32 type: integer paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this - Prometheus deployment (their labels match the selector). + description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. + description: Total number of unavailable pods targeted by this Prometheus deployment. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this - Prometheus deployment that have the desired version spec. + description: Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. format: int32 type: integer required: diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml index 6c8404f6..cf990715 100644 --- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml @@ -20,14 +20,10 @@ spec: description: PrometheusRule defines alerting rules for a Prometheus instance properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -37,10 +33,7 @@ spec: groups: description: Content of Prometheus rule file items: - description: 'RuleGroup is a list of sequentially evaluated recording - and alerting rules. Note: PartialResponseStrategy is only used - by ThanosRuler and will be ignored by Prometheus instances. Valid - values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + description: 'RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' properties: interval: type: string diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 8c84ec93..6d946998 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -20,65 +20,50 @@ spec: description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Service selection for target discovery - by Prometheus. + description: Specification of desired Service selection for target discovery by Prometheus. properties: endpoints: description: A list of endpoints allowed as part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. + description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: The secret in the service monitor namespace that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: The secret in the service monitor namespace that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -88,79 +73,57 @@ spec: description: File to read bearer token for scraping targets. type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. + description: HonorLabels chooses the metric's labels on collisions with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. type: boolean interval: description: Interval at which metrics should be scraped type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. + description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. - Default is 'replace' + description: Action to perform based on regex matching. Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array @@ -175,56 +138,39 @@ spec: description: HTTP path to scrape for metrics. type: string port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. + description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: - description: Action to perform based on regex matching. - Default is 'replace' + description: Action to perform based on regex matching. Default is 'replace' type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: Modulus to take of the hash of the source label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator placed between concatenated source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. items: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. type: string type: object type: array @@ -238,32 +184,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. + description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: description: TLS configuration to use when scraping the endpoint properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -272,45 +211,35 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Struct containing the client cert file for the targets. properties: configMap: - description: ConfigMap containing data to use for the - targets. + description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -319,48 +248,38 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. + description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -375,12 +294,10 @@ spec: description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. + description: Selector to select which namespaces the Endpoints objects are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. type: boolean matchNames: description: List of namespace names. @@ -389,42 +306,30 @@ spec: type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. format: int64 type: integer selector: description: Selector to select Endpoints objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -436,22 +341,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. + description: TargetLabels transfers labels on the Kubernetes Service onto the target. items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. format: int64 type: integer required: diff --git a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml index 80805772..a6c61355 100644 --- a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml @@ -20,78 +20,43 @@ spec: description: ThanosRuler defines a ThanosRuler deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: 'Specification of the desired behavior of the ThanosRuler - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: affinity: description: If specified, the pod's scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. + description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. + description: A node selector term, associated with the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. + description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -101,33 +66,18 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. + description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -138,8 +88,7 @@ spec: type: array type: object weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -148,50 +97,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. + description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. + description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -201,33 +126,18 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. + description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. + description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array @@ -243,61 +153,32 @@ spec: type: object type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that - the selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -309,36 +190,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -347,52 +214,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -404,29 +245,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -434,62 +262,32 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. + description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that - the selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -501,36 +299,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -539,52 +323,26 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. + description: A label query over a set of resources, in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -596,29 +354,16 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -627,29 +372,21 @@ spec: type: object type: object alertDropLabels: - description: AlertDropLabels configure the label names which should - be dropped in ThanosRuler alerts. If `labels` field is not provided, - `thanos_ruler_replica` will be dropped in alerts by default. + description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. items: type: string type: array alertQueryUrl: - description: The external Query URL the Thanos Ruler will set in the - 'Source' field of all alerts. Maps to the '--alert.query-url' CLI - arg. + description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. type: string alertmanagersConfig: - description: Define configuration for connecting to alertmanager. Only - available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` - arg. + description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -658,76 +395,38 @@ spec: - key type: object alertmanagersUrl: - description: 'Define URLs to send alerts to Alertmanager. For Thanos - v0.10.0 and higher, AlertManagersConfig should be used instead. Note: - this field will be ignored if AlertManagersConfig is specified. - Maps to the `alertmanagers.url` arg.' + description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.' items: type: string type: array containers: - description: 'Containers allows injecting additional containers or - modifying operator generated containers. This can be used to allow - adding an authentication proxy to a ThanosRuler pod or to change - the behavior of an operator generated container. Containers described - here modify an operator generated container if they share the same - name and modifications are done via a strategic merge patch. The - current container names are: `thanos-ruler` and `config-reloader`. - Overriding containers is entirely outside the scope of what the - maintainers will support and by doing so, you accept that this behaviour - may break at any time without notice.' + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run - within a pod. + description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -736,49 +435,34 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -787,22 +471,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -813,41 +491,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -856,41 +521,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -899,16 +545,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -928,66 +570,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -996,16 +610,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1025,33 +635,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1059,47 +661,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1119,150 +705,101 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1282,256 +819,158 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -1551,117 +990,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -1669,40 +1062,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1710,32 +1090,23 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name type: object type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label - of origin for each alert and metric that is user created. The label - value will always be the namespace of the object that is being created. + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. type: string evaluationInterval: description: Interval between consecutive evaluations. type: string externalPrefix: - description: The external URL the Thanos Ruler instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Thanos Ruler is not served from root of a DNS name. + description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. type: string grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from - which Thanos Querier reads recorded rule data. Note: Currently only - the CAFile, CertFile, and KeyFile fields are supported. Maps to - the ''--grpc-server-tls-*'' CLI args.' + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' properties: ca: description: Struct containing the CA cert to use for the targets. @@ -1747,12 +1118,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -1761,24 +1130,20 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object caFile: - description: Path to the CA cert in the Prometheus container to - use for the targets. + description: Path to the CA cert in the Prometheus container to use for the targets. type: string cert: description: Struct containing the client cert file for the targets. @@ -1790,12 +1155,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key @@ -1804,46 +1167,38 @@ spec: description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object certFile: - description: Path to the client cert file in the Prometheus container - for the targets. + description: Path to the client cert file in the Prometheus container for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus container - for the targets. + description: Path to the client key file in the Prometheus container for the targets. type: string keySecret: description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -1856,80 +1211,43 @@ spec: description: Thanos container image URL. type: string imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection - into the ThanosRuler configuration from external sources. Any errors - during the execution of an initContainer will lead to a restart - of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching - is entirely outside the scope of what the maintainers will support - and by doing so, you accept that this behaviour may break at any - time without notice.' + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: - description: A single application container that you want to run - within a pod. + description: A single application container that you want to run within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the - variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. + description: List of environment variables to set in the container. Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1938,49 +1256,34 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -1989,22 +1292,16 @@ spec: - resource type: object secretKeyRef: - description: Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -2015,41 +1312,28 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps + description: EnvFromSource represents the source of a set of ConfigMaps properties: configMapRef: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined + description: Specify whether the ConfigMap must be defined type: boolean type: object prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret must be defined @@ -2058,41 +1342,22 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -2101,16 +1366,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2130,66 +1391,38 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The reason for termination is passed - to the handler. The Pod''s termination grace period countdown - begins before the PreStop hooked is executed. Regardless - of the outcome of the handler, the container will eventually - terminate within the Pod''s termination grace period. - Other management of the container blocks until the hook - completes or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following should - be specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array @@ -2198,16 +1431,12 @@ spec: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2227,33 +1456,25 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: 'TCPSocket specifies an action involving - a TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2261,47 +1482,31 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2321,150 +1526,101 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. + description: ContainerPort represents a network port in a single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2484,256 +1640,158 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object securityContext: - description: 'Security options the pod should run with. More - info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. properties: add: description: Added capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array drop: description: Removed capabilities items: - description: Capability represent POSIX capabilities - type + description: Capability represent POSIX capabilities type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. + description: Whether this container has a read-only root filesystem. Default is false. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: level: - description: Level is SELinux level label that applies - to the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies - to the container. + description: User is a SELinux user label that applies to the container. type: string type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following should be - specified. Exec specifies the action to take. + description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. + description: Custom headers to set in the request. HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes + description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name @@ -2753,117 +1811,71 @@ spec: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. + description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action involving a - TCP port. TCP hooks not yet supported TODO: implement - a realistic TCP lifecycle hook' + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' + description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. + description: volumeDevices is the list of block devices to be used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. + description: volumeDevice describes a mapping of a raw block device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. + description: devicePath is the path inside of the container that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod + description: name must match the name of a persistentVolumeClaim in the pod type: string required: - devicePath @@ -2871,40 +1883,27 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. + description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. + description: VolumeMount describes a mounting of a Volume within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. + description: Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. type: string name: description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -2912,9 +1911,7 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. type: string required: - name @@ -2923,13 +1920,10 @@ spec: labels: additionalProperties: type: string - description: Labels configure the external label pairs to ThanosRuler. - If not provided, default replica label `thanos_ruler_replica` will - be added as a label and be dropped in alerts. + description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. type: object listenLocal: - description: ListenLocal makes the Thanos ruler listen on loopback, - so that it does not bind against the Pod IP. + description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. type: boolean logFormat: description: Log format for ThanosRuler to be configured with. @@ -2946,12 +1940,10 @@ spec: description: ObjectStorageConfig configures object storage in Thanos. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -2960,53 +1952,35 @@ spec: - key type: object paused: - description: When a ThanosRuler deployment is paused, no actions except - for deletion will be performed on the underlying objects. + description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. type: boolean podMetadata: - description: PodMetadata contains Labels and Annotations gets propagated - to the thanos ruler pods. + description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to web + description: Port name used for the pods and governing service. This defaults to web type: string priorityClassName: description: Priority class assigned to the Pods type: string prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of Prometheus - rules to be excluded from enforcing of adding namespace labels. - Works only if enforcedNamespaceLabel set to true. Make sure both - ruleNamespace and ruleName are set for each pair + description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair items: - description: PrometheusRuleExcludeConfig enables users to configure - excluded PrometheusRule names and their namespaces to be ignored - while enforcing namespace label for alerts and metrics. + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. properties: ruleName: description: RuleNamespace - name of excluded rule @@ -3020,18 +1994,13 @@ spec: type: object type: array queryConfig: - description: Define configuration for connecting to thanos query instances. - If this is defined, the QueryEndpoints field will be ignored. Maps - to the `query.config` CLI argument. Only available with thanos v0.11.0 - and higher. + description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -3040,8 +2009,7 @@ spec: - key type: object queryEndpoints: - description: QueryEndpoints defines Thanos querier endpoints from - which to query metrics. Maps to the --query flag of thanos ruler. + description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. items: type: string type: array @@ -3050,60 +2018,41 @@ spec: format: int32 type: integer resources: - description: Resources defines the resource requirements for single - Pods. If not provided, no requests/limits will be set + description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object retention: - description: Time duration ThanosRuler shall retain data for. Default - is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` - (milliseconds seconds minutes hours days weeks years). + description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). type: string routePrefix: - description: The route prefix ThanosRuler registers HTTP handlers - for. This allows thanos UI to be served on a sub-path. + description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. type: string ruleNamespaceSelector: - description: Namespaces to be selected for Rules discovery. If unspecified, - only the same namespace as the ThanosRuler object is in is used. + description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3115,40 +2064,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object ruleSelector: - description: A label selector to select which PrometheusRules to mount - for alerting and recording. + description: A label selector to select which PrometheusRules to mount for alerting and recording. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector applies - to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3160,97 +2094,54 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. This defaults to the default PodSecurityContext. + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume." + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified defaults to "Always".' + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. properties: level: - description: Level is SELinux level label that applies to - the container. + description: Level is SELinux level label that applies to the container. type: string role: - description: Role is a SELinux role label that applies to - the container. + description: Role is a SELinux role label that applies to the container. type: string type: - description: Type is a SELinux type label that applies to - the container. + description: Type is a SELinux type label that applies to the container. type: string user: - description: User is a SELinux user label that applies to - the container. + description: User is a SELinux user label that applies to the container. type: string type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. items: description: Sysctl defines a kernel parameter to be set properties: @@ -3266,140 +2157,77 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use to run the Thanos Ruler Pods. + description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. type: string storage: description: Storage spec to specify how storage shall be used. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) * - An existing custom resource/object that implements data - population (Alpha) In order to use VolumeSnapshot object - types, the appropriate feature gate must be enabled - (VolumeSnapshotDataSource or AnyVolumeDataSource) If - the provisioner or an external controller can support - the specified data source, it will create a new volume - based on the contents of the specified data source. - If the specified data source is not supported, the volume - will not be created and the failure will be reported - as an event. In the future, we plan to support more - data source types and the behavior of the provisioner - may change.' + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -3412,53 +2240,35 @@ spec: - name type: object resources: - description: 'Resources represents the minimum resources - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: type: string - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: type: string - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: A label query over volumes to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3470,76 +2280,55 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. + description: VolumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array capacity: additionalProperties: type: string - description: Represents the actual resources of the underlying - volume. + description: Represents the actual resources of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails - details about state of pvc + description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: description: Last time we probed the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: Last time the condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: Human-readable message indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -3555,77 +2344,47 @@ spec: tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: description: If specified, the pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector - applies to. + description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array @@ -3637,48 +2396,18 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. It''s the maximum permitted difference - between the number of matching pods in any two topology domains - of a given topology type. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 - to become 1/1/1; scheduling it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - It''s a required field. Default value is 1 and 0 is not allowed.' + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule it It''s considered - as "Unsatisfiable" if and only if placing incoming pod on - any topology violates "MaxSkew". For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In - other words, the cluster can still be imbalanced, but scheduler - won''t make it *more* imbalanced. It''s a required field.' + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -3687,17 +2416,13 @@ spec: type: object type: array tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an - experimental feature, it may change in any upcoming release in a - breaking way. + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: The key of the secret to select from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: description: Specify whether the Secret or its key must be defined @@ -3706,50 +2431,31 @@ spec: - key type: object volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: description: 'Host Caching mode: None, Read Only, Read Write.' @@ -3761,35 +2467,26 @@ spec: description: The URI the data disk in the blob storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: the name of secret that contains Azure Storage Account Name and Key type: string shareName: description: Share Name @@ -3799,99 +2496,66 @@ spec: - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that - shares a pod's lifetime + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeID: - description: 'volume id used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate - this volume + description: ConfigMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -3899,19 +2563,11 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -3919,121 +2575,78 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). properties: driver: - description: Driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object required: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod - that should populate this volume + description: DownwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field + description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: description: 'Required: resource to select' @@ -4047,44 +2660,27 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' type: string type: object fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' type: string lun: description: 'Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: description: 'Optional: FC target worldwide names (WWNs)' @@ -4092,26 +2688,19 @@ spec: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for - this volume. + description: Driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. type: string options: additionalProperties: @@ -4119,85 +2708,52 @@ spec: description: 'Optional: Extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: UUID of the dataset. This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. type: string repository: description: Repository URL @@ -4209,51 +2765,35 @@ spec: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: description: whether support iSCSI Discovery CHAP authentication @@ -4262,55 +2802,38 @@ spec: description: whether support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: description: Target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: description: iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: CHAP Secret for iSCSI target and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -4318,76 +2841,56 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: Will force the ReadOnly setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: ID that identifies Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: description: VolumeID uniquely identifies a Portworx volume @@ -4396,62 +2899,34 @@ spec: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: Items for all in one resources secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set. + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: description: list of volume projections items: - description: Projection that may be projected along with - other supported volume types + description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: information about the configMap data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. + description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -4459,81 +2934,50 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: Specify whether the ConfigMap or its keys must be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI data - to project + description: information about the downwardAPI data to project properties: items: - description: Items is a list of DownwardAPIVolume - file + description: Items is a list of DownwardAPIVolume file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field + description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. + description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' + description: 'Container name: required for volumes, optional for env vars' type: string divisor: - description: Specifies the output format - of the exposed resources, defaults - to "1" + description: Specifies the output format of the exposed resources, defaults to "1" type: string resource: - description: 'Required: resource to - select' + description: 'Required: resource to select' type: string required: - resource @@ -4544,43 +2988,22 @@ spec: type: array type: object secret: - description: information about the secret data to - project + description: information about the secret data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. + description: Maps a string key to a path within a volume. properties: key: description: The key to project. type: string mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -4588,44 +3011,24 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or its key must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: Path is the path relative to the - mount point of the file to project the token - into. + description: Path is the path relative to the mount point of the file to project the token into. type: string required: - path @@ -4636,143 +3039,103 @@ spec: - sources type: object quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no - group + description: Group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount - user + description: User to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already - created Quobyte volume by name. + description: Volume is a string that references an already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: description: The host address of the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: The name of the ScaleIO Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: Flag to enable/disable SSL communication with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: The ScaleIO Storage Pool associated with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: The name of the storage system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. type: string required: - gateway @@ -4780,28 +3143,14 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: description: Maps a string key to a path within a volume. properties: @@ -4809,19 +3158,11 @@ spec: description: The key to project. type: string mode: - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string required: - key @@ -4829,69 +3170,46 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: Specify whether the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object volumeName: - description: VolumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: Storage Policy Based Management (SPBM) profile name. type: string volumePath: description: Path that identifies vSphere volume vmdk @@ -4905,32 +3223,25 @@ spec: type: array type: object status: - description: 'Most recent observed status of the ThanosRuler cluster. - Read-only. Not included when requesting from the apiserver, only from - the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this ThanosRuler deployment. + description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. format: int32 type: integer paused: - description: Represents whether any actions on the underlying managed - objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this - ThanosRuler deployment (their labels match the selector). + description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this ThanosRuler - deployment. + description: Total number of unavailable pods targeted by this ThanosRuler deployment. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this - ThanosRuler deployment that have the desired version spec. + description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. format: int32 type: integer required: From d748fe4d969f3c700b0698139f74bb09bb244fd9 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Fri, 4 Dec 2020 09:22:49 +0100 Subject: [PATCH 038/388] Add GKE patch --- .../kube-prometheus/kube-prometheus-gke.libsonnet | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet new file mode 100644 index 00000000..3d64c014 --- /dev/null +++ b/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet @@ -0,0 +1,13 @@ +(import './kube-prometheus-managed-cluster.libsonnet') + { + _config+:: { + prometheusAdapter+:: { + config+: { + resourceRules:: null, + }, + }, + }, + + prometheusAdapter+:: { + apiService:: null, + }, +} From ca2f2d5e61b422c89ede06101965d2c2ff8587a9 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Fri, 4 Dec 2020 10:04:43 +0100 Subject: [PATCH 039/388] jsonnet: Fix affinity order dependency --- .../kube-prometheus/kube-prometheus-anti-affinity.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet index 3916fbce..9005402e 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet @@ -29,12 +29,12 @@ }, }, - prometheus+: { + prometheus+:: { local p = self, prometheus+: { spec+: - antiaffinity('prometheus', [p.name], p.namespace), + antiaffinity('prometheus', [$._config.prometheus.name], $._config.namespace), }, }, } From d4ca837790f1fa2c96da9bb4299e8dcb09e3cf25 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 4 Dec 2020 10:10:55 +0100 Subject: [PATCH 040/388] use alertmanager-mixin instead of alerts baked in kube-prometheus --- .../alerts/alertmanager.libsonnet | 57 ------------------- .../kube-prometheus/alerts/alerts.libsonnet | 1 - jsonnet/kube-prometheus/jsonnetfile.json | 10 ++++ .../kube-prometheus/kube-prometheus.libsonnet | 3 + 4 files changed, 13 insertions(+), 58 deletions(-) delete mode 100644 jsonnet/kube-prometheus/alerts/alertmanager.libsonnet diff --git a/jsonnet/kube-prometheus/alerts/alertmanager.libsonnet b/jsonnet/kube-prometheus/alerts/alertmanager.libsonnet deleted file mode 100644 index bcabf4d9..00000000 --- a/jsonnet/kube-prometheus/alerts/alertmanager.libsonnet +++ /dev/null @@ -1,57 +0,0 @@ -{ - prometheusAlerts+:: { - groups+: [ - { - name: 'alertmanager.rules', - rules: [ - { - alert: 'AlertmanagerConfigInconsistent', - annotations: { - message: ||| - The configuration of the instances of the Alertmanager cluster `{{ $labels.namespace }}/{{ $labels.service }}` are out of sync. - {{ range printf "alertmanager_config_hash{namespace=\"%s\",service=\"%s\"}" $labels.namespace $labels.service | query }} - Configuration hash for pod {{ .Labels.pod }} is "{{ printf "%.f" .Value }}" - {{ end }} - |||, - }, - expr: ||| - count by(namespace,service) (count_values by(namespace,service) ("config_hash", alertmanager_config_hash{%(alertmanagerSelector)s})) != 1 - ||| % $._config, - 'for': '5m', - labels: { - severity: 'critical', - }, - }, - { - alert: 'AlertmanagerFailedReload', - annotations: { - message: "Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod}}.", - }, - expr: ||| - alertmanager_config_last_reload_successful{%(alertmanagerSelector)s} == 0 - ||| % $._config, - 'for': '10m', - labels: { - severity: 'warning', - }, - }, - { - alert: 'AlertmanagerMembersInconsistent', - annotations: { - message: 'Alertmanager has not found all other members of the cluster.', - }, - expr: ||| - alertmanager_cluster_members{%(alertmanagerSelector)s} - != on (service) GROUP_LEFT() - count by (service) (alertmanager_cluster_members{%(alertmanagerSelector)s}) - ||| % $._config, - 'for': '5m', - labels: { - severity: 'critical', - }, - }, - ], - }, - ], - }, -} diff --git a/jsonnet/kube-prometheus/alerts/alerts.libsonnet b/jsonnet/kube-prometheus/alerts/alerts.libsonnet index adc46130..8733ae44 100644 --- a/jsonnet/kube-prometheus/alerts/alerts.libsonnet +++ b/jsonnet/kube-prometheus/alerts/alerts.libsonnet @@ -1,3 +1,2 @@ -(import 'alertmanager.libsonnet') + (import 'general.libsonnet') + (import 'node.libsonnet') diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index b74b034d..9663febd 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -83,6 +83,16 @@ "version": "release-2.22", "name": "prometheus" }, + { + "source": { + "git": { + "remote": "https://github.com/prometheus/alertmanager", + "subdir": "doc/alertmanager-mixin" + } + }, + "version": "master", + "name": "alertmanager" + }, { "source": { "git": { diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 26943f12..dc4c4153 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -6,6 +6,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; (import './node-exporter/node-exporter.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import './alertmanager/alertmanager.libsonnet') + +(import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + (import './prometheus/prometheus.libsonnet') + @@ -160,6 +161,8 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; coreDNSSelector: 'job="kube-dns"', podLabel: 'pod', + alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', + alertmanagerClusterLabels: 'namespace,service', alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanager.name + '",namespace="' + $._config.namespace + '"', prometheusSelector: 'job="prometheus-' + $._config.prometheus.name + '",namespace="' + $._config.namespace + '"', prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', From c45a81999ebe3b209e8a8f23180296c6913004a0 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 4 Dec 2020 10:13:18 +0100 Subject: [PATCH 041/388] *: regenerate --- jsonnetfile.lock.json | 11 +++ manifests/prometheus-rules.yaml | 141 ++++++++++++++++++++++++-------- 2 files changed, 120 insertions(+), 32 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 32e23654..11593afd 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -112,6 +112,17 @@ "version": "b86ab77239f2a11ee69ad05b24122958d8b2df5b", "sum": "Zof470kQY377VxlEH5MQJUSbtViNEdLyLPv/P7fX8QQ=" }, + { + "source": { + "git": { + "remote": "https://github.com/prometheus/alertmanager.git", + "subdir": "doc/alertmanager-mixin" + } + }, + "version": "193ebba04d1e70d971047e983a0b489112610460", + "sum": "QcftU7gjCQyj7B6M4YJeCAeaPd0kwxd4J4rolo7AnLE=", + "name": "alertmanager" + }, { "source": { "git": { diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index 988ec85f..c1114918 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -1019,6 +1019,115 @@ spec: node_md_disks{state="fail"} > 0 labels: severity: warning + - name: alertmanager.rules + rules: + - alert: AlertmanagerFailedReload + annotations: + description: Configuration has failed to load for {{ $labels.namespace }}/{{ $labels.pod}}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedreload + summary: Reloading an Alertmanager configuration has failed. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"}[5m]) == 0 + for: 10m + labels: + severity: critical + - alert: AlertmanagerMembersInconsistent + annotations: + description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only found {{ $value }} members of the {{$labels.job}} cluster. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagermembersinconsistent + summary: A member of an Alertmanager cluster has not found all other cluster members. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m]) + < on (namespace,service) group_left + count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m])) + for: 10m + labels: + severity: critical + - alert: AlertmanagerFailedToSendAlerts + annotations: + description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedtosendalerts + summary: An Alertmanager instance failed to send notifications. + expr: | + ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: warning + - alert: AlertmanagerClusterFailedToSendAlerts + annotations: + description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts + summary: All Alertmanager instances in a cluster failed to send notifications. + expr: | + min by (namespace,service) ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: critical + - alert: AlertmanagerConfigInconsistent + annotations: + description: Alertmanager instances within the {{$labels.job}} cluster have different configurations. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerconfiginconsistent + summary: Alertmanager instances within the same cluster have different configurations. + expr: | + count by (namespace,service) ( + count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager-main",namespace="monitoring"}) + ) + != 1 + for: 20m + labels: + severity: critical + - alert: AlertmanagerClusterDown + annotations: + description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have been up for less than half of the last 5m.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterdown + summary: Half or more of the Alertmanager instances within the same cluster are down. + expr: | + ( + count by (namespace,service) ( + avg_over_time(up{job="alertmanager-main",namespace="monitoring"}[5m]) < 0.5 + ) + / + count by (namespace,service) ( + up{job="alertmanager-main",namespace="monitoring"} + ) + ) + >= 0.5 + for: 5m + labels: + severity: critical + - alert: AlertmanagerClusterCrashlooping + annotations: + description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have restarted at least 5 times in the last 10m.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclustercrashlooping + summary: Half or more of the Alertmanager instances within the same cluster are crashlooping. + expr: | + ( + count by (namespace,service) ( + changes(process_start_time_seconds{job="alertmanager-main",namespace="monitoring"}[10m]) > 4 + ) + / + count by (namespace,service) ( + up{job="alertmanager-main",namespace="monitoring"} + ) + ) + >= 0.5 + for: 5m + labels: + severity: critical - name: prometheus-operator rules: - alert: PrometheusOperatorListErrors @@ -1955,38 +2064,6 @@ spec: for: 15m labels: severity: warning - - name: alertmanager.rules - rules: - - alert: AlertmanagerConfigInconsistent - annotations: - message: | - The configuration of the instances of the Alertmanager cluster `{{ $labels.namespace }}/{{ $labels.service }}` are out of sync. - {{ range printf "alertmanager_config_hash{namespace=\"%s\",service=\"%s\"}" $labels.namespace $labels.service | query }} - Configuration hash for pod {{ .Labels.pod }} is "{{ printf "%.f" .Value }}" - {{ end }} - expr: | - count by(namespace,service) (count_values by(namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager-main",namespace="monitoring"})) != 1 - for: 5m - labels: - severity: critical - - alert: AlertmanagerFailedReload - annotations: - message: Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod}}. - expr: | - alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"} == 0 - for: 10m - labels: - severity: warning - - alert: AlertmanagerMembersInconsistent - annotations: - message: Alertmanager has not found all other members of the cluster. - expr: | - alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"} - != on (service) GROUP_LEFT() - count by (service) (alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}) - for: 5m - labels: - severity: critical - name: general.rules rules: - alert: TargetDown From 456b87c3f12b571822db72fcb5240760c5ee3e73 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Mon, 7 Dec 2020 11:54:25 +0100 Subject: [PATCH 042/388] jsonnet/kube-prometheus/jsonnetfile.json: Bump prometheus-operator to 0.44 --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 9663febd..3d8e6df0 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.43" + "version": "release-0.44" }, { "source": { From 6f67548eec36b48d4334fd77b10127357273d3da Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Mon, 7 Dec 2020 11:56:00 +0100 Subject: [PATCH 043/388] jsonnetfile.lock.json: Run jb update --- jsonnetfile.lock.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 11593afd..838fcdc3 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "3dd98c495e511ee7d5c0ba9b27697bd0f703b537", - "sum": "61N5W/7mcAKNQ1CS38XUsNNQbR1T7M3wCv3R7UgHcr0=" + "version": "7176a6d54b3b19e0529ce574ab5ed427f1c721e9", + "sum": "IrxVMYJrTbDliaVMXX72jUKm8Ju2Za8cAbds7d26wuY=" }, { "source": { @@ -18,7 +18,7 @@ "subdir": "Documentation/etcd-mixin" } }, - "version": "28d1af294e4394df1ed967a4ac4fbaf437be3463", + "version": "ca866c02422ff3f3d1f0876898a30c33dd7bcccf", "sum": "bLqTqEr0jky9zz5MV/7ucn6H5mph2NlXas0TVnGNB1Y=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "12bd9ba3ae568159f8e3b04dfab0ba6f8a3ae2c0", + "version": "cb8787cd974c4291ee6aa2c17f211010429da554", "sum": "mD0zEP9FVFXeag7EaeS5OvUr2A9D6DQhGemoNn6+PLc=" }, { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "7e3f51759542483f7395ea29cf2dc46ea4dbc699", - "sum": "+pR3jhdG/EZTNjy8S9TBWjMXUJLTmx7HcQC5oKzwi6k=" + "version": "d4dbc0aa59dd2c35453b53155fd4021719df5cb1", + "sum": "YKCJpap1C7G54dk6vD0BTJ9N6MmRGbooxmsHI2EQRDc=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "7e3f51759542483f7395ea29cf2dc46ea4dbc699", + "version": "d4dbc0aa59dd2c35453b53155fd4021719df5cb1", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "eba9142028841d5181ce09836fb1e0c2cf54f90c", + "version": "33db2356bf1f0a1f51ddaaeb165bce04ab5aa0df", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "56720e5bc058f42c1879f6f449f7a605e18ac0a8", + "version": "1d47c7497313e9685a8f8cbe14550f215d8c309e", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "b86ab77239f2a11ee69ad05b24122958d8b2df5b", - "sum": "Zof470kQY377VxlEH5MQJUSbtViNEdLyLPv/P7fX8QQ=" + "version": "47394a510e55d4763a7a1672d7dace9290bcd3b6", + "sum": "FQ9b6gpDjB47y5wk7QFJlORNdBYNZYVLAk8gT6kABLY=" }, { "source": { @@ -151,7 +151,7 @@ "subdir": "mixin" } }, - "version": "f6ffb89898a966d87dcc2ad4a0bc6c0db1e61a0b", + "version": "d57813b2bc9b349842e1f9a06313731b005c6e00", "sum": "OptiWUMOHFrRGTZhSfxV1RCeXZ90qsefGNTD4lDYVG0=" }, { From 9593d5c457dc4738c09133a5adc147981efafc38 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Mon, 7 Dec 2020 11:56:12 +0100 Subject: [PATCH 044/388] manifests: Regenerate --- manifests/grafana-deployment.yaml | 1 + .../prometheus-operator-serviceMonitor.yaml | 4 +- manifests/prometheus-rules.yaml | 14 - ...managerConfigCustomResourceDefinition.yaml | 1181 ++++++++++++++++- ...0alertmanagerCustomResourceDefinition.yaml | 115 +- ...r-0podmonitorCustomResourceDefinition.yaml | 2 +- ...erator-0probeCustomResourceDefinition.yaml | 2 +- ...r-0prometheusCustomResourceDefinition.yaml | 127 +- ...rometheusruleCustomResourceDefinition.yaml | 4 +- ...ervicemonitorCustomResourceDefinition.yaml | 2 +- ...-0thanosrulerCustomResourceDefinition.yaml | 107 +- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 9 +- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 16 files changed, 1466 insertions(+), 110 deletions(-) diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 221f2c32..4b58d710 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -13,6 +13,7 @@ spec: template: metadata: annotations: + checksum/grafana-dashboards: b44634653e3bb90dacd5c15f42200fae checksum/grafana-datasources: 48faab41f579fc8efde6034391496f6a labels: app: grafana diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 9bae609a..71f14bf7 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 name: prometheus-operator namespace: monitoring spec: @@ -19,4 +19,4 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index c1114918..ed5afa36 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -390,11 +390,6 @@ spec: quantile: "0.99" verb: write record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - - expr: | - sum(rate(apiserver_request_duration_seconds_sum{subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod) - / - sum(rate(apiserver_request_duration_seconds_count{subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod) - record: cluster:apiserver_request_duration_seconds:mean5m - expr: | histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) labels: @@ -571,9 +566,6 @@ spec: record: code:apiserver_request_total:increase30d - name: k8s.rules rules: - - expr: | - sum(rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m])) by (namespace) - record: namespace:container_cpu_usage_seconds_total:sum_rate - expr: | sum by (cluster, namespace, pod, container) ( rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]) @@ -605,9 +597,6 @@ spec: max by(namespace, pod, node) (kube_pod_info{node!=""}) ) record: node_namespace_pod_container:container_memory_swap - - expr: | - sum(container_memory_usage_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}) by (namespace) - record: namespace:container_memory_usage_bytes:sum - expr: | sum by (namespace) ( sum by (namespace, pod) ( @@ -716,9 +705,6 @@ spec: record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - name: node.rules rules: - - expr: | - sum(min(kube_pod_info{node!=""}) by (cluster, node)) - record: ':kube_pod_info_node_count:' - expr: | topk by(namespace, pod) (1, max by (node, namespace, pod) ( diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index 9c923d54..312288f4 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: alertmanagerconfigs.monitoring.coreos.com spec: @@ -17,7 +17,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager. + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -28,22 +28,31 @@ spec: metadata: type: object spec: + description: AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. properties: inhibitRules: + description: List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. items: + description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule properties: equal: + description: Labels that must have an equal value in the source and target alert for the inhibition to take effect. items: type: string type: array sourceMatch: + description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. items: + description: Matcher defines how to match on alert's labels. properties: name: + description: Label to match. type: string regex: + description: Whether to match on equality (false) or regular-expression (true). type: boolean value: + description: Label value to match. type: string required: - name @@ -51,13 +60,18 @@ spec: type: object type: array targetMatch: + description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. items: + description: Matcher defines how to match on alert's labels. properties: name: + description: Label to match. type: string regex: + description: Whether to match on equality (false) or regular-expression (true). type: boolean value: + description: Label value to match. type: string required: - name @@ -67,14 +81,18 @@ spec: type: object type: array receivers: + description: List of receivers. items: + description: Receiver defines one or more notification integrations. properties: - name: - type: string - opsgenieConfigs: + emailConfigs: + description: List of Email configurations. items: + description: EmailConfig configures notifications via Email. properties: - apiKey: + authIdentity: + type: string + authPassword: description: SecretKeySelector selects a key of a Secret. properties: key: @@ -89,16 +107,198 @@ spec: required: - key type: object - apiURL: + authSecret: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authUsername: + description: SMTP authentication information. type: string - description: + from: + description: The sender address. type: string - details: + headers: + description: Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. items: + description: KeyValue defines a (key, value) tuple. properties: key: + description: Key of the tuple. type: string value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host through which emails are sent. + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all items from the list. + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + apiKey: + description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + type: string + value: + description: Value of the tuple. type: string required: - key @@ -106,9 +306,10 @@ spec: type: object type: array httpConfig: + description: HTTP client configuration. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: BasicAuth for the client. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -142,7 +343,7 @@ spec: type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -157,9 +358,10 @@ spec: - key type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration parameters. + description: TLS configuration for the client. properties: ca: description: Struct containing the CA cert to use for the targets. @@ -253,51 +455,74 @@ spec: type: object type: object message: + description: Alert text limited to 130 characters. type: string note: + description: Additional alert note. type: string priority: + description: Priority level of alert. Possible values are P1, P2, P3, P4, and P5. type: string responders: + description: List of responders responsible for notifications. items: + description: OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined. properties: id: + description: ID of the responder. type: string name: + description: Name of the responder. type: string type: + description: Type of responder. type: string username: + description: Username of the responder. type: string type: object type: array sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean source: + description: Backlink to the sender of the notification. type: string tags: + description: Comma separated list of tags attached to the notifications. type: string type: object type: array - pagerDutyConfigs: + pagerdutyConfigs: + description: List of PagerDuty configurations. items: + description: PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config properties: class: + description: The class/type of the event. type: string client: + description: Client identification. type: string clientURL: + description: Backlink to the sender of notification. type: string component: + description: The part or component of the affected system that is broken. type: string description: + description: Description of the incident. type: string details: + description: Arbitrary key/value pairs that provide further detail about the incident. items: + description: KeyValue defines a (key, value) tuple. properties: key: + description: Key of the tuple. type: string value: + description: Value of the tuple. type: string required: - key @@ -305,11 +530,13 @@ spec: type: object type: array group: + description: A cluster or grouping of sources. type: string httpConfig: + description: HTTP client configuration. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: BasicAuth for the client. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -343,7 +570,7 @@ spec: type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -358,9 +585,10 @@ spec: - key type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration parameters. + description: TLS configuration for the client. properties: ca: description: Struct containing the CA cert to use for the targets. @@ -454,7 +682,7 @@ spec: type: object type: object routingKey: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -469,9 +697,10 @@ spec: - key type: object sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean serviceKey: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -486,18 +715,29 @@ spec: - key type: object severity: + description: Severity of the incident. type: string url: + description: The URL to send requests to. type: string type: object type: array - webhookConfigs: + pushoverConfigs: + description: List of Pushover configurations. items: + description: PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config properties: + expire: + description: How long your notification will continue to be retried for, unless the user acknowledges the notification. + type: string + html: + description: Whether notification message is HTML or plain text. + type: boolean httpConfig: + description: HTTP client configuration. properties: basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: BasicAuth for the client. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -531,7 +771,7 @@ spec: type: object type: object bearerTokenSecret: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -546,9 +786,693 @@ spec: - key type: object proxyURL: + description: Optional proxy URL. type: string tlsConfig: - description: SafeTLSConfig specifies safe TLS configuration parameters. + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by device clients to override the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: Your registered application’s API token, see https://pushover.net/apps + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise just the URL is shown + type: string + userKey: + description: The recipient user’s user key. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with each notification. + items: + description: SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + type: string + type: + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with each notification. + items: + description: SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + type: string + value: + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The API key to use when talking to the VictorOps API. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted problem. + type: string + required: + - routingKey + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. properties: ca: description: Struct containing the CA cert to use for the targets. @@ -642,14 +1566,17 @@ spec: type: object type: object maxAlerts: + description: Maximum number of alerts to be sent per webhook message. format: int32 type: integer sendResolved: + description: Whether or not to notify about resolved alerts. type: boolean url: + description: The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. type: string urlSecret: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -665,30 +1592,233 @@ spec: type: object type: object type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array required: - name type: object type: array route: + description: The Alertmanager route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route. properties: continue: + description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. type: boolean groupBy: + description: List of labels to group by. items: type: string type: array groupInterval: + description: How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). type: string groupWait: + description: How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). type: string matchers: + description: 'List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.' items: + description: Matcher defines how to match on alert's labels. properties: name: + description: Label to match. type: string regex: + description: Whether to match on equality (false) or regular-expression (true). type: boolean value: + description: Label value to match. type: string required: - name @@ -696,12 +1826,15 @@ spec: type: object type: array receiver: + description: Name of the receiver for this route. If present, it should be listed in the `receivers` field. The field can be omitted only for nested routes otherwise it is mandatory. type: string repeatInterval: + description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). type: string routes: + description: Child routes. items: - type: object + x-kubernetes-preserve-unknown-fields: true type: array type: object type: object diff --git a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index e567a350..22775503 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: alertmanagers.monitoring.coreos.com spec: @@ -454,6 +454,15 @@ spec: clusterAdvertiseAddress: description: 'ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918' type: string + clusterGossipInterval: + description: Interval between gossip attempts. + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + type: string configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. items: @@ -525,8 +534,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -831,12 +844,17 @@ spec: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: + default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: @@ -927,12 +945,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -1241,8 +1267,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -1547,12 +1577,17 @@ spec: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: + default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: @@ -1643,12 +1678,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -1890,7 +1933,7 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object paused: - description: If set to true all actions on the underlaying managed objects are not goint to be performed, except for delete actions. + description: If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. type: boolean podMetadata: description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. @@ -1924,12 +1967,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -2036,8 +2087,12 @@ spec: description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: + anyOf: + - type: integer + - type: string description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. @@ -2094,12 +2149,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -2153,7 +2216,11 @@ spec: type: array capacity: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: Represents the actual resources of the underlying volume. type: object conditions: @@ -2515,8 +2582,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -2535,8 +2606,12 @@ spec: description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: + anyOf: + - type: integer + - type: string description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -2843,8 +2918,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -3099,7 +3178,7 @@ spec: format: int32 type: integer paused: - description: Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 50096e73..6e3dbf7f 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: podmonitors.monitoring.coreos.com spec: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 691b1e9f..56b4dd84 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: probes.monitoring.coreos.com spec: diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index eb40f0fc..3cfc36ab 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: prometheuses.monitoring.coreos.com spec: @@ -805,8 +805,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -1111,12 +1115,17 @@ spec: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: + default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: @@ -1207,12 +1216,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -1546,8 +1563,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -1852,12 +1873,17 @@ spec: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: + default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: @@ -1948,12 +1974,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -2783,7 +2817,7 @@ spec: description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). type: string replicas: - description: Number of instances to deploy for a Prometheus deployment. + description: Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created. format: int32 type: integer resources: @@ -2791,12 +2825,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -3036,6 +3078,10 @@ spec: sha: description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' type: string + shards: + description: 'EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.' + format: int32 + type: integer storage: description: Storage spec to specify how storage shall be used. properties: @@ -3049,8 +3095,12 @@ spec: description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: + anyOf: + - type: integer + - type: string description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. @@ -3107,12 +3157,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -3166,7 +3224,11 @@ spec: type: array capacity: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: Represents the actual resources of the underlying volume. type: object conditions: @@ -3331,7 +3393,7 @@ spec: description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. type: string objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -3345,17 +3407,28 @@ spec: required: - key type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string resources: description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -3705,8 +3778,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -3725,8 +3802,12 @@ spec: description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: + anyOf: + - type: integer + - type: string description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -4033,8 +4114,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -4299,7 +4384,7 @@ spec: format: int32 type: integer paused: - description: Represents whether any actions on the underlaying managed objects are being performed. Only delete actions will be performed. + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml index cf990715..ccd8efbf 100644 --- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: prometheusrules.monitoring.coreos.com spec: @@ -17,7 +17,7 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PrometheusRule defines alerting rules for a Prometheus instance + description: PrometheusRule defines recording and alerting rules for a Prometheus instance properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 6d946998..51bd50a4 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: servicemonitors.monitoring.coreos.com spec: diff --git a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml index a6c61355..58a7b1b1 100644 --- a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 + controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: thanosrulers.monitoring.coreos.com spec: @@ -462,8 +462,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -768,12 +772,17 @@ spec: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: + default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: @@ -864,12 +873,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -1283,8 +1300,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -1589,12 +1610,17 @@ spec: description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. type: string protocol: + default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". type: string required: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: @@ -1685,12 +1711,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -1937,7 +1971,7 @@ spec: description: Define which Nodes the Pods are scheduled on. type: object objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -1951,6 +1985,9 @@ spec: required: - key type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string paused: description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. type: boolean @@ -2022,12 +2059,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -2186,8 +2231,12 @@ spec: description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: + anyOf: + - type: integer + - type: string description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object volumeClaimTemplate: description: A PVC spec to be used by the Prometheus StatefulSets. @@ -2244,12 +2293,20 @@ spec: properties: limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object @@ -2303,7 +2360,11 @@ spec: type: array capacity: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: Represents the actual resources of the underlying volume. type: object conditions: @@ -2646,8 +2707,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -2666,8 +2731,12 @@ spec: description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: + anyOf: + - type: integer + - type: string description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object fc: description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -2974,8 +3043,12 @@ spec: description: 'Container name: required for volumes, optional for env vars' type: string divisor: + anyOf: + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index 8153e807..b92e9725 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 00f305a0..3435b72d 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index d4fc4b3f..baef88e4 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 name: prometheus-operator namespace: monitoring spec: @@ -18,14 +18,13 @@ spec: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --logtostderr=true - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.43.2 - image: quay.io/prometheus-operator/prometheus-operator:v0.43.2 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.44.0 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index 37d8f504..6ff58e6a 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index cc4a1f8d..85e83a90 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -4,6 +4,6 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.43.2 + app.kubernetes.io/version: v0.44.0 name: prometheus-operator namespace: monitoring From 68b78e84c97468a67070175e5b5fe9b1b8a090c3 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Thu, 10 Dec 2020 09:42:32 +0100 Subject: [PATCH 045/388] Update prometheus-operator to v0.44.1 Signed-off-by: Simon Pasquier --- jsonnetfile.lock.json | 6 +++--- manifests/prometheus-operator-serviceMonitor.yaml | 4 ++-- manifests/setup/prometheus-operator-clusterRole.yaml | 2 +- .../setup/prometheus-operator-clusterRoleBinding.yaml | 2 +- manifests/setup/prometheus-operator-deployment.yaml | 8 ++++---- manifests/setup/prometheus-operator-service.yaml | 2 +- manifests/setup/prometheus-operator-serviceAccount.yaml | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 838fcdc3..2f0dc1c4 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "1d47c7497313e9685a8f8cbe14550f215d8c309e", + "version": "22aaf848a27f6e45702131e22a596778686068d5", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "47394a510e55d4763a7a1672d7dace9290bcd3b6", - "sum": "FQ9b6gpDjB47y5wk7QFJlORNdBYNZYVLAk8gT6kABLY=" + "version": "d8b7d3766225908d0239fd0d78258892cd0fc384", + "sum": "Nl+N/h76bzD9tZ8tx7tuNIKHwCIJ9zyOsAWplH8HvAE=" }, { "source": { diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 71f14bf7..4412f1ac 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring spec: @@ -19,4 +19,4 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index b92e9725..5d13eb90 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 3435b72d..c2e44128 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index baef88e4..2361874a 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring spec: @@ -18,13 +18,13 @@ spec: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.0 - image: quay.io/prometheus-operator/prometheus-operator:v0.44.0 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1 + image: quay.io/prometheus-operator/prometheus-operator:v0.44.1 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index 6ff58e6a..ebfd02b6 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 85e83a90..7799e114 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -4,6 +4,6 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring From 6a05efd63670f8a84a87f69c55693a9bc78836da Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 9 Dec 2020 11:37:59 +0100 Subject: [PATCH 046/388] Cut release-0.7 Signed-off-by: Damien Grisonnet --- .github/workflows/ci.yaml | 1 + README.md | 18 ++++---- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 24 +++++------ manifests/grafana-dashboardDefinitions.yaml | 8 ++-- manifests/grafana-deployment.yaml | 2 +- .../prometheus-operator-serviceMonitor.yaml | 4 +- manifests/prometheus-rules.yaml | 42 +++++++++++-------- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 8 ++-- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 13 files changed, 63 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 90400a73..68da3163 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,6 +33,7 @@ jobs: matrix: kind-image: - 'kindest/node:v1.19.0' + - 'kindest/node:v1.20.0' steps: - uses: actions/checkout@v2 - name: Start KinD diff --git a/README.md b/README.md index fb4fae3a..4b67ad11 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ This adapter is an Extension API Server and Kubernetes needs to be have this fea To try out this stack, start [minikube](https://github.com/kubernetes/minikube) with the following command: ```shell -$ minikube delete && minikube start --kubernetes-version=v1.19.0 --memory=6g --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.address=0.0.0.0 --extra-config=controller-manager.address=0.0.0.0 +$ minikube delete && minikube start --kubernetes-version=v1.20.0 --memory=6g --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.address=0.0.0.0 --extra-config=controller-manager.address=0.0.0.0 ``` The kube-prometheus stack includes a resource metrics API server, so the metrics-server addon is not necessary. Ensure the metrics-server addon is disabled on minikube: @@ -94,19 +94,19 @@ $ minikube addons disable metrics-server The following versions are supported and work as we test against these versions in their respective branches. But note that other versions might work! -| kube-prometheus stack | Kubernetes 1.14 | Kubernetes 1.15 | Kubernetes 1.16 | Kubernetes 1.17 | Kubernetes 1.18 | Kubernetes 1.19 | -|-----------------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------| -| `release-0.3` | ✔ | ✔ | ✔ | ✔ | ✗ | ✗ | -| `release-0.4` | ✗ | ✗ | ✔ (v1.16.5+) | ✔ | ✗ | ✗ | -| `release-0.5` | ✗ | ✗ | ✗ | ✗ | ✔ | ✗ | -| `release-0.6` | ✗ | ✗ | ✗ | ✗ | ✔ | ✔ | -| `HEAD` | ✗ | ✗ | ✗ | ✗ | x | ✔ | +| kube-prometheus stack | Kubernetes 1.16 | Kubernetes 1.17 | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | +|-----------------------|-----------------|-----------------|-----------------|-----------------|-----------------| +| `release-0.4` | ✔ (v1.16.5+) | ✔ | ✗ | ✗ | ✗ | +| `release-0.5` | ✗ | ✗ | ✔ | ✗ | ✗ | +| `release-0.6` | ✗ | ✗ | ✔ | ✔ | ✗ | +| `release-0.7` | ✗ | ✗ | ✗ | ✔ | ✔ | +| `HEAD` | ✗ | ✗ | ✗ | ✔ | ✔ | Note: Due to [two](https://github.com/kubernetes/kubernetes/issues/83778) [bugs](https://github.com/kubernetes/kubernetes/issues/86359) in Kubernetes v1.16.1, and prior to Kubernetes v1.16.5 the kube-prometheus release-0.4 branch only supports v1.16.5 and higher. The `extension-apiserver-authentication-reader` role in the kube-system namespace can be manually edited to include list and watch permissions in order to workaround the second issue with Kubernetes v1.16.2 through v1.16.4. ## Quickstart ->Note: For versions before Kubernetes v1.19.z refer to the [Kubernetes compatibility matrix](#kubernetes-compatibility-matrix) in order to choose a compatible branch. +>Note: For versions before Kubernetes v1.20.z refer to the [Kubernetes compatibility matrix](#kubernetes-compatibility-matrix) in order to choose a compatible branch. This project is intended to be used as a library (i.e. the intent is not for you to create your own modified copy of this repository). diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 3d8e6df0..20d65bdf 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -80,7 +80,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "release-2.22", + "version": "release-2.23", "name": "prometheus" }, { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 838fcdc3..b4af75ef 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "cb8787cd974c4291ee6aa2c17f211010429da554", - "sum": "mD0zEP9FVFXeag7EaeS5OvUr2A9D6DQhGemoNn6+PLc=" + "version": "9c3fb8096e1f80e2f3a84566566906ff187f5a8c", + "sum": "9/eJqljTTtJeq9QRjabdKWL6yD8a7VzLmGKBK3ir77k=" }, { "source": { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "d4dbc0aa59dd2c35453b53155fd4021719df5cb1", - "sum": "YKCJpap1C7G54dk6vD0BTJ9N6MmRGbooxmsHI2EQRDc=" + "version": "ead45674dba3c8712e422d99223453177aac6bf4", + "sum": "3i0NkntlBluDS1NRF+iSc2e727Alkv3ziuVjAP12/kE=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "d4dbc0aa59dd2c35453b53155fd4021719df5cb1", + "version": "ead45674dba3c8712e422d99223453177aac6bf4", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "33db2356bf1f0a1f51ddaaeb165bce04ab5aa0df", + "version": "7bdd62593c9273b5179cf3c9d2d819e9d997aaa4", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "1d47c7497313e9685a8f8cbe14550f215d8c309e", + "version": "22aaf848a27f6e45702131e22a596778686068d5", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "47394a510e55d4763a7a1672d7dace9290bcd3b6", - "sum": "FQ9b6gpDjB47y5wk7QFJlORNdBYNZYVLAk8gT6kABLY=" + "version": "d8b7d3766225908d0239fd0d78258892cd0fc384", + "sum": "Nl+N/h76bzD9tZ8tx7tuNIKHwCIJ9zyOsAWplH8HvAE=" }, { "source": { @@ -140,8 +140,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "de1c1243f4dd66fbac3e8213e9a7bd8dbc9f38b2", - "sum": "CGxvaHkP7z/gnsLB/8Imvt/AnW+9nJUnTcL+fvIAZUs=", + "version": "26d89b4b0776fe4cd5a3656dfa520f119a375273", + "sum": "1VRVMuxAEZ9vdGHFlndmG9iQzDD6AoIXrX80CDpGDaU=", "name": "prometheus" }, { @@ -151,7 +151,7 @@ "subdir": "mixin" } }, - "version": "d57813b2bc9b349842e1f9a06313731b005c6e00", + "version": "37e6ef61566c7c70793ba6d128f00c4c66cb2402", "sum": "OptiWUMOHFrRGTZhSfxV1RCeXZ90qsefGNTD4lDYVG0=" }, { diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 1247bd91..ed5c20a4 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -16657,7 +16657,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -16741,7 +16741,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -26924,7 +26924,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}\n)\n", + "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -27017,7 +27017,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n)\n", + "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 4b58d710..a0e31f77 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -13,7 +13,7 @@ spec: template: metadata: annotations: - checksum/grafana-dashboards: b44634653e3bb90dacd5c15f42200fae + checksum/grafana-dashboards: ce13f0b50d04c73fb01da858eb1fb608 checksum/grafana-datasources: 48faab41f579fc8efde6034391496f6a labels: app: grafana diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 71f14bf7..4412f1ac 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring spec: @@ -19,4 +19,4 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index ed5afa36..97409d23 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -1902,21 +1902,6 @@ spec: for: 15m labels: severity: warning - - alert: PrometheusErrorSendingAlertsToAnyAlertmanager - annotations: - description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' - summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. - expr: | - min without(alertmanager) ( - rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - * 100 - > 3 - for: 15m - labels: - severity: critical - alert: PrometheusNotConnectedToAlertmanagers annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. @@ -1951,7 +1936,15 @@ spec: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. summary: Prometheus is not ingesting samples. expr: | - rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 + ( + rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 + and + ( + sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="prometheus-k8s",namespace="monitoring"}) > 0 + or + sum without(rule_group) (prometheus_rule_group_rules{job="prometheus-k8s",namespace="monitoring"}) > 0 + ) + ) for: 10m labels: severity: warning @@ -2001,7 +1994,7 @@ spec: # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. ( max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) - - on(job, instance) group_right + - ignoring(remote_name, url) group_right max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) ) > 120 @@ -2050,6 +2043,21 @@ spec: for: 15m labels: severity: warning + - alert: PrometheusErrorSendingAlertsToAnyAlertmanager + annotations: + description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' + summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. + expr: | + min without (alertmanager) ( + rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + / + rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + * 100 + > 3 + for: 15m + labels: + severity: critical - name: general.rules rules: - alert: TargetDown diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index b92e9725..5d13eb90 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 3435b72d..c2e44128 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index baef88e4..2361874a 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring spec: @@ -18,13 +18,13 @@ spec: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.0 - image: quay.io/prometheus-operator/prometheus-operator:v0.44.0 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1 + image: quay.io/prometheus-operator/prometheus-operator:v0.44.1 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index 6ff58e6a..ebfd02b6 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 85e83a90..7799e114 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -4,6 +4,6 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.0 + app.kubernetes.io/version: v0.44.1 name: prometheus-operator namespace: monitoring From d37a2994999cc49a422d465bb6589a954fd31d39 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Fri, 11 Dec 2020 14:19:29 +0100 Subject: [PATCH 047/388] jsonnet,manifests: bump grafana to v7.3.5 Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 2 +- manifests/grafana-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index dc4c4153..3bfd4768 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -115,7 +115,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; _config+:: { namespace: 'default', - versions+:: { grafana: '7.3.4', kubeRbacProxy: 'v0.8.0' }, + versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' }, imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, tlsCipherSuites: [ diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index a0e31f77..99e17824 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -20,7 +20,7 @@ spec: spec: containers: - env: [] - image: grafana/grafana:7.3.4 + image: grafana/grafana:7.3.5 name: grafana ports: - containerPort: 3000 From 3830bc80766b550f14e79610cb0bb348c60f3f30 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 14 Dec 2020 12:39:03 +0100 Subject: [PATCH 048/388] jsonnet: add recommended k8s labels --- .../alertmanager/alertmanager.libsonnet | 29 ++++++++++++++----- .../kube-state-metrics.libsonnet | 24 +++++++++------ .../node-exporter/node-exporter.libsonnet | 2 ++ .../prometheus-adapter.libsonnet | 18 +++++++++--- .../prometheus/prometheus.libsonnet | 24 +++++++++++---- 5 files changed, 72 insertions(+), 25 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index 6c9acdae..c857344d 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -51,6 +51,17 @@ ], }, replicas: 3, + labels: { + 'app.kubernetes.io/name': 'alertmanager-' + $._config.alertmanager.name, + 'app.kubernetes.io/version': $._config.versions.alertmanager, + 'app.kubernetes.io/component': 'router', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels: { + [labelName]: $._config.alertmanager.labels[labelName] + for labelName in std.objectFields($._config.alertmanager.labels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, }, }, @@ -87,13 +98,16 @@ metadata: { name: 'alertmanager-' + $._config.alertmanager.name, namespace: $._config.namespace, - labels: { alertmanager: $._config.alertmanager.name }, + labels: { alertmanager: $._config.alertmanager.name } + $._config.alertmanager.labels, }, spec: { ports: [ { name: 'web', targetPort: 'web', port: 9093 }, ], - selector: { app: 'alertmanager', alertmanager: $._config.alertmanager.name }, + selector: { + app: 'alertmanager', + alertmanager: $._config.alertmanager.name + } + $._config.alertmanager.selectorLabels, sessionAffinity: 'ClientIP', }, }, @@ -104,15 +118,13 @@ metadata: { name: 'alertmanager', namespace: $._config.namespace, - labels: { - 'k8s-app': 'alertmanager', - }, + labels: $._config.alertmanager.labels, }, spec: { selector: { matchLabels: { alertmanager: $._config.alertmanager.name, - }, + } + $._config.alertmanager.selectorLabels, }, endpoints: [ { port: 'web', interval: '30s' }, @@ -128,12 +140,15 @@ namespace: $._config.namespace, labels: { alertmanager: $._config.alertmanager.name, - }, + } + $._config.alertmanager.labels, }, spec: { replicas: $._config.alertmanager.replicas, version: $._config.versions.alertmanager, image: $._config.imageRepos.alertmanager + ':' + $._config.versions.alertmanager, + podMetadata: { + labels: $._config.alertmanager.labels, + }, nodeSelector: { 'kubernetes.io/os': 'linux' }, serviceAccountName: 'alertmanager-' + $._config.alertmanager.name, securityContext: { diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index f3a0e0d9..4e1709dd 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -12,6 +12,17 @@ local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state- kubeStateMetrics+:: { scrapeInterval: '30s', scrapeTimeout: '30s', + labels: { + 'app.kubernetes.io/name': 'kube-state-metrics', + 'app.kubernetes.io/version': $._config.versions.kubeStateMetrics, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels: { + [labelName]: $._config.kubeStateMetrics.labels[labelName] + for labelName in std.objectFields($._config.kubeStateMetrics.labels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, }, }, kubeStateMetrics+:: @@ -21,6 +32,8 @@ local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state- namespace:: $._config.namespace, version:: $._config.versions.kubeStateMetrics, image:: $._config.imageRepos.kubeStateMetrics + ':v' + $._config.versions.kubeStateMetrics, + commonLabels:: $._config.kubeStateMetrics.labels, + podLabels:: $._config.kubeStateMetrics.selectorLabels, service+: { spec+: { ports: [ @@ -58,18 +71,11 @@ local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state- metadata: { name: 'kube-state-metrics', namespace: $._config.namespace, - labels: { - 'app.kubernetes.io/name': 'kube-state-metrics', - 'app.kubernetes.io/version': version, - }, + labels: $._config.kubeStateMetrics.labels, }, spec: { jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: { - 'app.kubernetes.io/name': 'kube-state-metrics', - }, - }, + selector: { matchLabels: $._config.kubeStateMetrics.selectorLabels }, endpoints: [ { port: 'https-main', diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index c2288ce7..44cc2edd 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -10,6 +10,8 @@ labels: { 'app.kubernetes.io/name': 'node-exporter', 'app.kubernetes.io/version': $._config.versions.nodeExporter, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', }, selectorLabels: { [labelName]: $._config.nodeExporter.labels[labelName] diff --git a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet index 5863367f..e4ba99e3 100644 --- a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet @@ -8,7 +8,17 @@ prometheusAdapter+:: { name: 'prometheus-adapter', namespace: $._config.namespace, - labels: { name: $._config.prometheusAdapter.name }, + labels: { + 'app.kubernetes.io/name': $._config.prometheusAdapter.name, + 'app.kubernetes.io/version': $._config.versions.prometheusAdapter, + 'app.kubernetes.io/component': 'metrics-adapter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels: { + [labelName]: $._config.prometheusAdapter.labels[labelName] + for labelName in std.objectFields($._config.prometheusAdapter.labels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', config: { resourceRules: { @@ -82,7 +92,7 @@ }, spec: { selector: { - matchLabels: $._config.prometheusAdapter.labels, + matchLabels: $._config.prometheusAdapter.selectorLabels, }, endpoints: [ { @@ -110,7 +120,7 @@ ports: [ { name: 'https', targetPort: 6443, port: 443 }, ], - selector: $._config.prometheusAdapter.labels, + selector: $._config.prometheusAdapter.selectorLabels, }, }, @@ -143,7 +153,7 @@ }, spec: { replicas: 1, - selector: { matchLabels: $._config.prometheusAdapter.labels }, + selector: { matchLabels: $._config.prometheusAdapter.selectorLabels }, strategy: { rollingUpdate: { maxSurge: 1, diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 1545b697..3e7e4e96 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -13,6 +13,17 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli replicas: 2, rules: {}, namespaces: ['default', 'kube-system', $._config.namespace], + labels: { + 'app.kubernetes.io/name': 'prometheus-' + $._config.prometheus.name, + 'app.kubernetes.io/version': $._config.versions.prometheus, + 'app.kubernetes.io/component': 'prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels: { + [labelName]: $._config.prometheus.labels[labelName] + for labelName in std.objectFields($._config.prometheus.labels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, }, }, @@ -41,13 +52,13 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus-' + p.name, namespace: p.namespace, - labels: { prometheus: p.name }, + labels: { prometheus: p.name } + $._config.prometheus.labels, }, spec: { ports: [ { name: 'web', targetPort: 'web', port: 9090 }, ], - selector: { app: 'prometheus', prometheus: p.name }, + selector: { app: 'prometheus', prometheus: p.name } + $._config.prometheus.selectorLabels, sessionAffinity: 'ClientIP', }, }, @@ -192,12 +203,15 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: p.name, namespace: p.namespace, - labels: { prometheus: p.name }, + labels: { prometheus: p.name } + $._config.prometheus.labels, }, spec: { replicas: p.replicas, version: $._config.versions.prometheus, image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus, + podMetadata: { + labels: $._config.prometheus.labels + }, serviceAccountName: 'prometheus-' + p.name, serviceMonitorSelector: {}, podMonitorSelector: {}, @@ -236,11 +250,11 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus', namespace: p.namespace, - labels: { 'k8s-app': 'prometheus' }, + labels: { 'k8s-app': 'prometheus' } + $._config.prometheus.labels, }, spec: { selector: { - matchLabels: { prometheus: p.name }, + matchLabels: { prometheus: p.name } + $._config.prometheus.selectorLabels, }, endpoints: [{ port: 'web', From ee553a708dbc80686e29647256198a6f381dcb76 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 16 Dec 2020 11:07:29 +0100 Subject: [PATCH 049/388] jsonnet: replace all k8s-app labels with app.kubernetes.io/name --- .../kube-prometheus-bootkube.libsonnet | 14 +++++----- .../kube-prometheus-eks.libsonnet | 10 +++---- .../kube-prometheus-kops-coredns.libsonnet | 4 +-- .../kube-prometheus-kops.libsonnet | 12 ++++---- .../kube-prometheus-kube-aws.libsonnet | 8 +++--- .../kube-prometheus-kubeadm.libsonnet | 4 +-- .../kube-prometheus-kubespray.libsonnet | 12 ++++---- .../kube-prometheus-static-etcd.libsonnet | 10 +++---- .../kube-prometheus-thanos-sidecar.libsonnet | 2 +- .../kube-prometheus-weave-net.libsonnet | 8 +++--- .../prometheus/prometheus.libsonnet | 28 +++++++++---------- 11 files changed, 56 insertions(+), 56 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet index 284544c1..8e73509d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet @@ -18,24 +18,24 @@ local service(name, namespace, labels, selector, ports) = { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] ), kubeDnsPrometheusDiscoveryService: service( 'kube-dns-prometheus-discovery', - 'kube-syste', - { 'k8s-app': 'kube-dns' }, - { 'k8s-app': 'kube-dns' }, + 'kube-system', + { 'app.kubernetes.io/name': 'kube-dns' }, + { 'app.kubernetes.io/name': 'kube-dns' }, [{ name: 'http-metrics-skydns', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] ), }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet index d4dd9652..3f6ab80d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet @@ -23,13 +23,13 @@ metadata: { name: 'aws-node', namespace: 'kube-system', - labels: { 'k8s-app': 'aws-node' }, + labels: { 'app.kubernetes.io/name': 'aws-node' }, }, spec: { ports: [ { name: 'cni-metrics-port', port: 61678, targetPort: 61678 }, ], - selector: { 'k8s-app': 'aws-node' }, + selector: { 'app.kubernetes.io/name': 'aws-node' }, clusterIP: 'None', }, }, @@ -41,14 +41,14 @@ name: 'awsekscni', namespace: $._config.namespace, labels: { - 'k8s-app': 'eks-cni', + 'app.kubernetes.io/name': 'eks-cni', }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', selector: { matchLabels: { - 'k8s-app': 'aws-node', + 'app.kubernetes.io/name': 'aws-node', }, }, namespaceSelector: { diff --git a/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet index a003fc75..749e937c 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet @@ -6,13 +6,13 @@ metadata: { name: 'kube-dns-prometheus-discovery', namespace: 'kube-system', - labels: { 'k8s-app': 'kube-dns' }, + labels: { 'app.kubernetes.io/name': 'kube-dns' }, }, spec: { ports: [ { name: 'metrics', port: 9153, targetPort: 9153 }, ], - selector: { 'k8s-app': 'kube-dns' }, + selector: { 'app.kubernetes.io/name': 'kube-dns' }, clusterIP: 'None', }, }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet index 8db8c299..5615ae20 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet @@ -18,22 +18,22 @@ local service(name, namespace, labels, selector, ports) = { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] ), kubeDnsPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-dns' }, - { 'k8s-app': 'kube-dns' }, + { 'app.kubernetes.io/name': 'kube-dns' }, + { 'app.kubernetes.io/name': 'kube-dns' }, [{ name: 'metrics', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] ), }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet index ae8d364d..04d67d00 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet @@ -18,15 +18,15 @@ local service(name, namespace, labels, selector, ports) = { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }], ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet index 543e0cea..3621c2aa 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet @@ -18,14 +18,14 @@ local service(name, namespace, labels, selector, ports) = { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, { component: 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, { component: 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), diff --git a/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet index c1e7682d..f34cab67 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet @@ -19,16 +19,16 @@ local service(name, namespace, labels, selector, ports) = { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-controller-manager' }, - { 'k8s-app': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'app.kubernetes.io/name': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'k8s-app': 'kube-scheduler' }, - { 'k8s-app': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], ), @@ -36,7 +36,7 @@ local service(name, namespace, labels, selector, ports) = { spec+: { selector+: { matchLabels: { - 'k8s-app': 'kube-scheduler', + 'app.kubernetes.io/name': 'kube-scheduler', }, }, }, @@ -46,7 +46,7 @@ local service(name, namespace, labels, selector, ports) = { spec+: { selector+: { matchLabels: { - 'k8s-app': 'kube-controller-manager', + 'app.kubernetes.io/name': 'kube-controller-manager', }, }, }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet index 2994023d..e4c3a14d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet @@ -16,7 +16,7 @@ metadata: { name: 'etcd', namespace: 'kube-system', - labels: { 'k8s-app': 'etcd' }, + labels: { 'app.kubernetes.io/name': 'etcd' }, }, spec: { ports: [ @@ -31,7 +31,7 @@ metadata: { name: 'etcd', namespace: 'kube-system', - labels: { 'k8s-app': 'etcd' }, + labels: { 'app.kubernetes.io/name': 'etcd' }, }, subsets: [{ addresses: [ @@ -50,11 +50,11 @@ name: 'etcd', namespace: 'kube-system', labels: { - 'k8s-app': 'etcd', + 'app.kubernetes.io/name': 'etcd', }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [ { port: 'metrics', @@ -72,7 +72,7 @@ ], selector: { matchLabels: { - 'k8s-app': 'etcd', + 'app.kubernetes.io/name': 'etcd', }, }, }, diff --git a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet index 0f762eb8..01620d4a 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet @@ -56,7 +56,7 @@ name: 'thanos-sidecar', namespace: p.namespace, labels: { - 'k8s-app': 'prometheus', + 'app.kubernetes.io/name': 'prometheus', }, }, spec: { diff --git a/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet index 19e7b934..0755e60c 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet @@ -6,7 +6,7 @@ metadata: { name: 'weave-net', namespace: 'kube-system', - labels: { 'k8s-app': 'weave-net' }, + labels: { 'app.kubernetes.io/name': 'weave-net' }, }, spec: { ports: [ @@ -22,12 +22,12 @@ metadata: { name: 'weave-net', labels: { - 'k8s-app': 'weave-net', + 'app.kubernetes.io/name': 'weave-net', }, namespace: 'monitoring', }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [ { port: 'weave-net-metrics', @@ -42,7 +42,7 @@ }, selector: { matchLabels: { - 'k8s-app': 'weave-net', + 'app.kubernetes.io/name': 'weave-net', }, }, }, diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 3e7e4e96..1a666e1d 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -250,7 +250,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus', namespace: p.namespace, - labels: { 'k8s-app': 'prometheus' } + $._config.prometheus.labels, + labels: $._config.prometheus.labels, }, spec: { selector: { @@ -269,10 +269,10 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'kube-scheduler', namespace: p.namespace, - labels: { 'k8s-app': 'kube-scheduler' }, + labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [{ port: 'https-metrics', interval: '30s', @@ -281,7 +281,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli tlsConfig: { insecureSkipVerify: true }, }], selector: { - matchLabels: { 'k8s-app': 'kube-scheduler' }, + matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, }, namespaceSelector: { matchNames: ['kube-system'], @@ -295,10 +295,10 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'kubelet', namespace: p.namespace, - labels: { 'k8s-app': 'kubelet' }, + labels: { 'app.kubernetes.io/name': 'kubelet' }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [ { port: 'https-metrics', @@ -353,7 +353,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli }, ], selector: { - matchLabels: { 'k8s-app': 'kubelet' }, + matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, }, namespaceSelector: { matchNames: ['kube-system'], @@ -367,10 +367,10 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'kube-controller-manager', namespace: p.namespace, - labels: { 'k8s-app': 'kube-controller-manager' }, + labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [{ port: 'https-metrics', interval: '30s', @@ -388,7 +388,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli ], }], selector: { - matchLabels: { 'k8s-app': 'kube-controller-manager' }, + matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, }, namespaceSelector: { matchNames: ['kube-system'], @@ -402,7 +402,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'kube-apiserver', namespace: p.namespace, - labels: { 'k8s-app': 'apiserver' }, + labels: { 'app.kubernetes.io/name': 'apiserver' }, }, spec: { jobLabel: 'component', @@ -456,12 +456,12 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'coredns', namespace: p.namespace, - labels: { 'k8s-app': 'coredns' }, + labels: { 'app.kubernetes.io/name': 'coredns' }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', selector: { - matchLabels: { 'k8s-app': 'kube-dns' }, + matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, }, namespaceSelector: { matchNames: ['kube-system'], From af0465fd79d33d8f8cd672e616f09f9a01063d75 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 16 Dec 2020 11:10:15 +0100 Subject: [PATCH 050/388] manifests: regenerate --- manifests/alertmanager-alertmanager.yaml | 10 ++++++++++ manifests/alertmanager-service.yaml | 7 +++++++ manifests/alertmanager-serviceMonitor.yaml | 8 +++++++- manifests/kube-state-metrics-clusterRole.yaml | 4 +++- manifests/kube-state-metrics-clusterRoleBinding.yaml | 4 +++- manifests/kube-state-metrics-deployment.yaml | 10 ++++++++-- manifests/kube-state-metrics-service.yaml | 6 +++++- manifests/kube-state-metrics-serviceAccount.yaml | 4 +++- manifests/kube-state-metrics-serviceMonitor.yaml | 4 ++++ manifests/node-exporter-daemonset.yaml | 6 ++++++ manifests/node-exporter-service.yaml | 4 ++++ manifests/node-exporter-serviceMonitor.yaml | 4 ++++ manifests/prometheus-adapter-deployment.yaml | 9 +++++++-- manifests/prometheus-adapter-service.yaml | 9 +++++++-- manifests/prometheus-adapter-serviceMonitor.yaml | 9 +++++++-- manifests/prometheus-prometheus.yaml | 10 ++++++++++ manifests/prometheus-service.yaml | 7 +++++++ manifests/prometheus-serviceMonitor.yaml | 8 +++++++- manifests/prometheus-serviceMonitorApiserver.yaml | 2 +- manifests/prometheus-serviceMonitorCoreDNS.yaml | 6 +++--- ...prometheus-serviceMonitorKubeControllerManager.yaml | 6 +++--- manifests/prometheus-serviceMonitorKubeScheduler.yaml | 6 +++--- manifests/prometheus-serviceMonitorKubelet.yaml | 6 +++--- 23 files changed, 122 insertions(+), 27 deletions(-) diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml index 55b353a8..f873dcc0 100644 --- a/manifests/alertmanager-alertmanager.yaml +++ b/manifests/alertmanager-alertmanager.yaml @@ -3,12 +3,22 @@ kind: Alertmanager metadata: labels: alertmanager: main + app.kubernetes.io/component: router + app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.21.0 name: main namespace: monitoring spec: image: quay.io/prometheus/alertmanager:v0.21.0 nodeSelector: kubernetes.io/os: linux + podMetadata: + labels: + app.kubernetes.io/component: router + app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.21.0 replicas: 3 securityContext: fsGroup: 2000 diff --git a/manifests/alertmanager-service.yaml b/manifests/alertmanager-service.yaml index df4c9ff5..19125e9e 100644 --- a/manifests/alertmanager-service.yaml +++ b/manifests/alertmanager-service.yaml @@ -3,6 +3,10 @@ kind: Service metadata: labels: alertmanager: main + app.kubernetes.io/component: router + app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.21.0 name: alertmanager-main namespace: monitoring spec: @@ -13,4 +17,7 @@ spec: selector: alertmanager: main app: alertmanager + app.kubernetes.io/component: router + app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/part-of: kube-prometheus sessionAffinity: ClientIP diff --git a/manifests/alertmanager-serviceMonitor.yaml b/manifests/alertmanager-serviceMonitor.yaml index 548af0d6..ead16269 100644 --- a/manifests/alertmanager-serviceMonitor.yaml +++ b/manifests/alertmanager-serviceMonitor.yaml @@ -2,7 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: alertmanager + app.kubernetes.io/component: router + app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.21.0 name: alertmanager namespace: monitoring spec: @@ -12,3 +15,6 @@ spec: selector: matchLabels: alertmanager: main + app.kubernetes.io/component: router + app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index c04db290..0f0502d2 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -2,8 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 name: kube-state-metrics rules: - apiGroups: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index c8f9434d..f8e8ad8e 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -2,8 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 9bda5c69..ab50e622 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -2,20 +2,26 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 name: kube-state-metrics namespace: monitoring spec: replicas: 1 selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus template: metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 spec: containers: - args: diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index d734a19b..28abe2b6 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 name: kube-state-metrics namespace: monitoring spec: @@ -16,4 +18,6 @@ spec: port: 9443 targetPort: https-self selector: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index c23b36c1..b1ffdc70 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -2,7 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics - app.kubernetes.io/version: v1.9.7 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index b860f4c3..85b30116 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -2,7 +2,9 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 1.9.7 name: kube-state-metrics namespace: monitoring @@ -28,4 +30,6 @@ spec: jobLabel: app.kubernetes.io/name selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 9a6f163d..936aa737 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -2,18 +2,24 @@ apiVersion: apps/v1 kind: DaemonSet metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v1.0.1 name: node-exporter namespace: monitoring spec: selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus template: metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v1.0.1 spec: containers: diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index cb966601..4423c3e8 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -2,7 +2,9 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v1.0.1 name: node-exporter namespace: monitoring @@ -13,4 +15,6 @@ spec: port: 9100 targetPort: https selector: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index 8e5a97c9..65432fd6 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -2,7 +2,9 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v1.0.1 name: node-exporter namespace: monitoring @@ -24,4 +26,6 @@ spec: jobLabel: app.kubernetes.io/name selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index bb85e251..53f1ee1d 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -7,7 +7,9 @@ spec: replicas: 1 selector: matchLabels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus strategy: rollingUpdate: maxSurge: 1 @@ -15,7 +17,10 @@ spec: template: metadata: labels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 spec: containers: - args: diff --git a/manifests/prometheus-adapter-service.yaml b/manifests/prometheus-adapter-service.yaml index e786e01c..41b18f00 100644 --- a/manifests/prometheus-adapter-service.yaml +++ b/manifests/prometheus-adapter-service.yaml @@ -2,7 +2,10 @@ apiVersion: v1 kind: Service metadata: labels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: prometheus-adapter namespace: monitoring spec: @@ -11,4 +14,6 @@ spec: port: 443 targetPort: 6443 selector: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/prometheus-adapter-serviceMonitor.yaml b/manifests/prometheus-adapter-serviceMonitor.yaml index 91a8d51a..3291e49d 100644 --- a/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/manifests/prometheus-adapter-serviceMonitor.yaml @@ -2,7 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: prometheus-adapter namespace: monitoring spec: @@ -15,4 +18,6 @@ spec: insecureSkipVerify: true selector: matchLabels: - name: prometheus-adapter + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index e50cc9bf..0548a955 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -2,6 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 prometheus: k8s name: k8s namespace: monitoring @@ -14,6 +18,12 @@ spec: image: quay.io/prometheus/prometheus:v2.22.1 nodeSelector: kubernetes.io/os: linux + podMetadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 4f61e88a..b2e6dcf4 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -2,6 +2,10 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 prometheus: k8s name: prometheus-k8s namespace: monitoring @@ -12,5 +16,8 @@ spec: targetPort: web selector: app: prometheus + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/part-of: kube-prometheus prometheus: k8s sessionAffinity: ClientIP diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index b7605dbe..c8a74e96 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -2,7 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: prometheus + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus namespace: monitoring spec: @@ -11,4 +14,7 @@ spec: port: web selector: matchLabels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/part-of: kube-prometheus prometheus: k8s diff --git a/manifests/prometheus-serviceMonitorApiserver.yaml b/manifests/prometheus-serviceMonitorApiserver.yaml index 1ff61fe9..cc6f079c 100644 --- a/manifests/prometheus-serviceMonitorApiserver.yaml +++ b/manifests/prometheus-serviceMonitorApiserver.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: apiserver + app.kubernetes.io/name: apiserver name: kube-apiserver namespace: monitoring spec: diff --git a/manifests/prometheus-serviceMonitorCoreDNS.yaml b/manifests/prometheus-serviceMonitorCoreDNS.yaml index 633aa18c..c4b37433 100644 --- a/manifests/prometheus-serviceMonitorCoreDNS.yaml +++ b/manifests/prometheus-serviceMonitorCoreDNS.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: coredns + app.kubernetes.io/name: coredns name: coredns namespace: monitoring spec: @@ -10,10 +10,10 @@ spec: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token interval: 15s port: metrics - jobLabel: k8s-app + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - kube-system selector: matchLabels: - k8s-app: kube-dns + app.kubernetes.io/name: kube-dns diff --git a/manifests/prometheus-serviceMonitorKubeControllerManager.yaml b/manifests/prometheus-serviceMonitorKubeControllerManager.yaml index 0f23d84d..fd9eddbf 100644 --- a/manifests/prometheus-serviceMonitorKubeControllerManager.yaml +++ b/manifests/prometheus-serviceMonitorKubeControllerManager.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: kube-controller-manager + app.kubernetes.io/name: kube-controller-manager name: kube-controller-manager namespace: monitoring spec: @@ -50,10 +50,10 @@ spec: scheme: https tlsConfig: insecureSkipVerify: true - jobLabel: k8s-app + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - kube-system selector: matchLabels: - k8s-app: kube-controller-manager + app.kubernetes.io/name: kube-controller-manager diff --git a/manifests/prometheus-serviceMonitorKubeScheduler.yaml b/manifests/prometheus-serviceMonitorKubeScheduler.yaml index 8073eaca..ca30352e 100644 --- a/manifests/prometheus-serviceMonitorKubeScheduler.yaml +++ b/manifests/prometheus-serviceMonitorKubeScheduler.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: kube-scheduler + app.kubernetes.io/name: kube-scheduler name: kube-scheduler namespace: monitoring spec: @@ -13,10 +13,10 @@ spec: scheme: https tlsConfig: insecureSkipVerify: true - jobLabel: k8s-app + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - kube-system selector: matchLabels: - k8s-app: kube-scheduler + app.kubernetes.io/name: kube-scheduler diff --git a/manifests/prometheus-serviceMonitorKubelet.yaml b/manifests/prometheus-serviceMonitorKubelet.yaml index 7db47ef0..dc329395 100644 --- a/manifests/prometheus-serviceMonitorKubelet.yaml +++ b/manifests/prometheus-serviceMonitorKubelet.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - k8s-app: kubelet + app.kubernetes.io/name: kubelet name: kubelet namespace: monitoring spec: @@ -81,10 +81,10 @@ spec: scheme: https tlsConfig: insecureSkipVerify: true - jobLabel: k8s-app + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - kube-system selector: matchLabels: - k8s-app: kubelet + app.kubernetes.io/name: kubelet From 723ac0fd271eb089f31bf5aa91378cf4a1af54b6 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 18 Dec 2020 11:04:57 +0100 Subject: [PATCH 051/388] jsonnet: add missing labels Signed-off-by: paulfantom --- .../alertmanager/alertmanager.libsonnet | 8 ++++--- .../kube-prometheus/kube-prometheus.libsonnet | 12 ++++++++++- .../node-exporter/node-exporter.libsonnet | 3 +++ .../prometheus-adapter.libsonnet | 13 ++++++++++-- .../prometheus/prometheus.libsonnet | 21 ++++++++++++++----- 5 files changed, 46 insertions(+), 11 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index c857344d..af9bf854 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -52,9 +52,9 @@ }, replicas: 3, labels: { - 'app.kubernetes.io/name': 'alertmanager-' + $._config.alertmanager.name, + 'app.kubernetes.io/name': 'alertmanager', 'app.kubernetes.io/version': $._config.versions.alertmanager, - 'app.kubernetes.io/component': 'router', + 'app.kubernetes.io/component': 'alert-router', 'app.kubernetes.io/part-of': 'kube-prometheus', }, selectorLabels: { @@ -73,6 +73,7 @@ metadata: { name: 'alertmanager-' + $._config.alertmanager.name, namespace: $._config.namespace, + labels: { alertmanager: $._config.alertmanager.name } + $._config.alertmanager.labels, }, stringData: { 'alertmanager.yaml': if std.type($._config.alertmanager.config) == 'object' @@ -89,6 +90,7 @@ metadata: { name: 'alertmanager-' + $._config.alertmanager.name, namespace: $._config.namespace, + labels: { alertmanager: $._config.alertmanager.name } + $._config.alertmanager.labels, }, }, @@ -106,7 +108,7 @@ ], selector: { app: 'alertmanager', - alertmanager: $._config.alertmanager.name + alertmanager: $._config.alertmanager.name, } + $._config.alertmanager.selectorLabels, sessionAffinity: 'ClientIP', }, diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 3bfd4768..d80feac5 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -86,6 +86,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; grafana+:: { local dashboardDefinitions = super.dashboardDefinitions, + dashboardDefinitions: { apiVersion: 'v1', kind: 'ConfigMapList', @@ -97,6 +98,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; metadata: { name: 'grafana', namespace: $._config.namespace, + labels: $._config.grafana.labels, }, spec: { selector: { @@ -200,6 +202,14 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; }, }, prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, - grafana+:: { dashboards: $.grafanaDashboards }, + grafana+:: { + labels: { + 'app.kubernetes.io/name': 'grafana', + 'app.kubernetes.io/version': $._config.versions.grafana, + 'app.kubernetes.io/component': 'grafana', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + dashboards: $.grafanaDashboards, + }, }, } diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 44cc2edd..fd2510f6 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -27,6 +27,7 @@ kind: 'ClusterRoleBinding', metadata: { name: 'node-exporter', + labels: $._config.nodeExporter.labels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -45,6 +46,7 @@ kind: 'ClusterRole', metadata: { name: 'node-exporter', + labels: $._config.nodeExporter.labels, }, rules: [ { @@ -157,6 +159,7 @@ metadata: { name: 'node-exporter', namespace: $._config.namespace, + labels: $._config.nodeExporter.labels, }, }, diff --git a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet index e4ba99e3..55950bf0 100644 --- a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet @@ -9,7 +9,7 @@ name: 'prometheus-adapter', namespace: $._config.namespace, labels: { - 'app.kubernetes.io/name': $._config.prometheusAdapter.name, + 'app.kubernetes.io/name': 'prometheus-adapter', 'app.kubernetes.io/version': $._config.versions.prometheusAdapter, 'app.kubernetes.io/component': 'metrics-adapter', 'app.kubernetes.io/part-of': 'kube-prometheus', @@ -58,6 +58,7 @@ kind: 'APIService', metadata: { name: 'v1beta1.metrics.k8s.io', + labels: $._config.prometheusAdapter.labels, }, spec: { service: { @@ -78,6 +79,7 @@ metadata: { name: 'adapter-config', namespace: $._config.prometheusAdapter.namespace, + labels: $._config.prometheusAdapter.labels, }, data: { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) }, }, @@ -150,6 +152,7 @@ metadata: { name: $._config.prometheusAdapter.name, namespace: $._config.prometheusAdapter.namespace, + labels: $._config.prometheusAdapter.labels, }, spec: { replicas: 1, @@ -182,6 +185,7 @@ metadata: { name: $._config.prometheusAdapter.name, namespace: $._config.prometheusAdapter.namespace, + labels: $._config.prometheusAdapter.labels, }, }, @@ -190,6 +194,7 @@ kind: 'ClusterRole', metadata: { name: $._config.prometheusAdapter.name, + labels: $._config.prometheusAdapter.labels, }, rules: [{ apiGroups: [''], @@ -203,6 +208,7 @@ kind: 'ClusterRoleBinding', metadata: { name: $._config.prometheusAdapter.name, + labels: $._config.prometheusAdapter.labels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -221,6 +227,7 @@ kind: 'ClusterRoleBinding', metadata: { name: 'resource-metrics:system:auth-delegator', + labels: $._config.prometheusAdapter.labels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -239,6 +246,7 @@ kind: 'ClusterRole', metadata: { name: 'resource-metrics-server-resources', + labels: $._config.prometheusAdapter.labels, }, rules: [{ apiGroups: ['metrics.k8s.io'], @@ -256,7 +264,7 @@ 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', 'rbac.authorization.k8s.io/aggregate-to-view': 'true', - }, + } + $._config.prometheusAdapter.labels, }, rules: [{ apiGroups: ['metrics.k8s.io'], @@ -271,6 +279,7 @@ metadata: { name: 'resource-metrics-auth-reader', namespace: 'kube-system', + labels: $._config.prometheusAdapter.labels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 1a666e1d..7f8a2c35 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -14,7 +14,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli rules: {}, namespaces: ['default', 'kube-system', $._config.namespace], labels: { - 'app.kubernetes.io/name': 'prometheus-' + $._config.prometheus.name, + 'app.kubernetes.io/name': 'prometheus', 'app.kubernetes.io/version': $._config.versions.prometheus, 'app.kubernetes.io/component': 'prometheus', 'app.kubernetes.io/part-of': 'kube-prometheus', @@ -43,6 +43,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus-' + p.name, namespace: p.namespace, + labels: $._config.prometheus.labels, }, }, @@ -70,7 +71,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli labels: { prometheus: p.name, role: 'alert-rules', - }, + } + $._config.prometheus.labels, name: 'prometheus-' + p.name + '-rules', namespace: p.namespace, }, @@ -86,6 +87,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus-' + p.name, namespace: namespace, + labels: $._config.prometheus.labels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -107,7 +109,10 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli clusterRole: { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', - metadata: { name: 'prometheus-' + p.name }, + metadata: { + name: 'prometheus-' + p.name, + labels: $._config.prometheus.labels, + }, rules: [ { apiGroups: [''], @@ -127,6 +132,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus-' + p.name + '-config', namespace: p.namespace, + labels: $._config.prometheus.labels, }, rules: [{ apiGroups: [''], @@ -141,6 +147,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus-' + p.name + '-config', namespace: p.namespace, + labels: $._config.prometheus.labels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -157,7 +164,10 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli clusterRoleBinding: { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRoleBinding', - metadata: { name: 'prometheus-' + p.name }, + metadata: { + name: 'prometheus-' + p.name, + labels: $._config.prometheus.labels, + }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', @@ -177,6 +187,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli metadata: { name: 'prometheus-' + p.name, namespace: namespace, + labels: $._config.prometheus.labels, }, rules: [ { @@ -210,7 +221,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli version: $._config.versions.prometheus, image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus, podMetadata: { - labels: $._config.prometheus.labels + labels: $._config.prometheus.labels, }, serviceAccountName: 'prometheus-' + p.name, serviceMonitorSelector: {}, From f36b68458db8b8e4f95bc7d01430dcdc78b5e9cc Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 18 Dec 2020 11:32:12 +0100 Subject: [PATCH 052/388] manifests: regenerate --- manifests/alertmanager-alertmanager.yaml | 8 ++++---- manifests/alertmanager-secret.yaml | 6 ++++++ manifests/alertmanager-service.yaml | 8 ++++---- manifests/alertmanager-serviceAccount.yaml | 6 ++++++ manifests/alertmanager-serviceMonitor.yaml | 8 ++++---- manifests/grafana-serviceMonitor.yaml | 5 +++++ manifests/node-exporter-clusterRole.yaml | 5 +++++ manifests/node-exporter-clusterRoleBinding.yaml | 5 +++++ manifests/node-exporter-serviceAccount.yaml | 5 +++++ manifests/prometheus-adapter-apiService.yaml | 5 +++++ manifests/prometheus-adapter-clusterRole.yaml | 5 +++++ ...dapter-clusterRoleAggregatedMetricsReader.yaml | 4 ++++ .../prometheus-adapter-clusterRoleBinding.yaml | 5 +++++ ...theus-adapter-clusterRoleBindingDelegator.yaml | 5 +++++ ...etheus-adapter-clusterRoleServerResources.yaml | 5 +++++ manifests/prometheus-adapter-configMap.yaml | 5 +++++ manifests/prometheus-adapter-deployment.yaml | 5 +++++ .../prometheus-adapter-roleBindingAuthReader.yaml | 5 +++++ manifests/prometheus-adapter-serviceAccount.yaml | 5 +++++ manifests/prometheus-clusterRole.yaml | 5 +++++ manifests/prometheus-clusterRoleBinding.yaml | 5 +++++ manifests/prometheus-prometheus.yaml | 4 ++-- manifests/prometheus-roleBindingConfig.yaml | 5 +++++ .../prometheus-roleBindingSpecificNamespaces.yaml | 15 +++++++++++++++ manifests/prometheus-roleConfig.yaml | 5 +++++ manifests/prometheus-roleSpecificNamespaces.yaml | 15 +++++++++++++++ manifests/prometheus-rules.yaml | 4 ++++ manifests/prometheus-service.yaml | 4 ++-- manifests/prometheus-serviceAccount.yaml | 5 +++++ manifests/prometheus-serviceMonitor.yaml | 4 ++-- 30 files changed, 158 insertions(+), 18 deletions(-) diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml index f873dcc0..be597495 100644 --- a/manifests/alertmanager-alertmanager.yaml +++ b/manifests/alertmanager-alertmanager.yaml @@ -3,8 +3,8 @@ kind: Alertmanager metadata: labels: alertmanager: main - app.kubernetes.io/component: router - app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v0.21.0 name: main @@ -15,8 +15,8 @@ spec: kubernetes.io/os: linux podMetadata: labels: - app.kubernetes.io/component: router - app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v0.21.0 replicas: 3 diff --git a/manifests/alertmanager-secret.yaml b/manifests/alertmanager-secret.yaml index 20c205fb..9868057f 100644 --- a/manifests/alertmanager-secret.yaml +++ b/manifests/alertmanager-secret.yaml @@ -1,6 +1,12 @@ apiVersion: v1 kind: Secret metadata: + labels: + alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.21.0 name: alertmanager-main namespace: monitoring stringData: diff --git a/manifests/alertmanager-service.yaml b/manifests/alertmanager-service.yaml index 19125e9e..f6cd073a 100644 --- a/manifests/alertmanager-service.yaml +++ b/manifests/alertmanager-service.yaml @@ -3,8 +3,8 @@ kind: Service metadata: labels: alertmanager: main - app.kubernetes.io/component: router - app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v0.21.0 name: alertmanager-main @@ -17,7 +17,7 @@ spec: selector: alertmanager: main app: alertmanager - app.kubernetes.io/component: router - app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus sessionAffinity: ClientIP diff --git a/manifests/alertmanager-serviceAccount.yaml b/manifests/alertmanager-serviceAccount.yaml index 5c06d5e4..4403e398 100644 --- a/manifests/alertmanager-serviceAccount.yaml +++ b/manifests/alertmanager-serviceAccount.yaml @@ -1,5 +1,11 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.21.0 name: alertmanager-main namespace: monitoring diff --git a/manifests/alertmanager-serviceMonitor.yaml b/manifests/alertmanager-serviceMonitor.yaml index ead16269..f6f22d86 100644 --- a/manifests/alertmanager-serviceMonitor.yaml +++ b/manifests/alertmanager-serviceMonitor.yaml @@ -2,8 +2,8 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: - app.kubernetes.io/component: router - app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v0.21.0 name: alertmanager @@ -15,6 +15,6 @@ spec: selector: matchLabels: alertmanager: main - app.kubernetes.io/component: router - app.kubernetes.io/name: alertmanager-main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 7ede266a..9931c1ca 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -1,6 +1,11 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana namespace: monitoring spec: diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index ad783ae9..7d5bf044 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v1.0.1 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index a5a20508..3c8d4072 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v1.0.1 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index 8a03ac16..daad7d2f 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -1,5 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v1.0.1 name: node-exporter namespace: monitoring diff --git a/manifests/prometheus-adapter-apiService.yaml b/manifests/prometheus-adapter-apiService.yaml index a215efe4..f38c7c6d 100644 --- a/manifests/prometheus-adapter-apiService.yaml +++ b/manifests/prometheus-adapter-apiService.yaml @@ -1,6 +1,11 @@ apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io diff --git a/manifests/prometheus-adapter-clusterRole.yaml b/manifests/prometheus-adapter-clusterRole.yaml index a02d2bb0..6fe766d7 100644 --- a/manifests/prometheus-adapter-clusterRole.yaml +++ b/manifests/prometheus-adapter-clusterRole.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: prometheus-adapter rules: - apiGroups: diff --git a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml index 9f0dbb34..bee640bc 100644 --- a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml +++ b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml @@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" diff --git a/manifests/prometheus-adapter-clusterRoleBinding.yaml b/manifests/prometheus-adapter-clusterRoleBinding.yaml index 7e8f3da9..b524518c 100644 --- a/manifests/prometheus-adapter-clusterRoleBinding.yaml +++ b/manifests/prometheus-adapter-clusterRoleBinding.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: prometheus-adapter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml index 4295b50f..5e1c035b 100644 --- a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml +++ b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: resource-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleServerResources.yaml b/manifests/prometheus-adapter-clusterRoleServerResources.yaml index fcb914c3..8dea200e 100644 --- a/manifests/prometheus-adapter-clusterRoleServerResources.yaml +++ b/manifests/prometheus-adapter-clusterRoleServerResources.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: resource-metrics-server-resources rules: - apiGroups: diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index b2bde3cd..f82a202f 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -29,5 +29,10 @@ data: "window": "5m" kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: adapter-config namespace: monitoring diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index 53f1ee1d..1ed60da5 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -1,6 +1,11 @@ apiVersion: apps/v1 kind: Deployment metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-roleBindingAuthReader.yaml b/manifests/prometheus-adapter-roleBindingAuthReader.yaml index 48c8f325..b63c74db 100644 --- a/manifests/prometheus-adapter-roleBindingAuthReader.yaml +++ b/manifests/prometheus-adapter-roleBindingAuthReader.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: resource-metrics-auth-reader namespace: kube-system roleRef: diff --git a/manifests/prometheus-adapter-serviceAccount.yaml b/manifests/prometheus-adapter-serviceAccount.yaml index d7e70503..bce326b9 100644 --- a/manifests/prometheus-adapter-serviceAccount.yaml +++ b/manifests/prometheus-adapter-serviceAccount.yaml @@ -1,5 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v0.8.2 name: prometheus-adapter namespace: monitoring diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index d5c45983..b5f08060 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index 554bb6f8..a52cf1e8 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 0548a955..2b7dd140 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -3,7 +3,7 @@ kind: Prometheus metadata: labels: app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v2.22.1 prometheus: k8s @@ -21,7 +21,7 @@ spec: podMetadata: labels: app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v2.22.1 podMonitorNamespaceSelector: {} diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index ec0129db..feaf95e5 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index c7527f6a..ed2ac384 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -3,6 +3,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: default roleRef: @@ -16,6 +21,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: kube-system roleRef: @@ -29,6 +39,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index 5f1cd043..2b94cc72 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -1,6 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index 689baa93..b7c962c0 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -3,6 +3,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: default rules: @@ -27,6 +32,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: kube-system rules: @@ -51,6 +61,11 @@ items: - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index 97409d23..cd9c2019 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -2,6 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 prometheus: k8s role: alert-rules name: prometheus-k8s-rules diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index b2e6dcf4..ff66c892 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: labels: app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v2.22.1 prometheus: k8s @@ -17,7 +17,7 @@ spec: selector: app: prometheus app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus prometheus: k8s sessionAffinity: ClientIP diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index 3e55fad6..a4157e78 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -1,5 +1,10 @@ apiVersion: v1 kind: ServiceAccount metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: v2.22.1 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index c8a74e96..38622d37 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -3,7 +3,7 @@ kind: ServiceMonitor metadata: labels: app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: v2.22.1 name: prometheus @@ -15,6 +15,6 @@ spec: selector: matchLabels: app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus-k8s + app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus prometheus: k8s From 41e3f7d03fef494634cff3e205eeea7af6dd464b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 18 Dec 2020 14:17:07 +0100 Subject: [PATCH 053/388] node-exporter: do not mount /proc as it is covered by hostPID --- jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet | 3 --- 1 file changed, 3 deletions(-) diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 44cc2edd..07df2400 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -66,7 +66,6 @@ image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter, args: [ '--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]), - '--path.procfs=/host/proc', '--path.sysfs=/host/sys', '--path.rootfs=/host/root', '--no-collector.wifi', @@ -74,7 +73,6 @@ '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', ], volumeMounts: [ - { name: 'proc', mountPath: '/host/proc', mountPropagation: 'HostToContainer', readOnly: true }, { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, ], @@ -135,7 +133,6 @@ }], containers: [nodeExporter, proxy], volumes: [ - { name: 'proc', hostPath: { path: '/proc' } }, { name: 'sys', hostPath: { path: '/sys' } }, { name: 'root', hostPath: { path: '/' } }, ], From 4f306fc3ff7fbaa06626e085d85aac605561022e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 18 Dec 2020 14:18:02 +0100 Subject: [PATCH 054/388] manifests: regenerate --- manifests/node-exporter-daemonset.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 936aa737..e8a21f32 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -25,7 +25,6 @@ spec: containers: - args: - --web.listen-address=127.0.0.1:9100 - - --path.procfs=/host/proc - --path.sysfs=/host/sys - --path.rootfs=/host/root - --no-collector.wifi @@ -41,10 +40,6 @@ spec: cpu: 102m memory: 180Mi volumeMounts: - - mountPath: /host/proc - mountPropagation: HostToContainer - name: proc - readOnly: true - mountPath: /host/sys mountPropagation: HostToContainer name: sys @@ -91,9 +86,6 @@ spec: tolerations: - operator: Exists volumes: - - hostPath: - path: /proc - name: proc - hostPath: path: /sys name: sys From b39b1bfcfcc99be504e2c1548208d0cdbc4f5f05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Wed, 11 Nov 2020 21:08:39 +0100 Subject: [PATCH 055/388] install a blackbox-exporter instance --- README.md | 32 +++ docs/blackbox-exporter.md | 86 +++++++ .../blackbox-exporter.libsonnet | 211 ++++++++++++++++++ 3 files changed, 329 insertions(+) create mode 100644 docs/blackbox-exporter.md create mode 100644 jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet diff --git a/README.md b/README.md index 4b67ad11..042652b8 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ This stack is meant for cluster monitoring, so it is pre-configured to collect m - [Stripping container resource limits](#stripping-container-resource-limits) - [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards) - [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress) + - [Setting up a blackbox exporter](#setting-up-a-blackbox exporter) - [Minikube Example](#minikube-example) - [Troubleshooting](#troubleshooting) - [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics) @@ -729,6 +730,37 @@ See [developing Prometheus rules and Grafana dashboards](docs/developing-prometh See [exposing Prometheus/Alertmanager/Grafana](docs/exposing-prometheus-alertmanager-grafana-ingress.md) guide. +### Setting up a blackbox exporter + +```jsonnet +local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + + // ... other necessary mixins ... + (import 'kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet') + + { + _config+:: { + // ... configuration for other features ... + blackboxExporter+:: { + modules+:: { + tls_connect: { + prober: 'tcp', + tcp: { + tls: true + } + } + } + } + } + }; + +{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +// ... other rendering blocks ... +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +``` + +Then describe the actual blackbox checks you want to run using `Probe` resources. Specify `blackbox-exporter..svc.cluster.local:9115` as the `spec.prober.url` field of the `Probe` resource. + +See the [blackbox exporter guide](docs/blackbox-exporter.md) for the list of configurable options and a complete example. + ## Minikube Example To use an easy to reproduce example, see [minikube.jsonnet](examples/minikube.jsonnet), which uses the minikube setup as demonstrated in [Prerequisites](#prerequisites). Because we would like easy access to our Prometheus, Alertmanager and Grafana UIs, `minikube.jsonnet` exposes the services as NodePort type services. diff --git a/docs/blackbox-exporter.md b/docs/blackbox-exporter.md new file mode 100644 index 00000000..4c3adb97 --- /dev/null +++ b/docs/blackbox-exporter.md @@ -0,0 +1,86 @@ +# Setting up a blackbox exporter + +The `prometheus-operator` defines a `Probe` resource type that can be used to describe blackbox checks. To execute these, a separate component called [`blackbox_exporter`](https://github.com/prometheus/blackbox_exporter) has to be deployed, which can be scraped to retrieve the results of these checks. You can use `kube-prometheus` to set up such a blackbox exporter within your Kubernetes cluster. + +## Adding blackbox exporter manifests to an existing `kube-prometheus` configuration + +1. Add the blackbox exporter mixin to the list of imports: +``` +(import 'kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet') +``` +2. Override blackbox-related configuration parameters as needed. +3. Add the following to the list of renderers to render the blackbox exporter manifests: +``` +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +``` + +## Configuration parameters influencing the blackbox exporter + +* `_config.namespace`: the namespace where the various generated resources (`ConfigMap`, `Deployment`, `Service`, `ServiceAccount` and `ServiceMonitor`) will reside. This does not affect where you can place `Probe` objects; that is determined by the configuration of the `Prometheus` resource. This option is shared with other `kube-prometheus` components; defaults to `default`. +* `_config.imageRepos.blackboxExporter`: the name of the blackbox exporter image to deploy. Defaults to `quay.io/prometheus/blackbox-exporter`. +* `_config.versions.blackboxExporter`: the tag of the blackbox exporter image to deploy. Defaults to the version `kube-prometheus` was tested with. +* `_config.imageRepos.configmapReloader`: the name of the ConfigMap reloader image to deploy. Defaults to `jimmidyson/configmap-reload`. +* `_config.versions.configmapReloader`: the tag of the ConfigMap reloader image to deploy. Defaults to the version `kube-prometheus` was tested with. +* `_config.resources.blackbox-exporter.requests`: the requested resources; this is used for each container. Defaults to `10m` CPU and `20Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. +* `_config.resources.blackbox-exporter.limits`: the resource limits; this is used for each container. Defaults to `20m` CPU and `40Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. +* `_config.blackboxExporter.port`: the port of the exporter. Defaults to `9115`. +* `_config.blackboxExporter.replicas`: the number of exporter replicas to be deployed. Defaults to `1`. +* `_config.blackboxExporter.matchLabels`: map of the labels to be used to select resources belonging to the instance deployed. Defaults to `{ 'app.kubernetes.io/name': 'blackbox-exporter' }` +* `_config.blackboxExporter.assignLabels`: map of the labels applied to components of the instance deployed. Defaults to all the labels included in the `matchLabels` option, and additionally `app.kubernetes.io/version` is set to the version of the blackbox exporter. +* `_config.blackboxExporter.modules`: the modules available in the blackbox exporter installation, i.e. the types of checks it can perform. The default value includes most of the modules defined in the default blackbox exporter configuration: `http_2xx`, `http_post_2xx`, `tcp_connect`, `pop3s_banner`, `ssh_banner`, and `irc_banner`. `icmp` is omitted so the exporter can be run with minimum privileges, but you can add it back if needed - see the example below. See https://github.com/prometheus/blackbox_exporter/blob/master/CONFIGURATION.md for the configuration format, except you have to use JSON instead of YAML here. +* `_config.blackboxExporter.privileged`: whether the `blackbox-exporter` container should be running as non-root (`false`) or root with heavily-restricted capability set (`true`). Defaults to `true` if you have any ICMP modules defined (which need the extra permissions) and `false` otherwise. + +## Complete example + +```jsonnet +local kp = + (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet') + { + _config+:: { + namespace: 'monitoring', + blackboxExporter+:: { + modules+:: { + icmp: { + prober: 'icmp', + }, + }, + }, + }, + }; + +{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor is separated so that it can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +``` + +After installing the generated manifests, you can create `Probe` resources, for example: + +```yaml +kind: Probe +apiVersion: monitoring.coreos.com/v1 +metadata: + name: example-com-website + namespace: monitoring +spec: + interval: 60s + module: http_2xx + prober: + url: blackbox-exporter.monitoring.svc.cluster.local:9115 + targets: + staticConfig: + static: + - http://example.com + - https://example.com +``` diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet new file mode 100644 index 00000000..e8d6c25b --- /dev/null +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -0,0 +1,211 @@ +{ + _config+:: { + namespace: 'default', + + versions+:: { + blackboxExporter: 'v0.18.0', + configmapReloader: 'v0.4.0' + }, + + imageRepos+:: { + blackboxExporter: 'quay.io/prometheus/blackbox-exporter', + configmapReloader: 'jimmidyson/configmap-reload' + }, + + resources+:: { + 'blackbox-exporter': { + requests: { cpu: '10m', memory: '20Mi' }, + limits: { cpu: '20m', memory: '40Mi' }, + } + }, + + blackboxExporter: { + port: 9115, + replicas: 1, + matchLabels: { + 'app.kubernetes.io/name': 'blackbox-exporter', + }, + assignLabels: self.matchLabels + { + 'app.kubernetes.io/version': $._config.versions.blackboxExporter + }, + modules: { + http_2xx: { + prober: 'http' + }, + http_post_2xx: { + prober: 'http', + http: { + method: 'POST' + } + }, + tcp_connect: { + prober: 'tcp' + }, + pop3s_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { expect: '^+OK' } + ], + tls: true, + tls_config: { + insecure_skip_verify: false + } + } + }, + ssh_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { expect: '^SSH-2.0-' } + ] + } + }, + irc_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { send: 'NICK prober' }, + { send: 'USER prober prober prober :prober' }, + { expect: 'PING :([^ ]+)', send: 'PONG ${1}' }, + { expect: '^:[^ ]+ 001' } + ] + } + }, + }, + privileged: + local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp']; + std.length(icmpModules) > 0 + } + }, + + blackboxExporter+:: + local bb = $._config.blackboxExporter; + { + configuration: { + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'blackbox-exporter-configuration', + namespace: $._config.namespace + }, + data: { + 'config.yml': std.manifestYamlDoc({ modules: bb.modules }) + } + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'blackbox-exporter', + namespace: $._config.namespace, + }, + }, + + deployment: { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: 'blackbox-exporter', + namespace: $._config.namespace, + labels: bb.assignLabels, + }, + spec: { + replicas: bb.replicas, + selector: { matchLabels: bb.matchLabels }, + template: { + metadata: { labels: bb.assignLabels }, + spec: { + containers: [ + { + name: 'blackbox-exporter', + image: $._config.imageRepos.blackboxExporter + ':' + $._config.versions.blackboxExporter, + ports: [{ + name: 'http', + containerPort: bb.port, + }], + resources: { + requests: $._config.resources['blackbox-exporter'].requests, + limits: $._config.resources['blackbox-exporter'].limits + }, + securityContext: if bb.privileged then { + runAsNonRoot: false, + capabilities: { drop: [ 'ALL' ], add: [ 'NET_RAW'] } + } else { + runAsNonRoot: true, + runAsUser: 65534 + }, + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true + }] + }, + { + name: 'module-configmap-reloader', + image: $._config.imageRepos.configmapReloader + ':' + $._config.versions.configmapReloader, + args: [ + '--webhook-url=http://localhost:' + bb.port + '/-/reload', + '--volume-dir=/etc/blackbox_exporter/' + ], + resources: { + requests: $._config.resources['blackbox-exporter'].requests, + limits: $._config.resources['blackbox-exporter'].limits + }, + securityContext: { runAsNonRoot: true, runAsUser: 65534 }, + terminationMessagePath: '/dev/termination-log', + terminationMessagePolicy: 'FallbackToLogsOnError', + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true + }] + } + ], + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'blackbox-exporter', + volumes: [{ + name: 'config', + configMap: { name: 'blackbox-exporter-configuration' } + }] + } + } + } + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'blackbox-exporter', + namespace: $._config.namespace, + labels: bb.assignLabels, + }, + spec: { + ports: [{ name: 'http', port: bb.port, targetPort: 'http' }], + selector: bb.matchLabels, + } + }, + + serviceMonitor: + { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'blackbox-exporter', + labels: bb.assignLabels + }, + spec: { + endpoints: [ { + interval: '30s', + path: '/metrics', + port: 'http' + } ], + selector: { + matchLabels: bb.matchLabels + } + } + } + } +} From c2fb1f42089f0dd22a4e92eb3cf1e52a688b850f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Thu, 26 Nov 2020 22:26:23 +0100 Subject: [PATCH 056/388] include the blackbox exporter mixin by default --- README.md | 3 +-- docs/blackbox-exporter.md | 9 ++------- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 1 + 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 042652b8..c8afb50b 100644 --- a/README.md +++ b/README.md @@ -734,8 +734,7 @@ See [exposing Prometheus/Alertmanager/Grafana](docs/exposing-prometheus-alertman ```jsonnet local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - // ... other necessary mixins ... - (import 'kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet') + + // ... all necessary mixins ... { _config+:: { // ... configuration for other features ... diff --git a/docs/blackbox-exporter.md b/docs/blackbox-exporter.md index 4c3adb97..cb40fd5f 100644 --- a/docs/blackbox-exporter.md +++ b/docs/blackbox-exporter.md @@ -4,12 +4,8 @@ The `prometheus-operator` defines a `Probe` resource type that can be used to de ## Adding blackbox exporter manifests to an existing `kube-prometheus` configuration -1. Add the blackbox exporter mixin to the list of imports: -``` -(import 'kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet') -``` -2. Override blackbox-related configuration parameters as needed. -3. Add the following to the list of renderers to render the blackbox exporter manifests: +1. Override blackbox-related configuration parameters as needed. +2. Add the following to the list of renderers to render the blackbox exporter manifests: ``` { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } ``` @@ -35,7 +31,6 @@ The `prometheus-operator` defines a `Probe` resource type that can be used to de ```jsonnet local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet') { _config+:: { namespace: 'monitoring', diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 3bfd4768..38bb061e 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -5,6 +5,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import './node-exporter/node-exporter.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + +(import './blackbox-exporter/blackbox-exporter.libsonnet') + (import './alertmanager/alertmanager.libsonnet') + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + From 8d53477ec884e907e9f324cdfaad6acf047b9a10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Fri, 27 Nov 2020 13:43:39 +0100 Subject: [PATCH 057/388] put the service monitor for the blackbox exporter in the configured namespace --- .../blackbox-exporter/blackbox-exporter.libsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index e8d6c25b..a9b2614a 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -194,6 +194,7 @@ kind: 'ServiceMonitor', metadata: { name: 'blackbox-exporter', + namespace: $._config.namespace, labels: bb.assignLabels }, spec: { From 8b4effaba0fe790121727fe4b7795ecda94ee3f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Sat, 28 Nov 2020 21:22:36 +0100 Subject: [PATCH 058/388] update examples and regenerate manifests --- README.md | 1 + ...prometheus-rules-and-grafana-dashboards.md | 1 + example.jsonnet | 1 + examples/kustomize.jsonnet | 1 + kustomization.yaml | 5 ++ .../blackbox-exporter-configuration.yaml | 38 +++++++++++ manifests/blackbox-exporter-deployment.yaml | 67 +++++++++++++++++++ manifests/blackbox-exporter-service.yaml | 15 +++++ .../blackbox-exporter-serviceAccount.yaml | 5 ++ .../blackbox-exporter-serviceMonitor.yaml | 16 +++++ 10 files changed, 150 insertions(+) create mode 100644 manifests/blackbox-exporter-configuration.yaml create mode 100644 manifests/blackbox-exporter-deployment.yaml create mode 100644 manifests/blackbox-exporter-service.yaml create mode 100644 manifests/blackbox-exporter-serviceAccount.yaml create mode 100644 manifests/blackbox-exporter-serviceMonitor.yaml diff --git a/README.md b/README.md index c8afb50b..eff1e4e9 100644 --- a/README.md +++ b/README.md @@ -224,6 +224,7 @@ local kp = // serviceMonitor is separated so that it can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index ee7be4e0..f9decdcd 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -34,6 +34,7 @@ local kp = // serviceMonitor is separated so that it can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + diff --git a/example.jsonnet b/example.jsonnet index 15a801f8..a459460d 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -22,6 +22,7 @@ local kp = // serviceMonitor is separated so that it can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + diff --git a/examples/kustomize.jsonnet b/examples/kustomize.jsonnet index 38dd6c89..7b1cf6a2 100644 --- a/examples/kustomize.jsonnet +++ b/examples/kustomize.jsonnet @@ -16,6 +16,7 @@ local manifests = // serviceMonitor is separated so that it can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + + { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + diff --git a/kustomization.yaml b/kustomization.yaml index b067b22f..bd00d54f 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,11 @@ resources: - ./manifests/alertmanager-service.yaml - ./manifests/alertmanager-serviceAccount.yaml - ./manifests/alertmanager-serviceMonitor.yaml +- ./manifests/blackbox-exporter-configuration.yaml +- ./manifests/blackbox-exporter-deployment.yaml +- ./manifests/blackbox-exporter-service.yaml +- ./manifests/blackbox-exporter-serviceAccount.yaml +- ./manifests/blackbox-exporter-serviceMonitor.yaml - ./manifests/grafana-dashboardDatasources.yaml - ./manifests/grafana-dashboardDefinitions.yaml - ./manifests/grafana-dashboardSources.yaml diff --git a/manifests/blackbox-exporter-configuration.yaml b/manifests/blackbox-exporter-configuration.yaml new file mode 100644 index 00000000..497945ec --- /dev/null +++ b/manifests/blackbox-exporter-configuration.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +data: + config.yml: |- + "modules": + "http_2xx": + "prober": "http" + "http_post_2xx": + "http": + "method": "POST" + "prober": "http" + "irc_banner": + "prober": "tcp" + "tcp": + "query_response": + - "send": "NICK prober" + - "send": "USER prober prober prober :prober" + - "expect": "PING :([^ ]+)" + "send": "PONG ${1}" + - "expect": "^:[^ ]+ 001" + "pop3s_banner": + "prober": "tcp" + "tcp": + "query_response": + - "expect": "^+OK" + "tls": true + "tls_config": + "insecure_skip_verify": false + "ssh_banner": + "prober": "tcp" + "tcp": + "query_response": + - "expect": "^SSH-2.0-" + "tcp_connect": + "prober": "tcp" +kind: ConfigMap +metadata: + name: blackbox-exporter-configuration + namespace: monitoring diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml new file mode 100644 index 00000000..c7874949 --- /dev/null +++ b/manifests/blackbox-exporter-deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/version: v0.18.0 + name: blackbox-exporter + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: blackbox-exporter + template: + metadata: + labels: + app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/version: v0.18.0 + spec: + containers: + - image: quay.io/prometheus/blackbox-exporter:v0.18.0 + name: blackbox-exporter + ports: + - containerPort: 9115 + name: http + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + runAsNonRoot: true + runAsUser: 65534 + volumeMounts: + - mountPath: /etc/blackbox_exporter/ + name: config + readOnly: true + - args: + - --webhook-url=http://localhost:9115/-/reload + - --volume-dir=/etc/blackbox_exporter/ + image: jimmidyson/configmap-reload:v0.4.0 + name: module-configmap-reloader + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + runAsNonRoot: true + runAsUser: 65534 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/blackbox_exporter/ + name: config + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: blackbox-exporter + volumes: + - configMap: + name: blackbox-exporter-configuration + name: config diff --git a/manifests/blackbox-exporter-service.yaml b/manifests/blackbox-exporter-service.yaml new file mode 100644 index 00000000..b4895e71 --- /dev/null +++ b/manifests/blackbox-exporter-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/version: v0.18.0 + name: blackbox-exporter + namespace: monitoring +spec: + ports: + - name: http + port: 9115 + targetPort: http + selector: + app.kubernetes.io/name: blackbox-exporter diff --git a/manifests/blackbox-exporter-serviceAccount.yaml b/manifests/blackbox-exporter-serviceAccount.yaml new file mode 100644 index 00000000..ac2acefb --- /dev/null +++ b/manifests/blackbox-exporter-serviceAccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: blackbox-exporter + namespace: monitoring diff --git a/manifests/blackbox-exporter-serviceMonitor.yaml b/manifests/blackbox-exporter-serviceMonitor.yaml new file mode 100644 index 00000000..ae39c5a8 --- /dev/null +++ b/manifests/blackbox-exporter-serviceMonitor.yaml @@ -0,0 +1,16 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/version: v0.18.0 + name: blackbox-exporter + namespace: monitoring +spec: + endpoints: + - interval: 30s + path: /metrics + port: http + selector: + matchLabels: + app.kubernetes.io/name: blackbox-exporter From 97aaa1f534a1fa34a7c95d669892696128dcd135 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Sat, 28 Nov 2020 21:40:21 +0100 Subject: [PATCH 059/388] accept formatting changes made by jsonnetfmt --- .../blackbox-exporter.libsonnet | 106 +++++++++--------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index a9b2614a..06599f94 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -4,19 +4,19 @@ versions+:: { blackboxExporter: 'v0.18.0', - configmapReloader: 'v0.4.0' + configmapReloader: 'v0.4.0', }, imageRepos+:: { blackboxExporter: 'quay.io/prometheus/blackbox-exporter', - configmapReloader: 'jimmidyson/configmap-reload' + configmapReloader: 'jimmidyson/configmap-reload', }, resources+:: { 'blackbox-exporter': { requests: { cpu: '10m', memory: '20Mi' }, limits: { cpu: '20m', memory: '40Mi' }, - } + }, }, blackboxExporter: { @@ -25,41 +25,41 @@ matchLabels: { 'app.kubernetes.io/name': 'blackbox-exporter', }, - assignLabels: self.matchLabels + { - 'app.kubernetes.io/version': $._config.versions.blackboxExporter + assignLabels: self.matchLabels { + 'app.kubernetes.io/version': $._config.versions.blackboxExporter, }, modules: { http_2xx: { - prober: 'http' + prober: 'http', }, http_post_2xx: { prober: 'http', http: { - method: 'POST' - } + method: 'POST', + }, }, tcp_connect: { - prober: 'tcp' + prober: 'tcp', }, pop3s_banner: { prober: 'tcp', tcp: { query_response: [ - { expect: '^+OK' } + { expect: '^+OK' }, ], tls: true, tls_config: { - insecure_skip_verify: false - } - } + insecure_skip_verify: false, + }, + }, }, ssh_banner: { prober: 'tcp', tcp: { query_response: [ - { expect: '^SSH-2.0-' } - ] - } + { expect: '^SSH-2.0-' }, + ], + }, }, irc_banner: { prober: 'tcp', @@ -68,15 +68,15 @@ { send: 'NICK prober' }, { send: 'USER prober prober prober :prober' }, { expect: 'PING :([^ ]+)', send: 'PONG ${1}' }, - { expect: '^:[^ ]+ 001' } - ] - } + { expect: '^:[^ ]+ 001' }, + ], + }, }, }, privileged: local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp']; - std.length(icmpModules) > 0 - } + std.length(icmpModules) > 0, + }, }, blackboxExporter+:: @@ -87,11 +87,11 @@ kind: 'ConfigMap', metadata: { name: 'blackbox-exporter-configuration', - namespace: $._config.namespace + namespace: $._config.namespace, }, data: { - 'config.yml': std.manifestYamlDoc({ modules: bb.modules }) - } + 'config.yml': std.manifestYamlDoc({ modules: bb.modules }), + }, }, serviceAccount: { @@ -127,31 +127,31 @@ }], resources: { requests: $._config.resources['blackbox-exporter'].requests, - limits: $._config.resources['blackbox-exporter'].limits + limits: $._config.resources['blackbox-exporter'].limits, }, securityContext: if bb.privileged then { - runAsNonRoot: false, - capabilities: { drop: [ 'ALL' ], add: [ 'NET_RAW'] } - } else { - runAsNonRoot: true, - runAsUser: 65534 - }, + runAsNonRoot: false, + capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, + } else { + runAsNonRoot: true, + runAsUser: 65534, + }, volumeMounts: [{ mountPath: '/etc/blackbox_exporter/', name: 'config', - readOnly: true - }] + readOnly: true, + }], }, { name: 'module-configmap-reloader', image: $._config.imageRepos.configmapReloader + ':' + $._config.versions.configmapReloader, args: [ '--webhook-url=http://localhost:' + bb.port + '/-/reload', - '--volume-dir=/etc/blackbox_exporter/' + '--volume-dir=/etc/blackbox_exporter/', ], resources: { requests: $._config.resources['blackbox-exporter'].requests, - limits: $._config.resources['blackbox-exporter'].limits + limits: $._config.resources['blackbox-exporter'].limits, }, securityContext: { runAsNonRoot: true, runAsUser: 65534 }, terminationMessagePath: '/dev/termination-log', @@ -159,19 +159,19 @@ volumeMounts: [{ mountPath: '/etc/blackbox_exporter/', name: 'config', - readOnly: true - }] - } + readOnly: true, + }], + }, ], nodeSelector: { 'kubernetes.io/os': 'linux' }, serviceAccountName: 'blackbox-exporter', volumes: [{ name: 'config', - configMap: { name: 'blackbox-exporter-configuration' } - }] - } - } - } + configMap: { name: 'blackbox-exporter-configuration' }, + }], + }, + }, + }, }, service: { @@ -185,7 +185,7 @@ spec: { ports: [{ name: 'http', port: bb.port, targetPort: 'http' }], selector: bb.matchLabels, - } + }, }, serviceMonitor: @@ -195,18 +195,18 @@ metadata: { name: 'blackbox-exporter', namespace: $._config.namespace, - labels: bb.assignLabels + labels: bb.assignLabels, }, spec: { - endpoints: [ { + endpoints: [{ interval: '30s', path: '/metrics', - port: 'http' - } ], + port: 'http', + }], selector: { - matchLabels: bb.matchLabels - } - } - } - } + matchLabels: bb.matchLabels, + }, + }, + }, + }, } From eda90b68333b8e8b2230c96036f5d213e9508aa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Sat, 26 Dec 2020 11:21:04 +0100 Subject: [PATCH 060/388] put blackbox-exporter behind kube-rbac-proxy --- docs/blackbox-exporter.md | 3 ++- .../blackbox-exporter.libsonnet | 26 ++++++++++++++++--- manifests/blackbox-exporter-deployment.yaml | 21 ++++++++++++--- 3 files changed, 43 insertions(+), 7 deletions(-) diff --git a/docs/blackbox-exporter.md b/docs/blackbox-exporter.md index cb40fd5f..9136944d 100644 --- a/docs/blackbox-exporter.md +++ b/docs/blackbox-exporter.md @@ -19,7 +19,8 @@ The `prometheus-operator` defines a `Probe` resource type that can be used to de * `_config.versions.configmapReloader`: the tag of the ConfigMap reloader image to deploy. Defaults to the version `kube-prometheus` was tested with. * `_config.resources.blackbox-exporter.requests`: the requested resources; this is used for each container. Defaults to `10m` CPU and `20Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. * `_config.resources.blackbox-exporter.limits`: the resource limits; this is used for each container. Defaults to `20m` CPU and `40Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. -* `_config.blackboxExporter.port`: the port of the exporter. Defaults to `9115`. +* `_config.blackboxExporter.port`: the exposed HTTPS port of the exporter. This is where Prometheus should send the probe requests. Defaults to `9115`. +* `_config.blackboxExporter.internalPort`: the internal plaintext port of the exporter. Not accessible from outside the pod. Defaults to `19115`. * `_config.blackboxExporter.replicas`: the number of exporter replicas to be deployed. Defaults to `1`. * `_config.blackboxExporter.matchLabels`: map of the labels to be used to select resources belonging to the instance deployed. Defaults to `{ 'app.kubernetes.io/name': 'blackbox-exporter' }` * `_config.blackboxExporter.assignLabels`: map of the labels applied to components of the instance deployed. Defaults to all the labels included in the `matchLabels` option, and additionally `app.kubernetes.io/version` is set to the version of the blackbox exporter. diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 06599f94..fcd2280b 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -1,3 +1,5 @@ +local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; + { _config+:: { namespace: 'default', @@ -21,6 +23,7 @@ blackboxExporter: { port: 9115, + internalPort: 19115, replicas: 1, matchLabels: { 'app.kubernetes.io/name': 'blackbox-exporter', @@ -121,9 +124,13 @@ { name: 'blackbox-exporter', image: $._config.imageRepos.blackboxExporter + ':' + $._config.versions.blackboxExporter, + args: [ + '--config.file=/etc/blackbox_exporter/config.yml', + '--web.listen-address=:%d' % bb.internalPort, + ], ports: [{ name: 'http', - containerPort: bb.port, + containerPort: bb.internalPort, }], resources: { requests: $._config.resources['blackbox-exporter'].requests, @@ -146,7 +153,7 @@ name: 'module-configmap-reloader', image: $._config.imageRepos.configmapReloader + ':' + $._config.versions.configmapReloader, args: [ - '--webhook-url=http://localhost:' + bb.port + '/-/reload', + '--webhook-url=http://localhost:%d/-/reload' % bb.internalPort, '--volume-dir=/etc/blackbox_exporter/', ], resources: { @@ -208,5 +215,18 @@ }, }, }, - }, + } + + (kubeRbacProxyContainer { + config+:: { + kubeRbacProxy: { + image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, + name: 'kube-rbac-proxy', + securePortName: 'https', + securePort: bb.port, + secureListenAddress: ':%d' % self.securePort, + upstream: 'http://127.0.0.1:%d/' % bb.internalPort, + tlsCipherSuites: $._config.tlsCipherSuites, + }, + }, + }).deploymentMixin, } diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index c7874949..3a4bd821 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -18,10 +18,13 @@ spec: app.kubernetes.io/version: v0.18.0 spec: containers: - - image: quay.io/prometheus/blackbox-exporter:v0.18.0 + - args: + - --config.file=/etc/blackbox_exporter/config.yml + - --web.listen-address=:19115 + image: quay.io/prometheus/blackbox-exporter:v0.18.0 name: blackbox-exporter ports: - - containerPort: 9115 + - containerPort: 19115 name: http resources: limits: @@ -38,7 +41,7 @@ spec: name: config readOnly: true - args: - - --webhook-url=http://localhost:9115/-/reload + - --webhook-url=http://localhost:19115/-/reload - --volume-dir=/etc/blackbox_exporter/ image: jimmidyson/configmap-reload:v0.4.0 name: module-configmap-reloader @@ -58,6 +61,18 @@ spec: - mountPath: /etc/blackbox_exporter/ name: config readOnly: true + - args: + - --logtostderr + - --secure-listen-address=:9115 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - --upstream=http://127.0.0.1:19115/ + image: quay.io/brancz/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 9115 + name: https + securityContext: + runAsUser: 65534 nodeSelector: kubernetes.io/os: linux serviceAccountName: blackbox-exporter From 66aca046886c36288114b051b9e139dc091df6e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Sat, 26 Dec 2020 13:13:36 +0100 Subject: [PATCH 061/388] monitor blackbox-exporter over https --- .../blackbox-exporter/blackbox-exporter.libsonnet | 6 +++++- manifests/blackbox-exporter-service.yaml | 2 +- manifests/blackbox-exporter-serviceMonitor.yaml | 3 +++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index fcd2280b..91f2d29f 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -190,7 +190,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; labels: bb.assignLabels, }, spec: { - ports: [{ name: 'http', port: bb.port, targetPort: 'http' }], + ports: [{ name: 'http', port: bb.port, targetPort: 'https' }], selector: bb.matchLabels, }, }, @@ -209,6 +209,10 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; interval: '30s', path: '/metrics', port: 'http', + scheme: 'https', + tlsConfig: { + insecureSkipVerify: true, + }, }], selector: { matchLabels: bb.matchLabels, diff --git a/manifests/blackbox-exporter-service.yaml b/manifests/blackbox-exporter-service.yaml index b4895e71..587fff2b 100644 --- a/manifests/blackbox-exporter-service.yaml +++ b/manifests/blackbox-exporter-service.yaml @@ -10,6 +10,6 @@ spec: ports: - name: http port: 9115 - targetPort: http + targetPort: https selector: app.kubernetes.io/name: blackbox-exporter diff --git a/manifests/blackbox-exporter-serviceMonitor.yaml b/manifests/blackbox-exporter-serviceMonitor.yaml index ae39c5a8..add64359 100644 --- a/manifests/blackbox-exporter-serviceMonitor.yaml +++ b/manifests/blackbox-exporter-serviceMonitor.yaml @@ -11,6 +11,9 @@ spec: - interval: 30s path: /metrics port: http + scheme: https + tlsConfig: + insecureSkipVerify: true selector: matchLabels: app.kubernetes.io/name: blackbox-exporter From dcd99f7d6834df5e2800c8cdc8703c003cb50bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Sat, 26 Dec 2020 13:14:40 +0100 Subject: [PATCH 062/388] set up authorization for blackbox-exporter --- .../blackbox-exporter.libsonnet | 39 +++++++++++++++++++ kustomization.yaml | 2 + manifests/blackbox-exporter-clusterRole.yaml | 17 ++++++++ .../blackbox-exporter-clusterRoleBinding.yaml | 12 ++++++ .../blackbox-exporter-serviceMonitor.yaml | 3 +- 5 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 manifests/blackbox-exporter-clusterRole.yaml create mode 100644 manifests/blackbox-exporter-clusterRoleBinding.yaml diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 91f2d29f..8bd08e12 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -106,6 +106,44 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; }, }, + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'blackbox-exporter', + }, + rules: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], + }, + ], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'blackbox-exporter', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'blackbox-exporter', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'blackbox-exporter', + namespace: $._config.namespace, + }], + }, + deployment: { apiVersion: 'apps/v1', kind: 'Deployment', @@ -206,6 +244,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; }, spec: { endpoints: [{ + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', interval: '30s', path: '/metrics', port: 'http', diff --git a/kustomization.yaml b/kustomization.yaml index bd00d54f..7066018a 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,6 +6,8 @@ resources: - ./manifests/alertmanager-service.yaml - ./manifests/alertmanager-serviceAccount.yaml - ./manifests/alertmanager-serviceMonitor.yaml +- ./manifests/blackbox-exporter-clusterRole.yaml +- ./manifests/blackbox-exporter-clusterRoleBinding.yaml - ./manifests/blackbox-exporter-configuration.yaml - ./manifests/blackbox-exporter-deployment.yaml - ./manifests/blackbox-exporter-service.yaml diff --git a/manifests/blackbox-exporter-clusterRole.yaml b/manifests/blackbox-exporter-clusterRole.yaml new file mode 100644 index 00000000..c7824058 --- /dev/null +++ b/manifests/blackbox-exporter-clusterRole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: blackbox-exporter +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/manifests/blackbox-exporter-clusterRoleBinding.yaml b/manifests/blackbox-exporter-clusterRoleBinding.yaml new file mode 100644 index 00000000..7b3ae320 --- /dev/null +++ b/manifests/blackbox-exporter-clusterRoleBinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: blackbox-exporter +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: blackbox-exporter +subjects: +- kind: ServiceAccount + name: blackbox-exporter + namespace: monitoring diff --git a/manifests/blackbox-exporter-serviceMonitor.yaml b/manifests/blackbox-exporter-serviceMonitor.yaml index add64359..81eec23d 100644 --- a/manifests/blackbox-exporter-serviceMonitor.yaml +++ b/manifests/blackbox-exporter-serviceMonitor.yaml @@ -8,7 +8,8 @@ metadata: namespace: monitoring spec: endpoints: - - interval: 30s + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + interval: 30s path: /metrics port: http scheme: https From 5083ae2e894e102ce5e70d6c44644fd536e80b51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=81LFALVI=20Tam=C3=A1s?= Date: Wed, 30 Dec 2020 23:12:45 +0100 Subject: [PATCH 063/388] regenerate manifests --- manifests/blackbox-exporter-deployment.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index 3a4bd821..ca71dafb 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -72,7 +72,9 @@ spec: - containerPort: 9115 name: https securityContext: - runAsUser: 65534 + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 nodeSelector: kubernetes.io/os: linux serviceAccountName: blackbox-exporter From 6501366ff8f16926ed5b55b9f3ba6b1cf58ceec8 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Thu, 31 Dec 2020 15:05:18 +0100 Subject: [PATCH 064/388] blackbox-exporter: Add probe port to Service --- docs/blackbox-exporter.md | 6 +++--- .../blackbox-exporter/blackbox-exporter.libsonnet | 12 ++++++++++-- manifests/blackbox-exporter-service.yaml | 5 ++++- manifests/blackbox-exporter-serviceMonitor.yaml | 2 +- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docs/blackbox-exporter.md b/docs/blackbox-exporter.md index 9136944d..624b9483 100644 --- a/docs/blackbox-exporter.md +++ b/docs/blackbox-exporter.md @@ -19,8 +19,8 @@ The `prometheus-operator` defines a `Probe` resource type that can be used to de * `_config.versions.configmapReloader`: the tag of the ConfigMap reloader image to deploy. Defaults to the version `kube-prometheus` was tested with. * `_config.resources.blackbox-exporter.requests`: the requested resources; this is used for each container. Defaults to `10m` CPU and `20Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. * `_config.resources.blackbox-exporter.limits`: the resource limits; this is used for each container. Defaults to `20m` CPU and `40Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. -* `_config.blackboxExporter.port`: the exposed HTTPS port of the exporter. This is where Prometheus should send the probe requests. Defaults to `9115`. -* `_config.blackboxExporter.internalPort`: the internal plaintext port of the exporter. Not accessible from outside the pod. Defaults to `19115`. +* `_config.blackboxExporter.port`: the exposed HTTPS port of the exporter. This is what Prometheus can scrape for metrics related to the blackbox exporter itself. Defaults to `9115`. +* `_config.blackboxExporter.internalPort`: the internal plaintext port of the exporter. Prometheus scrapes configured via `Probe` objects cannot access the HTTPS port right now, so you have to specify this port in the `url` field. Defaults to `19115`. * `_config.blackboxExporter.replicas`: the number of exporter replicas to be deployed. Defaults to `1`. * `_config.blackboxExporter.matchLabels`: map of the labels to be used to select resources belonging to the instance deployed. Defaults to `{ 'app.kubernetes.io/name': 'blackbox-exporter' }` * `_config.blackboxExporter.assignLabels`: map of the labels applied to components of the instance deployed. Defaults to all the labels included in the `matchLabels` option, and additionally `app.kubernetes.io/version` is set to the version of the blackbox exporter. @@ -73,7 +73,7 @@ spec: interval: 60s module: http_2xx prober: - url: blackbox-exporter.monitoring.svc.cluster.local:9115 + url: blackbox-exporter.monitoring.svc.cluster.local:19115 targets: staticConfig: static: diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 8bd08e12..93fc3066 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -228,7 +228,15 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; labels: bb.assignLabels, }, spec: { - ports: [{ name: 'http', port: bb.port, targetPort: 'https' }], + ports: [{ + name: 'https', + port: bb.port, + targetPort: 'https', + }, { + name: 'probe', + port: bb.internalPort, + targetPort: 'http', + }], selector: bb.matchLabels, }, }, @@ -247,7 +255,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', interval: '30s', path: '/metrics', - port: 'http', + port: 'https', scheme: 'https', tlsConfig: { insecureSkipVerify: true, diff --git a/manifests/blackbox-exporter-service.yaml b/manifests/blackbox-exporter-service.yaml index 587fff2b..5a693e2b 100644 --- a/manifests/blackbox-exporter-service.yaml +++ b/manifests/blackbox-exporter-service.yaml @@ -8,8 +8,11 @@ metadata: namespace: monitoring spec: ports: - - name: http + - name: https port: 9115 targetPort: https + - name: probe + port: 19115 + targetPort: http selector: app.kubernetes.io/name: blackbox-exporter diff --git a/manifests/blackbox-exporter-serviceMonitor.yaml b/manifests/blackbox-exporter-serviceMonitor.yaml index 81eec23d..b4b78091 100644 --- a/manifests/blackbox-exporter-serviceMonitor.yaml +++ b/manifests/blackbox-exporter-serviceMonitor.yaml @@ -11,7 +11,7 @@ spec: - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token interval: 30s path: /metrics - port: http + port: https scheme: https tlsConfig: insecureSkipVerify: true From b1dda445018fce65a9eaf2987c9f9aec1f7cafad Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Fri, 1 Jan 2021 15:39:13 +0100 Subject: [PATCH 065/388] blackbox-exporter: Prefer ipv4 by default in probe config --- .../blackbox-exporter/blackbox-exporter.libsonnet | 10 ++++++++++ manifests/blackbox-exporter-configuration.yaml | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 93fc3066..38ef07ea 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -34,15 +34,22 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; modules: { http_2xx: { prober: 'http', + http: { + preferred_ip_protocol: 'ip4', + }, }, http_post_2xx: { prober: 'http', http: { method: 'POST', + preferred_ip_protocol: 'ip4', }, }, tcp_connect: { prober: 'tcp', + tcp: { + preferred_ip_protocol: 'ip4', + }, }, pop3s_banner: { prober: 'tcp', @@ -54,6 +61,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; tls_config: { insecure_skip_verify: false, }, + preferred_ip_protocol: 'ip4', }, }, ssh_banner: { @@ -62,6 +70,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; query_response: [ { expect: '^SSH-2.0-' }, ], + preferred_ip_protocol: 'ip4', }, }, irc_banner: { @@ -73,6 +82,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; { expect: 'PING :([^ ]+)', send: 'PONG ${1}' }, { expect: '^:[^ ]+ 001' }, ], + preferred_ip_protocol: 'ip4', }, }, }, diff --git a/manifests/blackbox-exporter-configuration.yaml b/manifests/blackbox-exporter-configuration.yaml index 497945ec..7af052c5 100644 --- a/manifests/blackbox-exporter-configuration.yaml +++ b/manifests/blackbox-exporter-configuration.yaml @@ -3,14 +3,18 @@ data: config.yml: |- "modules": "http_2xx": + "http": + "preferred_ip_protocol": "ip4" "prober": "http" "http_post_2xx": "http": "method": "POST" + "preferred_ip_protocol": "ip4" "prober": "http" "irc_banner": "prober": "tcp" "tcp": + "preferred_ip_protocol": "ip4" "query_response": - "send": "NICK prober" - "send": "USER prober prober prober :prober" @@ -20,6 +24,7 @@ data: "pop3s_banner": "prober": "tcp" "tcp": + "preferred_ip_protocol": "ip4" "query_response": - "expect": "^+OK" "tls": true @@ -28,10 +33,13 @@ data: "ssh_banner": "prober": "tcp" "tcp": + "preferred_ip_protocol": "ip4" "query_response": - "expect": "^SSH-2.0-" "tcp_connect": "prober": "tcp" + "tcp": + "preferred_ip_protocol": "ip4" kind: ConfigMap metadata: name: blackbox-exporter-configuration From cf916082b802ec72b682dcdf784a58088144aa31 Mon Sep 17 00:00:00 2001 From: Frederic Branczyk Date: Mon, 4 Jan 2021 16:45:27 +0100 Subject: [PATCH 066/388] kubelet: Revert label selector The Kubelet's Service/Endpoints object maintained by the Prometheus Operator does not have the recommended app label (yet). Therefore we need to use the old label until a Prometheus Operator version has been released and integrated in kube-promteheus that does use it. --- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 4 ++-- manifests/prometheus-serviceMonitorKubelet.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 7f8a2c35..fc99add3 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -309,7 +309,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli labels: { 'app.kubernetes.io/name': 'kubelet' }, }, spec: { - jobLabel: 'app.kubernetes.io/name', + jobLabel: 'k8s-app', endpoints: [ { port: 'https-metrics', @@ -364,7 +364,7 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabeli }, ], selector: { - matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, + matchLabels: { 'k8s-app': 'kubelet' }, }, namespaceSelector: { matchNames: ['kube-system'], diff --git a/manifests/prometheus-serviceMonitorKubelet.yaml b/manifests/prometheus-serviceMonitorKubelet.yaml index dc329395..72dff3fb 100644 --- a/manifests/prometheus-serviceMonitorKubelet.yaml +++ b/manifests/prometheus-serviceMonitorKubelet.yaml @@ -81,10 +81,10 @@ spec: scheme: https tlsConfig: insecureSkipVerify: true - jobLabel: app.kubernetes.io/name + jobLabel: k8s-app namespaceSelector: matchNames: - kube-system selector: matchLabels: - app.kubernetes.io/name: kubelet + k8s-app: kubelet From 19376df824229b8daa207551ba4c0d633dad77f7 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 15:14:43 +0100 Subject: [PATCH 067/388] jsonnet: move kube-rbac-proxy mixin to separate file --- .../blackbox-exporter.libsonnet | 2 +- .../kube-prometheus/kube-prometheus.libsonnet | 3 +- .../kube-rbac-proxy/containerMixin.libsonnet | 96 +++++++++++++++++++ .../kube-state-metrics.libsonnet | 2 +- 4 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 38ef07ea..9c76ff34 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -1,4 +1,4 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; +local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; { _config+:: { diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 05c7326a..219c011d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,9 +1,8 @@ -local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; +local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + -(import './node-exporter/node-exporter.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import './blackbox-exporter/blackbox-exporter.libsonnet') + (import './alertmanager/alertmanager.libsonnet') + diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet new file mode 100644 index 00000000..795463a7 --- /dev/null +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet @@ -0,0 +1,96 @@ +// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet +// are converted to use kube-rbac-proxy/container.libsonnet + +{ + local krp = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + + specMixin:: { + local sm = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + spec+: { + template+: { + spec+: { + containers+: [{ + name: krp.config.kubeRbacProxy.name, + image: krp.config.kubeRbacProxy.image, + args: [ + '--logtostderr', + '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, + '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites), + '--upstream=' + krp.config.kubeRbacProxy.upstream, + ], + ports: [ + { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, + ], + securityContext: { + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, + }, + }], + }, + }, + }, + }, + + deploymentMixin:: { + local dm = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + deployment+: krp.specMixin { + config+:: { + kubeRbacProxy+: dm.config.kubeRbacProxy, + }, + }, + }, + + statefulSetMixin:: { + local sm = self, + config+:: { + kubeRbacProxy: { + image: error 'must provide image', + name: error 'must provide name', + securePortName: error 'must provide securePortName', + securePort: error 'must provide securePort', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + tlsCipherSuites: error 'must provide tlsCipherSuites', + }, + }, + statefulSet+: krp.specMixin { + config+:: { + kubeRbacProxy+: sm.config.kubeRbacProxy, + }, + }, + }, +} diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 4e1709dd..62cad10b 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -1,4 +1,4 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; +local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet'; { From 5b8feb783c17de51b602573a21c2168962b3a164 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 15:15:44 +0100 Subject: [PATCH 068/388] jsonnet: create function responsible for node-exporter objects --- .../kube-prometheus/kube-prometheus.libsonnet | 12 +- .../kube-rbac-proxy/container.libsonnet | 149 +++---- .../node-exporter/node-exporter.libsonnet | 405 +++++++++--------- 3 files changed, 269 insertions(+), 297 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 219c011d..1def6a56 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,5 +1,7 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet'; +local nodeExporter = import './node-exporter/node-exporter.libsonnet'; + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + @@ -16,6 +18,11 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonne (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet') + { + nodeExporter: nodeExporter({ + namespace: $._config.namespace, + version: '1.0.1', + imageRepo: 'quay.io/prometheus/node-exporter', + }), kubePrometheus+:: { namespace: { apiVersion: 'v1', @@ -83,7 +90,6 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonne }, }).deploymentMixin, - grafana+:: { local dashboardDefinitions = super.dashboardDefinitions, @@ -196,10 +202,6 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonne requests: { cpu: '100m', memory: '150Mi' }, limits: { cpu: '100m', memory: '150Mi' }, }, - 'node-exporter': { - requests: { cpu: '102m', memory: '180Mi' }, - limits: { cpu: '250m', memory: '180Mi' }, - }, }, prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, grafana+:: { diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet index 724087d6..a142b4b6 100644 --- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet @@ -1,93 +1,64 @@ -{ +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + image: 'quay.io/brancz/kube-rbac-proxy:v0.8.0', + ports: error 'must provide ports', + secureListenAddress: error 'must provide secureListenAddress', + upstream: error 'must provide upstream', + resources: { + requests: { cpu: '10m', memory: '20Mi' }, + limits: { cpu: '20m', memory: '40Mi' }, + }, + tlsCipherSuites: [ + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 + + // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 + // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2 + // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 + // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + + // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go + + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', + 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', + ], +}; + + +function(params) { local krp = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, + config:: defaults + params, + // Safety check + assert std.isObject(krp.config.resources), - specMixin:: { - local sm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, + name: krp.config.name, + image: krp.config.image, + args: [ + '--logtostderr', + '--secure-listen-address=' + krp.config.secureListenAddress, + '--tls-cipher-suites=' + std.join(',', krp.config.tlsCipherSuites), + '--upstream=' + krp.config.upstream, + ], + resources: krp.config.resources, + ports: krp.config.ports, + securityContext: { + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, }, - spec+: { - template+: { - spec+: { - containers+: [{ - name: krp.config.kubeRbacProxy.name, - image: krp.config.kubeRbacProxy.image, - args: [ - '--logtostderr', - '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, - '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites), - '--upstream=' + krp.config.kubeRbacProxy.upstream, - ], - ports: [ - { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, - ], - securityContext: { - runAsUser: 65532, - runAsGroup: 65532, - runAsNonRoot: true, - }, - }], - }, - }, - }, - }, - - deploymentMixin:: { - local dm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - deployment+: krp.specMixin { - config+:: { - kubeRbacProxy+: dm.config.kubeRbacProxy, - }, - }, - }, - - statefulSetMixin:: { - local sm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - statefulSet+: krp.specMixin { - config+:: { - kubeRbacProxy+: sm.config.kubeRbacProxy, - }, - }, - }, } diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 8c5f7383..9100133c 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -1,214 +1,213 @@ -{ - _config+:: { - namespace: 'default', - versions+:: { nodeExporter: 'v1.0.1' }, - imageRepos+:: { nodeExporter: 'quay.io/prometheus/node-exporter' }, +local krp = (import '../kube-rbac-proxy/container.libsonnet'); - nodeExporter+:: { - listenAddress: '127.0.0.1', - port: 9100, - labels: { - 'app.kubernetes.io/name': 'node-exporter', - 'app.kubernetes.io/version': $._config.versions.nodeExporter, - 'app.kubernetes.io/component': 'exporter', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - selectorLabels: { - [labelName]: $._config.nodeExporter.labels[labelName] - for labelName in std.objectFields($._config.nodeExporter.labels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) - }, +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + version: error 'must provide version', + imageRepo: error 'must provide version', + // image: "", + resources: { + requests: { cpu: '102m', memory: '180Mi' }, + limits: { cpu: '250m', memory: '180Mi' }, + }, + listenAddress: '127.0.0.1', + port: 9100, + commonLabels:: { + 'app.kubernetes.io/name': 'node-exporter', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, +}; + + +function(params) { + local ne = self, + config:: defaults + params, + // Safety check + assert std.isObject(ne.config.resources), + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'node-exporter', + labels: ne.config.commonLabels, }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'node-exporter', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'node-exporter', + namespace: ne.config.namespace, + }], }, - nodeExporter+:: { - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: 'node-exporter', - labels: $._config.nodeExporter.labels, + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'node-exporter', + labels: ne.config.commonLabels, + }, + rules: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'node-exporter', - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'node-exporter', - namespace: $._config.namespace, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], }], }, - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'node-exporter', - labels: $._config.nodeExporter.labels, - }, - rules: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], - }, - - daemonset: - local nodeExporter = { - name: 'node-exporter', - image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter, - args: [ - '--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]), - '--path.sysfs=/host/sys', - '--path.rootfs=/host/root', - '--no-collector.wifi', - '--no-collector.hwmon', - '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', - ], - volumeMounts: [ - { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, - { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, - ], - resources: $._config.resources['node-exporter'], - }; - - local proxy = { - name: 'kube-rbac-proxy', - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - args: [ - '--logtostderr', - '--secure-listen-address=[$(IP)]:' + $._config.nodeExporter.port, - '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites), - '--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/', - ], - env: [ - { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, - ], - // Keep `hostPort` here, rather than in the node-exporter container - // because Kubernetes mandates that if you define a `hostPort` then - // `containerPort` must match. In our case, we are splitting the - // host port and container port between the two containers. - // We'll keep the port specification here so that the named port - // used by the service is tied to the proxy container. We *could* - // forgo declaring the host port, however it is important to declare - // it so that the scheduler can decide if the pod is schedulable. - ports: [ - { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port }, - ], - resources: $._config.resources['kube-rbac-proxy'], - securityContext: { - runAsUser: 65532, - runAsGroup: 65532, - runAsNonRoot: true, - }, - }; - - { - apiVersion: 'apps/v1', - kind: 'DaemonSet', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - spec: { - selector: { matchLabels: $._config.nodeExporter.selectorLabels }, - updateStrategy: { - type: 'RollingUpdate', - rollingUpdate: { maxUnavailable: '10%' }, - }, - template: { - metadata: { labels: $._config.nodeExporter.labels }, - spec: { - nodeSelector: { 'kubernetes.io/os': 'linux' }, - tolerations: [{ - operator: 'Exists', - }], - containers: [nodeExporter, proxy], - volumes: [ - { name: 'sys', hostPath: { path: '/sys' } }, - { name: 'root', hostPath: { path: '/' } }, - ], - serviceAccountName: 'node-exporter', - securityContext: { - runAsUser: 65534, - runAsNonRoot: true, - }, - hostPID: true, - hostNetwork: true, - }, - }, - }, - }, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: $._config.nodeExporter.selectorLabels, - }, - endpoints: [{ - port: 'https', - scheme: 'https', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - action: 'replace', - regex: '(.*)', - replacement: '$1', - sourceLabels: ['__meta_kubernetes_pod_node_name'], - targetLabel: 'instance', - }, - ], - tlsConfig: { - insecureSkipVerify: true, - }, - }], - }, - }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'node-exporter', - namespace: $._config.namespace, - labels: $._config.nodeExporter.labels, - }, - spec: { - ports: [ - { name: 'https', targetPort: 'https', port: $._config.nodeExporter.port }, - ], - selector: $._config.nodeExporter.selectorLabels, - clusterIP: 'None', - }, + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'node-exporter', + namespace: ne.config.namespace, + labels: ne.config.commonLabels, }, }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'node-exporter', + namespace: ne.config.namespace, + labels: ne.config.commonLabels, + }, + spec: { + ports: [ + { name: 'https', targetPort: 'https', port: ne.config.port }, + ], + selector: ne.config.selectorLabels, + clusterIP: 'None', + }, + }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'node-exporter', + namespace: ne.config.namespace, + labels: ne.config.commonLabels, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: ne.config.selectorLabels, + }, + endpoints: [{ + port: 'https', + scheme: 'https', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], + tlsConfig: { + insecureSkipVerify: true, + }, + }], + }, + }, + + daemonset: + local nodeExporter = { + name: 'node-exporter', + image: ne.config.imageRepo + ':v' + ne.config.version, + args: [ + '--web.listen-address=' + std.join(':', [ne.config.listenAddress, std.toString(ne.config.port)]), + '--path.sysfs=/host/sys', + '--path.rootfs=/host/root', + '--no-collector.wifi', + '--no-collector.hwmon', + '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', + ], + volumeMounts: [ + { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, + { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, + ], + resources: ne.config.resources, + }; + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + //image: krpImage, + upstream: 'http://127.0.0.1:' + ne.config.port + '/', + secureListenAddress: '[$(IP)]:' + ne.config.port, + // Keep `hostPort` here, rather than in the node-exporter container + // because Kubernetes mandates that if you define a `hostPort` then + // `containerPort` must match. In our case, we are splitting the + // host port and container port between the two containers. + // We'll keep the port specification here so that the named port + // used by the service is tied to the proxy container. We *could* + // forgo declaring the host port, however it is important to declare + // it so that the scheduler can decide if the pod is schedulable. + ports: [ + { name: 'https', containerPort: ne.config.port, hostPort: ne.config.port }, + ], + }) + { + env: [ + { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, + ] + }; + + { + apiVersion: 'apps/v1', + kind: 'DaemonSet', + metadata: { + name: 'node-exporter', + namespace: ne.config.namespace, + labels: ne.config.commonLabels, + }, + spec: { + selector: { matchLabels: ne.config.selectorLabels }, + updateStrategy: { + type: 'RollingUpdate', + rollingUpdate: { maxUnavailable: '10%' }, + }, + template: { + metadata: { labels: ne.config.commonLabels }, + spec: { + nodeSelector: { 'kubernetes.io/os': 'linux' }, + tolerations: [{ + operator: 'Exists', + }], + containers: [nodeExporter, kubeRbacProxy], + volumes: [ + { name: 'sys', hostPath: { path: '/sys' } }, + { name: 'root', hostPath: { path: '/' } }, + ], + serviceAccountName: 'node-exporter', + securityContext: { + runAsUser: 65534, + runAsNonRoot: true, + }, + hostPID: true, + hostNetwork: true, + }, + }, + }, + }, } From da817040c68d1c0c91718630305e85e4b9006796 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 15:16:10 +0100 Subject: [PATCH 069/388] manifests: regenerate to fix version number --- manifests/node-exporter-clusterRole.yaml | 2 +- manifests/node-exporter-clusterRoleBinding.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 4 ++-- manifests/node-exporter-service.yaml | 2 +- manifests/node-exporter-serviceAccount.yaml | 2 +- manifests/node-exporter-serviceMonitor.yaml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index 7d5bf044..45383007 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index 3c8d4072..8887d631 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index e8a21f32..d88d8846 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 name: node-exporter namespace: monitoring spec: @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 spec: containers: - args: diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index 4423c3e8..e0cfb53a 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 name: node-exporter namespace: monitoring spec: diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index daad7d2f..1be5af3c 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 name: node-exporter namespace: monitoring diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index 65432fd6..7b0835c8 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v1.0.1 + app.kubernetes.io/version: 1.0.1 name: node-exporter namespace: monitoring spec: From 630bc3118399d28ade31313ff929c86b4a32dd98 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 16:11:37 +0100 Subject: [PATCH 070/388] jsonnet: do not compose image string for node-exporter --- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 2 +- .../kube-prometheus/node-exporter/node-exporter.libsonnet | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 1def6a56..daab5bcc 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -21,7 +21,7 @@ local nodeExporter = import './node-exporter/node-exporter.libsonnet'; nodeExporter: nodeExporter({ namespace: $._config.namespace, version: '1.0.1', - imageRepo: 'quay.io/prometheus/node-exporter', + image: 'quay.io/prometheus/node-exporter:v1.0.1', }), kubePrometheus+:: { namespace: { diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 9100133c..63ec53b9 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -4,8 +4,7 @@ local defaults = { local defaults = self, namespace: error 'must provide namespace', version: error 'must provide version', - imageRepo: error 'must provide version', - // image: "", + image: error 'must provide version', resources: { requests: { cpu: '102m', memory: '180Mi' }, limits: { cpu: '250m', memory: '180Mi' }, @@ -135,7 +134,7 @@ function(params) { daemonset: local nodeExporter = { name: 'node-exporter', - image: ne.config.imageRepo + ':v' + ne.config.version, + image: ne.config.image, args: [ '--web.listen-address=' + std.join(':', [ne.config.listenAddress, std.toString(ne.config.port)]), '--path.sysfs=/host/sys', From 3b7d4690bacc3704b992f77f5af685db851d70cc Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 16:14:17 +0100 Subject: [PATCH 071/388] add information about code refactoring to readme --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eff1e4e9..8e6d6694 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,14 @@ Components included in this package: This stack is meant for cluster monitoring, so it is pre-configured to collect metrics from all Kubernetes components. In addition to that it delivers a default set of dashboards and alerting rules. Many of the useful dashboards and alerts come from the [kubernetes-mixin project](https://github.com/kubernetes-monitoring/kubernetes-mixin), similar to this project it provides composable jsonnet as a library for users to customize to their needs. +## Warning + +`master` branch is under heavy refactoring work. Please use `release-0.7` branch until code refactoring is complete and this information is removed. + ## Table of contents - [kube-prometheus](#kube-prometheus) + - [Warning](#warning) - [Table of contents](#table-of-contents) - [Prerequisites](#prerequisites) - [minikube](#minikube) @@ -53,8 +58,9 @@ This stack is meant for cluster monitoring, so it is pre-configured to collect m - [Stripping container resource limits](#stripping-container-resource-limits) - [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards) - [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress) - - [Setting up a blackbox exporter](#setting-up-a-blackbox exporter) + - [Setting up a blackbox exporter](#setting-up-a-blackbox-exporter) - [Minikube Example](#minikube-example) + - [Continuous Delivery](#continuous-delivery) - [Troubleshooting](#troubleshooting) - [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics) - [Authentication problem](#authentication-problem) From ea3fee466ede1be958cb8426c6eb37e2c42456d1 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 16:04:25 +0100 Subject: [PATCH 072/388] jsonnet: create function responsible for alertmanager objects Signed-off-by: paulfantom --- .../alertmanager/alertmanager.libsonnet | 294 +++++++++--------- .../kube-prometheus/kube-prometheus.libsonnet | 8 +- 2 files changed, 154 insertions(+), 148 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index af9bf854..4b091e9a 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -1,163 +1,163 @@ -{ - _config+:: { - namespace: 'default', - - versions+:: { - alertmanager: 'v0.21.0', +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + image: error 'must provide image', + version: error 'must provide version', + resources: {}, + commonLabels:: { + 'app.kubernetes.io/name': 'alertmanager', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'alert-router', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + name: error 'must provide name', + config: { + global: { + resolve_timeout: '5m', }, - - imageRepos+:: { - alertmanager: 'quay.io/prometheus/alertmanager', + inhibit_rules: [{ + source_match: { + severity: 'critical', + }, + target_match_re: { + severity: 'warning|info', + }, + equal: ['namespace', 'alertname'], + }, { + source_match: { + severity: 'warning', + }, + target_match_re: { + severity: 'info', + }, + equal: ['namespace', 'alertname'], + }], + route: { + group_by: ['namespace'], + group_wait: '30s', + group_interval: '5m', + repeat_interval: '12h', + receiver: 'Default', + routes: [ + { receiver: 'Watchdog', match: { alertname: 'Watchdog' } }, + { receiver: 'Critical', match: { severity: 'critical' } }, + ], }, + receivers: [ + { name: 'Default' }, + { name: 'Watchdog' }, + { name: 'Critical' }, + ], + }, + replicas: 3, +}; - alertmanager+:: { - name: 'main', - config: { - global: { - resolve_timeout: '5m', - }, - inhibit_rules: [{ - source_match: { - severity: 'critical', - }, - target_match_re: { - severity: 'warning|info', - }, - equal: ['namespace', 'alertname'], - }, { - source_match: { - severity: 'warning', - }, - target_match_re: { - severity: 'info', - }, - equal: ['namespace', 'alertname'], - }], - route: { - group_by: ['namespace'], - group_wait: '30s', - group_interval: '5m', - repeat_interval: '12h', - receiver: 'Default', - routes: [ - { receiver: 'Watchdog', match: { alertname: 'Watchdog' } }, - { receiver: 'Critical', match: { severity: 'critical' } }, - ], - }, - receivers: [ - { name: 'Default' }, - { name: 'Watchdog' }, - { name: 'Critical' }, - ], - }, - replicas: 3, - labels: { - 'app.kubernetes.io/name': 'alertmanager', - 'app.kubernetes.io/version': $._config.versions.alertmanager, - 'app.kubernetes.io/component': 'alert-router', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - selectorLabels: { - [labelName]: $._config.alertmanager.labels[labelName] - for labelName in std.objectFields($._config.alertmanager.labels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) - }, + + + +function(params) { + local am = self, + config:: defaults + params, + // Safety check + assert std.isObject(am.config.resources), + + secret: { + apiVersion: 'v1', + kind: 'Secret', + type: 'Opaque', + metadata: { + name: 'alertmanager-' + am.config.name, + namespace: am.config.namespace, + labels: { alertmanager: am.config.name } + am.config.commonLabels, + }, + stringData: { + 'alertmanager.yaml': if std.type(am.config.config) == 'object' + then + std.manifestYamlDoc(am.config.config) + else + am.config.config, }, }, - alertmanager+:: { - secret: { - apiVersion: 'v1', - kind: 'Secret', - type: 'Opaque', - metadata: { - name: 'alertmanager-' + $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { alertmanager: $._config.alertmanager.name } + $._config.alertmanager.labels, - }, - stringData: { - 'alertmanager.yaml': if std.type($._config.alertmanager.config) == 'object' - then - std.manifestYamlDoc($._config.alertmanager.config) - else - $._config.alertmanager.config, - }, + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'alertmanager-' + am.config.name, + namespace: am.config.namespace, + labels: { alertmanager: am.config.name } + am.config.commonLabels, }, + }, - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'alertmanager-' + $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { alertmanager: $._config.alertmanager.name } + $._config.alertmanager.labels, - }, + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'alertmanager-' + am.config.name, + namespace: am.config.namespace, + labels: { alertmanager: am.config.name } + am.config.commonLabels, }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'alertmanager-' + $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { alertmanager: $._config.alertmanager.name } + $._config.alertmanager.labels, - }, - spec: { - ports: [ - { name: 'web', targetPort: 'web', port: 9093 }, - ], - selector: { - app: 'alertmanager', - alertmanager: $._config.alertmanager.name, - } + $._config.alertmanager.selectorLabels, - sessionAffinity: 'ClientIP', - }, + spec: { + ports: [ + { name: 'web', targetPort: 'web', port: 9093 }, + ], + selector: { + app: 'alertmanager', + alertmanager: am.config.name, + } + am.config.selectorLabels, + sessionAffinity: 'ClientIP', }, + }, - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'alertmanager', - namespace: $._config.namespace, - labels: $._config.alertmanager.labels, - }, - spec: { - selector: { - matchLabels: { - alertmanager: $._config.alertmanager.name, - } + $._config.alertmanager.selectorLabels, - }, - endpoints: [ - { port: 'web', interval: '30s' }, - ], - }, + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'alertmanager', + namespace: am.config.namespace, + labels: am.config.commonLabels, }, - - alertmanager: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'Alertmanager', - metadata: { - name: $._config.alertmanager.name, - namespace: $._config.namespace, - labels: { - alertmanager: $._config.alertmanager.name, - } + $._config.alertmanager.labels, + spec: { + selector: { + matchLabels: { + alertmanager: am.config.name, + } + am.config.selectorLabels, }, - spec: { - replicas: $._config.alertmanager.replicas, - version: $._config.versions.alertmanager, - image: $._config.imageRepos.alertmanager + ':' + $._config.versions.alertmanager, - podMetadata: { - labels: $._config.alertmanager.labels, - }, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - serviceAccountName: 'alertmanager-' + $._config.alertmanager.name, - securityContext: { - runAsUser: 1000, - runAsNonRoot: true, - fsGroup: 2000, - }, + endpoints: [ + { port: 'web', interval: '30s' }, + ], + }, + }, + + alertmanager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'Alertmanager', + metadata: { + name: am.config.name, + namespace: am.config.namespace, + labels: { + alertmanager: am.config.name, + } + am.config.commonLabels, + }, + spec: { + replicas: am.config.replicas, + version: am.config.version, + image: am.config.image, + podMetadata: { + labels: am.config.commonLabels, + }, + resources: am.config.resources, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'alertmanager-' + am.config.name, + securityContext: { + runAsUser: 1000, + runAsNonRoot: true, + fsGroup: 2000, }, }, }, diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index daab5bcc..67bea5a8 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,13 +1,13 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet'; +local alertmanager = import './alertmanager/alertmanager.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import './blackbox-exporter/blackbox-exporter.libsonnet') + -(import './alertmanager/alertmanager.libsonnet') + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + @@ -23,6 +23,12 @@ local nodeExporter = import './node-exporter/node-exporter.libsonnet'; version: '1.0.1', image: 'quay.io/prometheus/node-exporter:v1.0.1', }), + alertmanager: alertmanager({ + name: 'main', + namespace: $._config.namespace, + version: '0.21.0', + image: 'quay.io/prometheus/alertmanager:v0.21.0', + }), kubePrometheus+:: { namespace: { apiVersion: 'v1', From d9b40073d4856823421dec4f81651df695795c46 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 16:17:51 +0100 Subject: [PATCH 073/388] manifests: regenerate to include better alertmanager version --- manifests/alertmanager-alertmanager.yaml | 7 ++++--- manifests/alertmanager-secret.yaml | 2 +- manifests/alertmanager-service.yaml | 2 +- manifests/alertmanager-serviceAccount.yaml | 2 +- manifests/alertmanager-serviceMonitor.yaml | 2 +- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml index be597495..351b7a0c 100644 --- a/manifests/alertmanager-alertmanager.yaml +++ b/manifests/alertmanager-alertmanager.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: 0.21.0 name: main namespace: monitoring spec: @@ -18,11 +18,12 @@ spec: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: 0.21.0 replicas: 3 + resources: {} securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 1000 serviceAccountName: alertmanager-main - version: v0.21.0 + version: 0.21.0 diff --git a/manifests/alertmanager-secret.yaml b/manifests/alertmanager-secret.yaml index 9868057f..c6ffb204 100644 --- a/manifests/alertmanager-secret.yaml +++ b/manifests/alertmanager-secret.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: 0.21.0 name: alertmanager-main namespace: monitoring stringData: diff --git a/manifests/alertmanager-service.yaml b/manifests/alertmanager-service.yaml index f6cd073a..8c611f9f 100644 --- a/manifests/alertmanager-service.yaml +++ b/manifests/alertmanager-service.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: 0.21.0 name: alertmanager-main namespace: monitoring spec: diff --git a/manifests/alertmanager-serviceAccount.yaml b/manifests/alertmanager-serviceAccount.yaml index 4403e398..5a645515 100644 --- a/manifests/alertmanager-serviceAccount.yaml +++ b/manifests/alertmanager-serviceAccount.yaml @@ -6,6 +6,6 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: 0.21.0 name: alertmanager-main namespace: monitoring diff --git a/manifests/alertmanager-serviceMonitor.yaml b/manifests/alertmanager-serviceMonitor.yaml index f6f22d86..6ff45705 100644 --- a/manifests/alertmanager-serviceMonitor.yaml +++ b/manifests/alertmanager-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.21.0 + app.kubernetes.io/version: 0.21.0 name: alertmanager namespace: monitoring spec: From d4999048fce76a40948717f3127983c7f18b13d2 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 17:04:26 +0100 Subject: [PATCH 074/388] jsonnet: create function responsible for prometheus-adapter objects --- .../kube-prometheus/kube-prometheus.libsonnet | 9 +- .../prometheus-adapter.libsonnet | 362 +++++++++--------- 2 files changed, 192 insertions(+), 179 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 67bea5a8..443511d6 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -3,6 +3,8 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonne local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local alertmanager = import './alertmanager/alertmanager.libsonnet'; +local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + @@ -12,7 +14,6 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet'; (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + (import './prometheus/prometheus.libsonnet') + -(import './prometheus-adapter/prometheus-adapter.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') + (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + (import './alerts/alerts.libsonnet') + @@ -29,6 +30,12 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet'; version: '0.21.0', image: 'quay.io/prometheus/alertmanager:v0.21.0', }), + prometheusAdapter: prometheusAdapter({ + namespace: $._config.namespace, + version: '0.8.2', + image: 'directxman12/k8s-prometheus-adapter:v0.8.2', + prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', + }), kubePrometheus+:: { namespace: { apiVersion: 'v1', diff --git a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet index 55950bf0..4dceb06f 100644 --- a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet @@ -1,191 +1,198 @@ -{ - _config+:: { - namespace: 'default', +local defaults = { + local defaults = self, + name: 'prometheus-adapter', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + resources: { + requests: { cpu: '102m', memory: '180Mi' }, + limits: { cpu: '250m', memory: '180Mi' }, + }, + listenAddress: '127.0.0.1', + port: 9100, + commonLabels:: { + 'app.kubernetes.io/name': 'prometheus-adapter', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'metrics-adapter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, - versions+:: { prometheusAdapter: 'v0.8.2' }, - imageRepos+:: { prometheusAdapter: 'directxman12/k8s-prometheus-adapter' }, - - prometheusAdapter+:: { - name: 'prometheus-adapter', - namespace: $._config.namespace, - labels: { - 'app.kubernetes.io/name': 'prometheus-adapter', - 'app.kubernetes.io/version': $._config.versions.prometheusAdapter, - 'app.kubernetes.io/component': 'metrics-adapter', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - selectorLabels: { - [labelName]: $._config.prometheusAdapter.labels[labelName] - for labelName in std.objectFields($._config.prometheusAdapter.labels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) - }, - prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', - config: { - resourceRules: { - cpu: { - containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}[5m])) by (<<.GroupBy>>)', - nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', - resources: { - overrides: { - node: { resource: 'node' }, - namespace: { resource: 'namespace' }, - pod: { resource: 'pod' }, - }, - }, - containerLabel: 'container', + prometheusURL: error 'must provide prometheusURL', + config: { + resourceRules: { + cpu: { + containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}[5m])) by (<<.GroupBy>>)', + nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', + resources: { + overrides: { + node: { resource: 'node' }, + namespace: { resource: 'namespace' }, + pod: { resource: 'pod' }, }, - memory: { - containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)', - nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', - resources: { - overrides: { - instance: { resource: 'node' }, - namespace: { resource: 'namespace' }, - pod: { resource: 'pod' }, - }, - }, - containerLabel: 'container', - }, - window: '5m', }, + containerLabel: 'container', }, + memory: { + containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)', + nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', + resources: { + overrides: { + instance: { resource: 'node' }, + namespace: { resource: 'namespace' }, + pod: { resource: 'pod' }, + }, + }, + containerLabel: 'container', + }, + window: '5m', + }, + }, +}; + +function(params) { + local pa = self, + config:: defaults + params, + // Safety check + assert std.isObject(pa.config.resources), + + apiService: { + apiVersion: 'apiregistration.k8s.io/v1', + kind: 'APIService', + metadata: { + name: 'v1beta1.metrics.k8s.io', + labels: pa.config.commonLabels, + }, + spec: { + service: { + name: $.service.metadata.name, + namespace: pa.config.namespace, + }, + group: 'metrics.k8s.io', + version: 'v1beta1', + insecureSkipTLSVerify: true, + groupPriorityMinimum: 100, + versionPriority: 100, }, }, - prometheusAdapter+:: { - apiService: { - apiVersion: 'apiregistration.k8s.io/v1', - kind: 'APIService', - metadata: { - name: 'v1beta1.metrics.k8s.io', - labels: $._config.prometheusAdapter.labels, - }, - spec: { - service: { - name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, - }, - group: 'metrics.k8s.io', - version: 'v1beta1', - insecureSkipTLSVerify: true, - groupPriorityMinimum: 100, - versionPriority: 100, - }, + configMap: { + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'adapter-config', + namespace: pa.config.namespace, + labels: pa.config.commonLabels, }, + data: { 'config.yaml': std.manifestYamlDoc(pa.config.config) }, + }, - configMap: { - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: 'adapter-config', - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, - }, - data: { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) }, + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: pa.config.name, + namespace: pa.config.namespace, + labels: pa.config.commonLabels, }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, + spec: { + selector: { + matchLabels: pa.config.selectorLabels, }, - spec: { - selector: { - matchLabels: $._config.prometheusAdapter.selectorLabels, - }, - endpoints: [ - { - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + endpoints: [ + { + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + insecureSkipVerify: true, }, - ], - }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }, + ], }, + }, - service: { - apiVersion: 'v1', - kind: 'Service', + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: pa.config.name, + namespace: pa.config.namespace, + labels: pa.config.commonLabels, + }, + spec: { + ports: [ + { name: 'https', targetPort: 6443, port: 443 }, + ], + selector: pa.config.selectorLabels, + }, + }, + + deployment: + local c = { + name: pa.config.name, + image: pa.config.image, + args: [ + '--cert-dir=/var/run/serving-cert', + '--config=/etc/adapter/config.yaml', + '--logtostderr=true', + '--metrics-relist-interval=1m', + '--prometheus-url=' + pa.config.prometheusURL, + '--secure-port=6443', + ], + ports: [{ containerPort: 6443 }], + volumeMounts: [ + { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, + { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false }, + { name: 'config', mountPath: '/etc/adapter', readOnly: false }, + ], + }; + + { + apiVersion: 'apps/v1', + kind: 'Deployment', metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, + name: pa.config.name, + namespace: pa.config.namespace, + labels: pa.config.commonLabels, }, spec: { - ports: [ - { name: 'https', targetPort: 6443, port: 443 }, - ], - selector: $._config.prometheusAdapter.selectorLabels, - }, - }, - - deployment: - local c = { - name: $._config.prometheusAdapter.name, - image: $._config.imageRepos.prometheusAdapter + ':' + $._config.versions.prometheusAdapter, - args: [ - '--cert-dir=/var/run/serving-cert', - '--config=/etc/adapter/config.yaml', - '--logtostderr=true', - '--metrics-relist-interval=1m', - '--prometheus-url=' + $._config.prometheusAdapter.prometheusURL, - '--secure-port=6443', - ], - ports: [{ containerPort: 6443 }], - volumeMounts: [ - { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, - { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false }, - { name: 'config', mountPath: '/etc/adapter', readOnly: false }, - ], - }; - - { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, - }, - spec: { - replicas: 1, - selector: { matchLabels: $._config.prometheusAdapter.selectorLabels }, - strategy: { - rollingUpdate: { - maxSurge: 1, - maxUnavailable: 0, - }, + replicas: 1, + selector: { matchLabels: pa.config.selectorLabels }, + strategy: { + rollingUpdate: { + maxSurge: 1, + maxUnavailable: 0, }, - template: { - metadata: { labels: $._config.prometheusAdapter.labels }, - spec: { - containers: [c], - serviceAccountName: $.prometheusAdapter.serviceAccount.metadata.name, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - volumes: [ - { name: 'tmpfs', emptyDir: {} }, - { name: 'volume-serving-cert', emptyDir: {} }, - { name: 'config', configMap: { name: 'adapter-config' } }, - ], - }, + }, + template: { + metadata: { labels: pa.config.commonLabels }, + spec: { + containers: [c], + serviceAccountName: $.serviceAccount.metadata.name, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + volumes: [ + { name: 'tmpfs', emptyDir: {} }, + { name: 'volume-serving-cert', emptyDir: {} }, + { name: 'config', configMap: { name: 'adapter-config' } }, + ], }, }, }, + }, serviceAccount: { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { - name: $._config.prometheusAdapter.name, - namespace: $._config.prometheusAdapter.namespace, - labels: $._config.prometheusAdapter.labels, + name: pa.config.name, + namespace: pa.config.namespace, + labels: pa.config.commonLabels, }, }, @@ -193,8 +200,8 @@ apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', metadata: { - name: $._config.prometheusAdapter.name, - labels: $._config.prometheusAdapter.labels, + name: pa.config.name, + labels: pa.config.commonLabels, }, rules: [{ apiGroups: [''], @@ -207,18 +214,18 @@ apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRoleBinding', metadata: { - name: $._config.prometheusAdapter.name, - labels: $._config.prometheusAdapter.labels, + name: pa.config.name, + labels: pa.config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', - name: $.prometheusAdapter.clusterRole.metadata.name, + name: $.clusterRole.metadata.name, }, subjects: [{ kind: 'ServiceAccount', - name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + name: $.serviceAccount.metadata.name, + namespace: pa.config.namespace, }], }, @@ -227,7 +234,7 @@ kind: 'ClusterRoleBinding', metadata: { name: 'resource-metrics:system:auth-delegator', - labels: $._config.prometheusAdapter.labels, + labels: pa.config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -236,8 +243,8 @@ }, subjects: [{ kind: 'ServiceAccount', - name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + name: $.serviceAccount.metadata.name, + namespace: pa.config.namespace, }], }, @@ -246,7 +253,7 @@ kind: 'ClusterRole', metadata: { name: 'resource-metrics-server-resources', - labels: $._config.prometheusAdapter.labels, + labels: pa.config.commonLabels, }, rules: [{ apiGroups: ['metrics.k8s.io'], @@ -264,7 +271,7 @@ 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', 'rbac.authorization.k8s.io/aggregate-to-view': 'true', - } + $._config.prometheusAdapter.labels, + } + pa.config.commonLabels, }, rules: [{ apiGroups: ['metrics.k8s.io'], @@ -279,7 +286,7 @@ metadata: { name: 'resource-metrics-auth-reader', namespace: 'kube-system', - labels: $._config.prometheusAdapter.labels, + labels: pa.config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -288,9 +295,8 @@ }, subjects: [{ kind: 'ServiceAccount', - name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + name: $.serviceAccount.metadata.name, + namespace: pa.config.namespace, }], }, - }, } From f2686477f4be3394930384b739751c18e7b14427 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 17:04:45 +0100 Subject: [PATCH 075/388] manifests: regenerate to fix version number --- manifests/prometheus-adapter-apiService.yaml | 2 +- manifests/prometheus-adapter-clusterRole.yaml | 2 +- ...prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml | 2 +- manifests/prometheus-adapter-clusterRoleBinding.yaml | 2 +- manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml | 2 +- manifests/prometheus-adapter-clusterRoleServerResources.yaml | 2 +- manifests/prometheus-adapter-configMap.yaml | 2 +- manifests/prometheus-adapter-deployment.yaml | 4 ++-- manifests/prometheus-adapter-roleBindingAuthReader.yaml | 2 +- manifests/prometheus-adapter-service.yaml | 2 +- manifests/prometheus-adapter-serviceAccount.yaml | 2 +- manifests/prometheus-adapter-serviceMonitor.yaml | 2 +- 12 files changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/prometheus-adapter-apiService.yaml b/manifests/prometheus-adapter-apiService.yaml index f38c7c6d..01bf70d7 100644 --- a/manifests/prometheus-adapter-apiService.yaml +++ b/manifests/prometheus-adapter-apiService.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io diff --git a/manifests/prometheus-adapter-clusterRole.yaml b/manifests/prometheus-adapter-clusterRole.yaml index 6fe766d7..80ece63e 100644 --- a/manifests/prometheus-adapter-clusterRole.yaml +++ b/manifests/prometheus-adapter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: prometheus-adapter rules: - apiGroups: diff --git a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml index bee640bc..00926af2 100644 --- a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml +++ b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" diff --git a/manifests/prometheus-adapter-clusterRoleBinding.yaml b/manifests/prometheus-adapter-clusterRoleBinding.yaml index b524518c..58e3787f 100644 --- a/manifests/prometheus-adapter-clusterRoleBinding.yaml +++ b/manifests/prometheus-adapter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: prometheus-adapter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml index 5e1c035b..be0f2716 100644 --- a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml +++ b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: resource-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleServerResources.yaml b/manifests/prometheus-adapter-clusterRoleServerResources.yaml index 8dea200e..6a845383 100644 --- a/manifests/prometheus-adapter-clusterRoleServerResources.yaml +++ b/manifests/prometheus-adapter-clusterRoleServerResources.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: resource-metrics-server-resources rules: - apiGroups: diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index f82a202f..8fe1b50d 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -33,6 +33,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: adapter-config namespace: monitoring diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index 1ed60da5..1196a1fd 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: prometheus-adapter namespace: monitoring spec: @@ -25,7 +25,7 @@ spec: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 spec: containers: - args: diff --git a/manifests/prometheus-adapter-roleBindingAuthReader.yaml b/manifests/prometheus-adapter-roleBindingAuthReader.yaml index b63c74db..6a589f88 100644 --- a/manifests/prometheus-adapter-roleBindingAuthReader.yaml +++ b/manifests/prometheus-adapter-roleBindingAuthReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: resource-metrics-auth-reader namespace: kube-system roleRef: diff --git a/manifests/prometheus-adapter-service.yaml b/manifests/prometheus-adapter-service.yaml index 41b18f00..98e726ae 100644 --- a/manifests/prometheus-adapter-service.yaml +++ b/manifests/prometheus-adapter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-serviceAccount.yaml b/manifests/prometheus-adapter-serviceAccount.yaml index bce326b9..311e9c87 100644 --- a/manifests/prometheus-adapter-serviceAccount.yaml +++ b/manifests/prometheus-adapter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: prometheus-adapter namespace: monitoring diff --git a/manifests/prometheus-adapter-serviceMonitor.yaml b/manifests/prometheus-adapter-serviceMonitor.yaml index 3291e49d..c0d5b981 100644 --- a/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/manifests/prometheus-adapter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v0.8.2 + app.kubernetes.io/version: 0.8.2 name: prometheus-adapter namespace: monitoring spec: From 09ce4afca860d5493b1247f61e6333645c68aabc Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 16:39:29 +0100 Subject: [PATCH 076/388] jsonnet: create function responsible for blackbox-exporter objects --- .../blackbox-exporter.libsonnet | 355 +++++++++--------- .../kube-prometheus/kube-prometheus.libsonnet | 8 +- 2 files changed, 179 insertions(+), 184 deletions(-) diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 9c76ff34..769b1bee 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -1,109 +1,107 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; +local krp = import '../kube-rbac-proxy/container.libsonnet'; -{ - _config+:: { - namespace: 'default', +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide version', + resources: { + requests: { cpu: '10m', memory: '20Mi' }, + limits: { cpu: '20m', memory: '40Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': 'blackbox-exporter', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + configmapReloaderImage: 'jimmidyson/configmap-reload:v0.4.0', - versions+:: { - blackboxExporter: 'v0.18.0', - configmapReloader: 'v0.4.0', - }, - - imageRepos+:: { - blackboxExporter: 'quay.io/prometheus/blackbox-exporter', - configmapReloader: 'jimmidyson/configmap-reload', - }, - - resources+:: { - 'blackbox-exporter': { - requests: { cpu: '10m', memory: '20Mi' }, - limits: { cpu: '20m', memory: '40Mi' }, + port: 9115, + internalPort: 19115, + replicas: 1, + modules: { + http_2xx: { + prober: 'http', + http: { + preferred_ip_protocol: 'ip4', }, }, - - blackboxExporter: { - port: 9115, - internalPort: 19115, - replicas: 1, - matchLabels: { - 'app.kubernetes.io/name': 'blackbox-exporter', + http_post_2xx: { + prober: 'http', + http: { + method: 'POST', + preferred_ip_protocol: 'ip4', }, - assignLabels: self.matchLabels { - 'app.kubernetes.io/version': $._config.versions.blackboxExporter, + }, + tcp_connect: { + prober: 'tcp', + tcp: { + preferred_ip_protocol: 'ip4', }, - modules: { - http_2xx: { - prober: 'http', - http: { - preferred_ip_protocol: 'ip4', - }, - }, - http_post_2xx: { - prober: 'http', - http: { - method: 'POST', - preferred_ip_protocol: 'ip4', - }, - }, - tcp_connect: { - prober: 'tcp', - tcp: { - preferred_ip_protocol: 'ip4', - }, - }, - pop3s_banner: { - prober: 'tcp', - tcp: { - query_response: [ - { expect: '^+OK' }, - ], - tls: true, - tls_config: { - insecure_skip_verify: false, - }, - preferred_ip_protocol: 'ip4', - }, - }, - ssh_banner: { - prober: 'tcp', - tcp: { - query_response: [ - { expect: '^SSH-2.0-' }, - ], - preferred_ip_protocol: 'ip4', - }, - }, - irc_banner: { - prober: 'tcp', - tcp: { - query_response: [ - { send: 'NICK prober' }, - { send: 'USER prober prober prober :prober' }, - { expect: 'PING :([^ ]+)', send: 'PONG ${1}' }, - { expect: '^:[^ ]+ 001' }, - ], - preferred_ip_protocol: 'ip4', - }, + }, + pop3s_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { expect: '^+OK' }, + ], + tls: true, + tls_config: { + insecure_skip_verify: false, }, + preferred_ip_protocol: 'ip4', + }, + }, + ssh_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { expect: '^SSH-2.0-' }, + ], + preferred_ip_protocol: 'ip4', + }, + }, + irc_banner: { + prober: 'tcp', + tcp: { + query_response: [ + { send: 'NICK prober' }, + { send: 'USER prober prober prober :prober' }, + { expect: 'PING :([^ ]+)', send: 'PONG ${1}' }, + { expect: '^:[^ ]+ 001' }, + ], + preferred_ip_protocol: 'ip4', }, - privileged: - local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp']; - std.length(icmpModules) > 0, }, }, + privileged: + local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp']; + std.length(icmpModules) > 0, +}; + + +function(params) { + local bb = self, + config:: defaults + params, + // Safety check + assert std.isObject(bb.config.resources), - blackboxExporter+:: - local bb = $._config.blackboxExporter; - { configuration: { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'blackbox-exporter-configuration', - namespace: $._config.namespace, + namespace: bb.config.namespace, + labels: bb.config.commonLabels, }, data: { - 'config.yml': std.manifestYamlDoc({ modules: bb.modules }), + 'config.yml': std.manifestYamlDoc({ modules: bb.config.modules }), }, }, @@ -112,7 +110,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn kind: 'ServiceAccount', metadata: { name: 'blackbox-exporter', - namespace: $._config.namespace, + namespace: bb.config.namespace, }, }, @@ -150,104 +148,109 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn subjects: [{ kind: 'ServiceAccount', name: 'blackbox-exporter', - namespace: $._config.namespace, + namespace: bb.config.namespace, }], }, - deployment: { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { + deployment: + local blackboxExporter = { name: 'blackbox-exporter', - namespace: $._config.namespace, - labels: bb.assignLabels, - }, - spec: { - replicas: bb.replicas, - selector: { matchLabels: bb.matchLabels }, - template: { - metadata: { labels: bb.assignLabels }, - spec: { - containers: [ - { - name: 'blackbox-exporter', - image: $._config.imageRepos.blackboxExporter + ':' + $._config.versions.blackboxExporter, - args: [ - '--config.file=/etc/blackbox_exporter/config.yml', - '--web.listen-address=:%d' % bb.internalPort, - ], - ports: [{ - name: 'http', - containerPort: bb.internalPort, - }], - resources: { - requests: $._config.resources['blackbox-exporter'].requests, - limits: $._config.resources['blackbox-exporter'].limits, - }, - securityContext: if bb.privileged then { - runAsNonRoot: false, - capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, - } else { - runAsNonRoot: true, - runAsUser: 65534, - }, - volumeMounts: [{ - mountPath: '/etc/blackbox_exporter/', - name: 'config', - readOnly: true, - }], - }, - { - name: 'module-configmap-reloader', - image: $._config.imageRepos.configmapReloader + ':' + $._config.versions.configmapReloader, - args: [ - '--webhook-url=http://localhost:%d/-/reload' % bb.internalPort, - '--volume-dir=/etc/blackbox_exporter/', - ], - resources: { - requests: $._config.resources['blackbox-exporter'].requests, - limits: $._config.resources['blackbox-exporter'].limits, - }, - securityContext: { runAsNonRoot: true, runAsUser: 65534 }, - terminationMessagePath: '/dev/termination-log', - terminationMessagePolicy: 'FallbackToLogsOnError', - volumeMounts: [{ - mountPath: '/etc/blackbox_exporter/', - name: 'config', - readOnly: true, - }], - }, - ], - nodeSelector: { 'kubernetes.io/os': 'linux' }, - serviceAccountName: 'blackbox-exporter', - volumes: [{ - name: 'config', - configMap: { name: 'blackbox-exporter-configuration' }, - }], + image: bb.config.image, + args: [ + '--config.file=/etc/blackbox_exporter/config.yml', + '--web.listen-address=:%d' % bb.config.internalPort, + ], + ports: [{ + name: 'http', + containerPort: bb.config.internalPort, + }], + resources: bb.config.resources, + securityContext: if bb.config.privileged then { + runAsNonRoot: false, + capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, + } else { + runAsNonRoot: true, + runAsUser: 65534, + }, + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true, + }], + }; + + local reloader = { + name: 'module-configmap-reloader', + image: bb.config.configmapReloaderImage, + args: [ + '--webhook-url=http://localhost:%d/-/reload' % bb.config.internalPort, + '--volume-dir=/etc/blackbox_exporter/', + ], + resources: bb.config.resources, + securityContext: { runAsNonRoot: true, runAsUser: 65534 }, + terminationMessagePath: '/dev/termination-log', + terminationMessagePolicy: 'FallbackToLogsOnError', + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true, + }], + }; + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + upstream: 'http://127.0.0.1:' + bb.config.internalPort + '/', + secureListenAddress: ':' + bb.config.port, + ports: [ + { name: 'https', containerPort: bb.config.port }, + ], + }); + + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: 'blackbox-exporter', + namespace: bb.config.namespace, + labels: bb.config.commonLabels, + }, + spec: { + replicas: bb.config.replicas, + selector: { matchLabels: bb.config.selectorLabels }, + template: { + metadata: { labels: bb.config.commonLabels }, + spec: { + containers: [blackboxExporter, reloader, kubeRbacProxy], + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'blackbox-exporter', + volumes: [{ + name: 'config', + configMap: { name: 'blackbox-exporter-configuration' }, + }], + }, }, }, }, - }, service: { apiVersion: 'v1', kind: 'Service', metadata: { name: 'blackbox-exporter', - namespace: $._config.namespace, - labels: bb.assignLabels, + namespace: bb.config.namespace, + labels: bb.config.commonLabels, }, spec: { ports: [{ name: 'https', - port: bb.port, + port: bb.config.port, targetPort: 'https', }, { name: 'probe', - port: bb.internalPort, + port: bb.config.internalPort, targetPort: 'http', }], - selector: bb.matchLabels, + selector: bb.config.selectorLabels, }, }, @@ -257,8 +260,8 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn kind: 'ServiceMonitor', metadata: { name: 'blackbox-exporter', - namespace: $._config.namespace, - labels: bb.assignLabels, + namespace: bb.config.namespace, + labels: bb.config.commonLabels, }, spec: { endpoints: [{ @@ -272,22 +275,8 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn }, }], selector: { - matchLabels: bb.matchLabels, + matchLabels: bb.config.selectorLabels, }, }, }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy', - securePortName: 'https', - securePort: bb.port, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:%d/' % bb.internalPort, - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, -} + } diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 443511d6..0267fda2 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -5,11 +5,12 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; +local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + -(import './blackbox-exporter/blackbox-exporter.libsonnet') + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + @@ -36,6 +37,11 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson image: 'directxman12/k8s-prometheus-adapter:v0.8.2', prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', }), + blackboxExporter: blackboxExporter({ + namespace: $._config.namespace, + version: '0.18.0', + image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', + }), kubePrometheus+:: { namespace: { apiVersion: 'v1', From 1c06faf207a704c0b450060f106ddb23d2c823c5 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 5 Jan 2021 16:39:49 +0100 Subject: [PATCH 077/388] manifests: regenerate --- manifests/blackbox-exporter-configuration.yaml | 5 +++++ manifests/blackbox-exporter-deployment.yaml | 17 +++++++++++++++-- manifests/blackbox-exporter-service.yaml | 6 +++++- manifests/blackbox-exporter-serviceMonitor.yaml | 6 +++++- 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/manifests/blackbox-exporter-configuration.yaml b/manifests/blackbox-exporter-configuration.yaml index 7af052c5..0f5b03eb 100644 --- a/manifests/blackbox-exporter-configuration.yaml +++ b/manifests/blackbox-exporter-configuration.yaml @@ -42,5 +42,10 @@ data: "preferred_ip_protocol": "ip4" kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.18.0 name: blackbox-exporter-configuration namespace: monitoring diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index ca71dafb..9c0ec4c0 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -2,20 +2,26 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter - app.kubernetes.io/version: v0.18.0 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.18.0 name: blackbox-exporter namespace: monitoring spec: replicas: 1 selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/part-of: kube-prometheus template: metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter - app.kubernetes.io/version: v0.18.0 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.18.0 spec: containers: - args: @@ -71,6 +77,13 @@ spec: ports: - containerPort: 9115 name: https + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true diff --git a/manifests/blackbox-exporter-service.yaml b/manifests/blackbox-exporter-service.yaml index 5a693e2b..8b568e27 100644 --- a/manifests/blackbox-exporter-service.yaml +++ b/manifests/blackbox-exporter-service.yaml @@ -2,8 +2,10 @@ apiVersion: v1 kind: Service metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter - app.kubernetes.io/version: v0.18.0 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.18.0 name: blackbox-exporter namespace: monitoring spec: @@ -15,4 +17,6 @@ spec: port: 19115 targetPort: http selector: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/blackbox-exporter-serviceMonitor.yaml b/manifests/blackbox-exporter-serviceMonitor.yaml index b4b78091..ab7b5038 100644 --- a/manifests/blackbox-exporter-serviceMonitor.yaml +++ b/manifests/blackbox-exporter-serviceMonitor.yaml @@ -2,8 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter - app.kubernetes.io/version: v0.18.0 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.18.0 name: blackbox-exporter namespace: monitoring spec: @@ -17,4 +19,6 @@ spec: insecureSkipVerify: true selector: matchLabels: + app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter + app.kubernetes.io/part-of: kube-prometheus From 2eed12b2b7a80b87ed411c3a5b9ac424d3cfb527 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 7 Jan 2021 11:09:28 +0100 Subject: [PATCH 078/388] jsonnet: create function responsible for kube-state-metrics objects Signed-off-by: paulfantom --- .../kube-prometheus/kube-prometheus.libsonnet | 37 ++- .../kube-state-metrics.libsonnet | 249 +++++++++--------- 2 files changed, 140 insertions(+), 146 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 0267fda2..0183b286 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,14 +1,12 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet'; -local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local alertmanager = import './alertmanager/alertmanager.libsonnet'; - +local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; +local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; +local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; -local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; - (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + -(import './kube-state-metrics/kube-state-metrics.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + @@ -20,28 +18,33 @@ local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet') + { - nodeExporter: nodeExporter({ - namespace: $._config.namespace, - version: '1.0.1', - image: 'quay.io/prometheus/node-exporter:v1.0.1', - }), alertmanager: alertmanager({ name: 'main', namespace: $._config.namespace, version: '0.21.0', image: 'quay.io/prometheus/alertmanager:v0.21.0', }), + blackboxExporter: blackboxExporter({ + namespace: $._config.namespace, + version: '0.18.0', + image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', + }), + kubeStateMetrics: kubeStateMetrics({ + namespace: $._config.namespace, + version: '1.9.7', + image: 'quay.io/coreos/kube-state-metrics:v1.9.7', + }), + nodeExporter: nodeExporter({ + namespace: $._config.namespace, + version: '1.0.1', + image: 'quay.io/prometheus/node-exporter:v1.0.1', + }), prometheusAdapter: prometheusAdapter({ namespace: $._config.namespace, version: '0.8.2', image: 'directxman12/k8s-prometheus-adapter:v0.8.2', prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', }), - blackboxExporter: blackboxExporter({ - namespace: $._config.namespace, - version: '0.18.0', - image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', - }), kubePrometheus+:: { namespace: { apiVersion: 'v1', @@ -217,10 +220,6 @@ local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet requests: { cpu: '10m', memory: '20Mi' }, limits: { cpu: '20m', memory: '40Mi' }, }, - 'kube-state-metrics': { - requests: { cpu: '100m', memory: '150Mi' }, - limits: { cpu: '100m', memory: '150Mi' }, - }, }, prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, grafana+:: { diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 62cad10b..8b602f7e 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -1,138 +1,133 @@ -local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; -local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet'; +local krp = (import '../kube-rbac-proxy/container.libsonnet'); -{ - _config+:: { - versions+:: { - kubeStateMetrics: '1.9.7', +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide version', + resources: { + requests: { cpu: '10m', memory: '190Mi' }, + limits: { cpu: '100m', memory: '250Mi' }, + }, + + scrapeInterval: '30s', + scrapeTimeout: '30s', + commonLabels:: { + 'app.kubernetes.io/name': 'kube-state-metrics', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, +}; + +function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet') { + local ksm = self, + config:: defaults + params, + // Safety check + assert std.isObject(ksm.config.resources), + + name:: 'kube-state-metrics', + namespace:: ksm.config.namespace, + version:: ksm.config.version, + image:: ksm.config.image, + commonLabels:: ksm.config.commonLabels, + podLabels:: ksm.config.selectorLabels, + + service+: { + spec+: { + ports: [ + { + name: 'https-main', + port: 8443, + targetPort: 'https-main', + }, + { + name: 'https-self', + port: 9443, + targetPort: 'https-self', + }, + ], }, - imageRepos+:: { - kubeStateMetrics: 'quay.io/coreos/kube-state-metrics', - }, - kubeStateMetrics+:: { - scrapeInterval: '30s', - scrapeTimeout: '30s', - labels: { - 'app.kubernetes.io/name': 'kube-state-metrics', - 'app.kubernetes.io/version': $._config.versions.kubeStateMetrics, - 'app.kubernetes.io/component': 'exporter', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - selectorLabels: { - [labelName]: $._config.kubeStateMetrics.labels[labelName] - for labelName in std.objectFields($._config.kubeStateMetrics.labels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + + local kubeRbacProxyMain = krp({ + name: 'kube-rbac-proxy-main', + upstream: 'http://127.0.0.1:8081/', + secureListenAddress: ':8443', + ports: [ + { name: 'https-main', containerPort: 8443, }, + ], + }), + + local kubeRbacProxySelf = krp({ + name: 'kube-rbac-proxy-self', + upstream: 'http://127.0.0.1:8082/', + secureListenAddress: ':9443', + ports: [ + { name: 'https-self', containerPort: 9443, }, + ], + }), + + deployment+: { + spec+: { + template+: { + spec+: { + containers: std.map(function(c) c { + ports:: null, + livenessProbe:: null, + readinessProbe:: null, + args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], + resources: ksm.config.resources, + }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], + }, }, }, }, - kubeStateMetrics+:: - ksm { - local version = self.version, - name:: 'kube-state-metrics', - namespace:: $._config.namespace, - version:: $._config.versions.kubeStateMetrics, - image:: $._config.imageRepos.kubeStateMetrics + ':v' + $._config.versions.kubeStateMetrics, - commonLabels:: $._config.kubeStateMetrics.labels, - podLabels:: $._config.kubeStateMetrics.selectorLabels, - service+: { - spec+: { - ports: [ - { - name: 'https-main', - port: 8443, - targetPort: 'https-main', - }, - { - name: 'https-self', - port: 9443, - targetPort: 'https-self', - }, - ], - }, + serviceMonitor: + { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: ksm.name, + namespace: ksm.config.namespace, + labels: ksm.config.commonLabels, }, - deployment+: { - spec+: { - template+: { - spec+: { - containers: std.map(function(c) c { - ports:: null, - livenessProbe:: null, - readinessProbe:: null, - args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], - }, super.containers), - }, - }, - }, - }, - serviceMonitor: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-state-metrics', - namespace: $._config.namespace, - labels: $._config.kubeStateMetrics.labels, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { matchLabels: $._config.kubeStateMetrics.selectorLabels }, - endpoints: [ + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { matchLabels: ksm.config.selectorLabels }, + endpoints: [ + { + port: 'https-main', + scheme: 'https', + interval: ksm.config.scrapeInterval, + scrapeTimeout: ksm.config.scrapeTimeout, + honorLabels: true, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [ { - port: 'https-main', - scheme: 'https', - interval: $._config.kubeStateMetrics.scrapeInterval, - scrapeTimeout: $._config.kubeStateMetrics.scrapeTimeout, - honorLabels: true, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [ - { - regex: '(pod|service|endpoint|namespace)', - action: 'labeldrop', - }, - ], - tlsConfig: { - insecureSkipVerify: true, - }, - }, - { - port: 'https-self', - scheme: 'https', - interval: $._config.kubeStateMetrics.scrapeInterval, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, + regex: '(pod|service|endpoint|namespace)', + action: 'labeldrop', }, ], + tlsConfig: { + insecureSkipVerify: true, + }, }, - }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy-main', - securePortName: 'https-main', - securePort: 8443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8081/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - local cfg = self, - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy-self', - securePortName: 'https-self', - securePort: 9443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8082/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, + { + port: 'https-self', + scheme: 'https', + interval: ksm.config.scrapeInterval, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + }, + ], + }, + }, } From a76135a9f980c3451cdd028df88664bf1cbf7943 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 7 Jan 2021 17:35:30 +0100 Subject: [PATCH 079/388] manifests: regenerate --- manifests/kube-state-metrics-deployment.yaml | 21 ++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index ab50e622..8c36bc62 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -31,6 +31,13 @@ spec: - --telemetry-port=8082 image: quay.io/coreos/kube-state-metrics:v1.9.7 name: kube-state-metrics + resources: + limits: + cpu: 100m + memory: 250Mi + requests: + cpu: 10m + memory: 190Mi - args: - --logtostderr - --secure-listen-address=:8443 @@ -41,6 +48,13 @@ spec: ports: - containerPort: 8443 name: https-main + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true @@ -55,6 +69,13 @@ spec: ports: - containerPort: 9443 name: https-self + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true From 78285701189468643a05876191a471cb84352be3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Tue, 12 Jan 2021 11:55:48 +0100 Subject: [PATCH 080/388] Fix service names in kube-prometheus-kops --- jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet index 5615ae20..54be338e 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet @@ -23,14 +23,14 @@ local service(name, namespace, labels, selector, ports) = { [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( - 'kube-controller-manager-prometheus-discovery', + 'kube-scheduler-prometheus-discovery', 'kube-system', { 'app.kubernetes.io/name': 'kube-scheduler' }, { 'app.kubernetes.io/name': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] ), kubeDnsPrometheusDiscoveryService: service( - 'kube-controller-manager-prometheus-discovery', + 'kube-dns-prometheus-discovery', 'kube-system', { 'app.kubernetes.io/name': 'kube-dns' }, { 'app.kubernetes.io/name': 'kube-dns' }, From ecbaa85d817eafcb9f8ab46a8856fb1c0d024b03 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 24 Nov 2020 13:22:59 +0100 Subject: [PATCH 081/388] *: add jsonnet-lint to tooling Signed-off-by: paulfantom --- Makefile | 8 +++++++- scripts/go.mod | 2 +- scripts/go.sum | 2 ++ scripts/tools.go | 1 + 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 754ba59a..198e1788 100644 --- a/Makefile +++ b/Makefile @@ -6,8 +6,9 @@ EMBEDMD_BIN=$(BIN_DIR)/embedmd JB_BIN=$(BIN_DIR)/jb GOJSONTOYAML_BIN=$(BIN_DIR)/gojsontoyaml JSONNET_BIN=$(BIN_DIR)/jsonnet +JSONNETLINT_BIN=$(BIN_DIR)/jsonnet-lint JSONNETFMT_BIN=$(BIN_DIR)/jsonnetfmt -TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETFMT_BIN) +TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLINT_BIN) $(JSONNETFMT_BIN) JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s @@ -36,6 +37,11 @@ fmt: $(JSONNETFMT_BIN) find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \ xargs -n 1 -- $(JSONNETFMT_BIN) $(JSONNETFMT_ARGS) -i +.PHONY: lint +lint: $(JSONNETLINT_BIN) vendor + find jsonnet/ -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \ + xargs -n 1 -- $(JSONNETLINT_BIN) -J vendor + .PHONY: test test: $(JB_BIN) $(JB_BIN) install diff --git a/scripts/go.mod b/scripts/go.mod index 59363cba..9c6c10c8 100644 --- a/scripts/go.mod +++ b/scripts/go.mod @@ -5,6 +5,6 @@ go 1.15 require ( github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c github.com/campoy/embedmd v1.0.0 - github.com/google/go-jsonnet v0.17.0 + github.com/google/go-jsonnet v0.17.1-0.20210101181740-31d71aaccda6 // 7 commits after 0.17.0. Needed by jsonnet linter github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 ) diff --git a/scripts/go.sum b/scripts/go.sum index 1e2cedbd..08d45587 100644 --- a/scripts/go.sum +++ b/scripts/go.sum @@ -16,6 +16,8 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/google/go-jsonnet v0.17.0 h1:/9NIEfhK1NQRKl3sP2536b2+x5HnZMdql7x3yK/l8JY= github.com/google/go-jsonnet v0.17.0/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= +github.com/google/go-jsonnet v0.17.1-0.20210101181740-31d71aaccda6 h1:91EupyycmO5ctzKuWEZ9nX0Cal1NveMiWcXxmRtLyLQ= +github.com/google/go-jsonnet v0.17.1-0.20210101181740-31d71aaccda6/go.mod h1:sOcuej3UW1vpPTZOr8L7RQimqai1a57bt5j22LzGZCw= github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUptJtnUpai802MibFc= github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= diff --git a/scripts/tools.go b/scripts/tools.go index b6cba4f2..d5b67e32 100644 --- a/scripts/tools.go +++ b/scripts/tools.go @@ -8,6 +8,7 @@ import ( _ "github.com/brancz/gojsontoyaml" _ "github.com/campoy/embedmd" _ "github.com/google/go-jsonnet/cmd/jsonnet" + _ "github.com/google/go-jsonnet/cmd/jsonnet-lint" _ "github.com/google/go-jsonnet/cmd/jsonnetfmt" _ "github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb" ) From 48579a967903d0385528038283bb497d236d6dc9 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 12 Jan 2021 13:33:13 +0100 Subject: [PATCH 082/388] .github/workflows: run fmt and lint in CI --- .github/workflows/ci.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 68da3163..e9edf2a6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,6 +20,18 @@ jobs: with: go-version: ${{ env.golang-version }} - run: make --always-make generate && git diff --exit-code + lint: + runs-on: ubuntu-latest + name: Jsonnet linter + steps: + - uses: actions/checkout@v2 + - run: make --always-make lint + fmt: + runs-on: ubuntu-latest + name: Jsonnet formatter + steps: + - uses: actions/checkout@v2 + - run: make --always-make fmt && git diff --exit-code unit-tests: runs-on: ubuntu-latest name: Unit tests From b5ab602911fde97ae20727e63fd658d42c9f8a1f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 12 Jan 2021 15:21:56 +0100 Subject: [PATCH 083/388] jsonnet: lint --- jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet | 2 -- jsonnet/kube-prometheus/kube-prometheus.libsonnet | 1 - jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet | 1 - .../kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet | 1 - 4 files changed, 5 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet index 9005402e..63582362 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet @@ -30,8 +30,6 @@ }, prometheus+:: { - local p = self, - prometheus+: { spec+: antiaffinity('prometheus', [$._config.prometheus.name], $._config.namespace), diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 0183b286..044d27fc 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -100,7 +100,6 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson (kubeRbacProxyContainer { config+:: { kubeRbacProxy: { - local cfg = self, image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, name: 'kube-rbac-proxy', securePortName: 'https', diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet index a142b4b6..a5db87fe 100644 --- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet @@ -1,5 +1,4 @@ local defaults = { - local defaults = self, namespace: error 'must provide namespace', image: 'quay.io/brancz/kube-rbac-proxy:v0.8.0', ports: error 'must provide ports', diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet index 795463a7..5122e837 100644 --- a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet @@ -16,7 +16,6 @@ }, specMixin:: { - local sm = self, config+:: { kubeRbacProxy: { image: error 'must provide image', From d00a923299a09952107f44c2a6ce248c7a818d21 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 12 Jan 2021 16:03:13 +0100 Subject: [PATCH 084/388] jsonnet: format --- .../alertmanager/alertmanager.libsonnet | 2 - .../blackbox-exporter.libsonnet | 356 +++++++++--------- .../kube-rbac-proxy/container.libsonnet | 78 ++-- .../kube-state-metrics.libsonnet | 4 +- .../node-exporter/node-exporter.libsonnet | 7 +- .../prometheus-adapter.libsonnet | 204 +++++----- 6 files changed, 325 insertions(+), 326 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index 4b091e9a..2fee6e1e 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -58,8 +58,6 @@ local defaults = { }; - - function(params) { local am = self, config:: defaults + params, diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet index 769b1bee..ce421209 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet @@ -92,191 +92,191 @@ function(params) { // Safety check assert std.isObject(bb.config.resources), - configuration: { - apiVersion: 'v1', - kind: 'ConfigMap', - metadata: { - name: 'blackbox-exporter-configuration', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, - }, - data: { - 'config.yml': std.manifestYamlDoc({ modules: bb.config.modules }), - }, + configuration: { + apiVersion: 'v1', + kind: 'ConfigMap', + metadata: { + name: 'blackbox-exporter-configuration', + namespace: bb.config.namespace, + labels: bb.config.commonLabels, + }, + data: { + 'config.yml': std.manifestYamlDoc({ modules: bb.config.modules }), + }, + }, + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'blackbox-exporter', + namespace: bb.config.namespace, + }, + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'blackbox-exporter', + }, + rules: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], }, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'blackbox-exporter', - namespace: bb.config.namespace, - }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], }, + ], + }, - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'blackbox-exporter', - }, - rules: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'blackbox-exporter', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'blackbox-exporter', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'blackbox-exporter', + namespace: bb.config.namespace, + }], + }, + + deployment: + local blackboxExporter = { + name: 'blackbox-exporter', + image: bb.config.image, + args: [ + '--config.file=/etc/blackbox_exporter/config.yml', + '--web.listen-address=:%d' % bb.config.internalPort, + ], + ports: [{ + name: 'http', + containerPort: bb.config.internalPort, + }], + resources: bb.config.resources, + securityContext: if bb.config.privileged then { + runAsNonRoot: false, + capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, + } else { + runAsNonRoot: true, + runAsUser: 65534, }, + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true, + }], + }; - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: 'blackbox-exporter', - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'blackbox-exporter', - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'blackbox-exporter', - namespace: bb.config.namespace, - }], + local reloader = { + name: 'module-configmap-reloader', + image: bb.config.configmapReloaderImage, + args: [ + '--webhook-url=http://localhost:%d/-/reload' % bb.config.internalPort, + '--volume-dir=/etc/blackbox_exporter/', + ], + resources: bb.config.resources, + securityContext: { runAsNonRoot: true, runAsUser: 65534 }, + terminationMessagePath: '/dev/termination-log', + terminationMessagePolicy: 'FallbackToLogsOnError', + volumeMounts: [{ + mountPath: '/etc/blackbox_exporter/', + name: 'config', + readOnly: true, + }], + }; + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + upstream: 'http://127.0.0.1:' + bb.config.internalPort + '/', + secureListenAddress: ':' + bb.config.port, + ports: [ + { name: 'https', containerPort: bb.config.port }, + ], + }); + + { + apiVersion: 'apps/v1', + kind: 'Deployment', + metadata: { + name: 'blackbox-exporter', + namespace: bb.config.namespace, + labels: bb.config.commonLabels, }, - - deployment: - local blackboxExporter = { - name: 'blackbox-exporter', - image: bb.config.image, - args: [ - '--config.file=/etc/blackbox_exporter/config.yml', - '--web.listen-address=:%d' % bb.config.internalPort, - ], - ports: [{ - name: 'http', - containerPort: bb.config.internalPort, - }], - resources: bb.config.resources, - securityContext: if bb.config.privileged then { - runAsNonRoot: false, - capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, - } else { - runAsNonRoot: true, - runAsUser: 65534, - }, - volumeMounts: [{ - mountPath: '/etc/blackbox_exporter/', - name: 'config', - readOnly: true, - }], - }; - - local reloader = { - name: 'module-configmap-reloader', - image: bb.config.configmapReloaderImage, - args: [ - '--webhook-url=http://localhost:%d/-/reload' % bb.config.internalPort, - '--volume-dir=/etc/blackbox_exporter/', - ], - resources: bb.config.resources, - securityContext: { runAsNonRoot: true, runAsUser: 65534 }, - terminationMessagePath: '/dev/termination-log', - terminationMessagePolicy: 'FallbackToLogsOnError', - volumeMounts: [{ - mountPath: '/etc/blackbox_exporter/', - name: 'config', - readOnly: true, - }], - }; - - local kubeRbacProxy = krp({ - name: 'kube-rbac-proxy', - upstream: 'http://127.0.0.1:' + bb.config.internalPort + '/', - secureListenAddress: ':' + bb.config.port, - ports: [ - { name: 'https', containerPort: bb.config.port }, - ], - }); - - { - apiVersion: 'apps/v1', - kind: 'Deployment', - metadata: { - name: 'blackbox-exporter', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, - }, + spec: { + replicas: bb.config.replicas, + selector: { matchLabels: bb.config.selectorLabels }, + template: { + metadata: { labels: bb.config.commonLabels }, spec: { - replicas: bb.config.replicas, - selector: { matchLabels: bb.config.selectorLabels }, - template: { - metadata: { labels: bb.config.commonLabels }, - spec: { - containers: [blackboxExporter, reloader, kubeRbacProxy], - nodeSelector: { 'kubernetes.io/os': 'linux' }, - serviceAccountName: 'blackbox-exporter', - volumes: [{ - name: 'config', - configMap: { name: 'blackbox-exporter-configuration' }, - }], - }, - }, - }, - }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'blackbox-exporter', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, - }, - spec: { - ports: [{ - name: 'https', - port: bb.config.port, - targetPort: 'https', - }, { - name: 'probe', - port: bb.config.internalPort, - targetPort: 'http', - }], - selector: bb.config.selectorLabels, - }, - }, - - serviceMonitor: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'blackbox-exporter', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, - }, - spec: { - endpoints: [{ - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - interval: '30s', - path: '/metrics', - port: 'https', - scheme: 'https', - tlsConfig: { - insecureSkipVerify: true, - }, + containers: [blackboxExporter, reloader, kubeRbacProxy], + nodeSelector: { 'kubernetes.io/os': 'linux' }, + serviceAccountName: 'blackbox-exporter', + volumes: [{ + name: 'config', + configMap: { name: 'blackbox-exporter-configuration' }, }], - selector: { - matchLabels: bb.config.selectorLabels, - }, }, }, - } + }, + }, + + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'blackbox-exporter', + namespace: bb.config.namespace, + labels: bb.config.commonLabels, + }, + spec: { + ports: [{ + name: 'https', + port: bb.config.port, + targetPort: 'https', + }, { + name: 'probe', + port: bb.config.internalPort, + targetPort: 'http', + }], + selector: bb.config.selectorLabels, + }, + }, + + serviceMonitor: + { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'blackbox-exporter', + namespace: bb.config.namespace, + labels: bb.config.commonLabels, + }, + spec: { + endpoints: [{ + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + interval: '30s', + path: '/metrics', + port: 'https', + scheme: 'https', + tlsConfig: { + insecureSkipVerify: true, + }, + }], + selector: { + matchLabels: bb.config.selectorLabels, + }, + }, + }, +} diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet index a5db87fe..bc4bf7ff 100644 --- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet +++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet @@ -9,33 +9,33 @@ local defaults = { limits: { cpu: '20m', memory: '40Mi' }, }, tlsCipherSuites: [ - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 - 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 - // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 - // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2 - // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 - // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 + // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2 + // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 + // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 + // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 + // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 + // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go + // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', - 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', - ], + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', + 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', + ], }; @@ -45,19 +45,19 @@ function(params) { // Safety check assert std.isObject(krp.config.resources), - name: krp.config.name, - image: krp.config.image, - args: [ - '--logtostderr', - '--secure-listen-address=' + krp.config.secureListenAddress, - '--tls-cipher-suites=' + std.join(',', krp.config.tlsCipherSuites), - '--upstream=' + krp.config.upstream, - ], - resources: krp.config.resources, - ports: krp.config.ports, - securityContext: { - runAsUser: 65532, - runAsGroup: 65532, - runAsNonRoot: true, - }, + name: krp.config.name, + image: krp.config.image, + args: [ + '--logtostderr', + '--secure-listen-address=' + krp.config.secureListenAddress, + '--tls-cipher-suites=' + std.join(',', krp.config.tlsCipherSuites), + '--upstream=' + krp.config.upstream, + ], + resources: krp.config.resources, + ports: krp.config.ports, + securityContext: { + runAsUser: 65532, + runAsGroup: 65532, + runAsNonRoot: true, + }, } diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 8b602f7e..037d023b 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -60,7 +60,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- upstream: 'http://127.0.0.1:8081/', secureListenAddress: ':8443', ports: [ - { name: 'https-main', containerPort: 8443, }, + { name: 'https-main', containerPort: 8443 }, ], }), @@ -69,7 +69,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- upstream: 'http://127.0.0.1:8082/', secureListenAddress: ':9443', ports: [ - { name: 'https-self', containerPort: 9443, }, + { name: 'https-self', containerPort: 9443 }, ], }), diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 63ec53b9..bb16fc41 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -67,8 +67,9 @@ function(params) { apiGroups: ['authorization.k8s.io'], resources: ['subjectaccessreviews'], verbs: ['create'], - }], - }, + }, + ], + }, serviceAccount: { apiVersion: 'v1', @@ -169,7 +170,7 @@ function(params) { }) + { env: [ { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, - ] + ], }; { diff --git a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet index 4dceb06f..4b2ac39f 100644 --- a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet @@ -186,117 +186,117 @@ function(params) { }, }, - serviceAccount: { - apiVersion: 'v1', + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: pa.config.name, + namespace: pa.config.namespace, + labels: pa.config.commonLabels, + }, + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: pa.config.name, + labels: pa.config.commonLabels, + }, + rules: [{ + apiGroups: [''], + resources: ['nodes', 'namespaces', 'pods', 'services'], + verbs: ['get', 'list', 'watch'], + }], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: pa.config.name, + labels: pa.config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: $.clusterRole.metadata.name, + }, + subjects: [{ kind: 'ServiceAccount', - metadata: { - name: pa.config.name, - namespace: pa.config.namespace, - labels: pa.config.commonLabels, - }, - }, + name: $.serviceAccount.metadata.name, + namespace: pa.config.namespace, + }], + }, - clusterRole: { - apiVersion: 'rbac.authorization.k8s.io/v1', + clusterRoleBindingDelegator: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'resource-metrics:system:auth-delegator', + labels: pa.config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', - metadata: { - name: pa.config.name, - labels: pa.config.commonLabels, - }, - rules: [{ - apiGroups: [''], - resources: ['nodes', 'namespaces', 'pods', 'services'], - verbs: ['get', 'list', 'watch'], - }], + name: 'system:auth-delegator', }, + subjects: [{ + kind: 'ServiceAccount', + name: $.serviceAccount.metadata.name, + namespace: pa.config.namespace, + }], + }, - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: pa.config.name, - labels: pa.config.commonLabels, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: $.clusterRole.metadata.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: $.serviceAccount.metadata.name, - namespace: pa.config.namespace, - }], + clusterRoleServerResources: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'resource-metrics-server-resources', + labels: pa.config.commonLabels, }, + rules: [{ + apiGroups: ['metrics.k8s.io'], + resources: ['*'], + verbs: ['*'], + }], + }, - clusterRoleBindingDelegator: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: 'resource-metrics:system:auth-delegator', - labels: pa.config.commonLabels, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'system:auth-delegator', - }, - subjects: [{ - kind: 'ServiceAccount', - name: $.serviceAccount.metadata.name, - namespace: pa.config.namespace, - }], + clusterRoleAggregatedMetricsReader: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'system:aggregated-metrics-reader', + labels: { + 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', + 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', + 'rbac.authorization.k8s.io/aggregate-to-view': 'true', + } + pa.config.commonLabels, }, + rules: [{ + apiGroups: ['metrics.k8s.io'], + resources: ['pods', 'nodes'], + verbs: ['get', 'list', 'watch'], + }], + }, - clusterRoleServerResources: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'resource-metrics-server-resources', - labels: pa.config.commonLabels, - }, - rules: [{ - apiGroups: ['metrics.k8s.io'], - resources: ['*'], - verbs: ['*'], - }], + roleBindingAuthReader: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'resource-metrics-auth-reader', + namespace: 'kube-system', + labels: pa.config.commonLabels, }, - - clusterRoleAggregatedMetricsReader: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', - metadata: { - name: 'system:aggregated-metrics-reader', - labels: { - 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', - 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', - 'rbac.authorization.k8s.io/aggregate-to-view': 'true', - } + pa.config.commonLabels, - }, - rules: [{ - apiGroups: ['metrics.k8s.io'], - resources: ['pods', 'nodes'], - verbs: ['get', 'list', 'watch'], - }], - }, - - roleBindingAuthReader: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'resource-metrics-auth-reader', - namespace: 'kube-system', - labels: pa.config.commonLabels, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'extension-apiserver-authentication-reader', - }, - subjects: [{ - kind: 'ServiceAccount', - name: $.serviceAccount.metadata.name, - namespace: pa.config.namespace, - }], + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'extension-apiserver-authentication-reader', }, + subjects: [{ + kind: 'ServiceAccount', + name: $.serviceAccount.metadata.name, + namespace: pa.config.namespace, + }], + }, } From 6e132e4490b8e7c56a8738109402e1ed36d138e7 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 11 Jan 2021 15:59:09 +0100 Subject: [PATCH 085/388] jsonnet: refactor monitoring mixins imports --- .../kube-prometheus/kube-prometheus.libsonnet | 57 ++++++++----- .../mixins/monitoring-mixins.libsonnet | 81 +++++++++++++++++++ 2 files changed, 117 insertions(+), 21 deletions(-) create mode 100644 jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 044d27fc..709f51d3 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -6,17 +6,12 @@ local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonn local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; +local mixins = import './mixins/monitoring-mixins.libsonnet'; + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + -(import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + -(import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + -(import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + -(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + (import './prometheus/prometheus.libsonnet') + -(import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') + -(import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + -(import './alerts/alerts.libsonnet') + -(import './rules/rules.libsonnet') + + { alertmanager: alertmanager({ name: 'main', @@ -176,28 +171,29 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', ], - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + //runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', kubeletSelector: 'job="kubelet", metrics_path="/metrics"', kubeStateMetricsSelector: 'job="kube-state-metrics"', nodeExporterSelector: 'job="node-exporter"', - fsSpaceFillingUpCriticalThreshold: 15, - notKubeDnsSelector: 'job!="kube-dns"', + //fsSpaceFillingUpCriticalThreshold: 15, kubeSchedulerSelector: 'job="kube-scheduler"', kubeControllerManagerSelector: 'job="kube-controller-manager"', kubeApiserverSelector: 'job="apiserver"', coreDNSSelector: 'job="kube-dns"', - podLabel: 'pod', + //podLabel: 'pod', - alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', - alertmanagerClusterLabels: 'namespace,service', - alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanager.name + '",namespace="' + $._config.namespace + '"', - prometheusSelector: 'job="prometheus-' + $._config.prometheus.name + '",namespace="' + $._config.namespace + '"', - prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + $._config.namespace + '"', - jobs: { + //alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', + //alertmanagerClusterLabels: 'namespace,service', + alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanager.name + '",namespace="' + $._config.namespace + '"', + prometheusSelector: 'job="prometheus-' + $._config.prometheus.name + '",namespace="' + $._config.namespace + '"', + //prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', + + + /*jobs: { Kubelet: $._config.kubeletSelector, KubeScheduler: $._config.kubeSchedulerSelector, KubeControllerManager: $._config.kubeControllerManagerSelector, @@ -208,7 +204,7 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson Prometheus: $._config.prometheusSelector, PrometheusOperator: $._config.prometheusOperatorSelector, CoreDNS: $._config.coreDNSSelector, - }, + },*/ resources+:: { 'addon-resizer': { @@ -220,7 +216,25 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson limits: { cpu: '20m', memory: '40Mi' }, }, }, - prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, + + local allRules = + mixins.mixins.nodeExporter.prometheusRules + + mixins.mixins.kubernetes.prometheusRules + + mixins.mixins.base.prometheusRules + + mixins.mixins.kubeStateMetrics.prometheusAlerts + + mixins.mixins.nodeExporter.prometheusAlerts + + mixins.mixins.alertmanager.prometheusAlerts + + mixins.mixins.prometheusOperator.prometheusAlerts + + mixins.mixins.kubernetes.prometheusAlerts + + mixins.mixins.prometheus.prometheusAlerts + + mixins.mixins.base.prometheusAlerts, + + local allDashboards = + mixins.mixins.nodeExporter.grafanaDashboards + + mixins.mixins.kubernetes.grafanaDashboards + + mixins.mixins.prometheus.grafanaDashboards, + + prometheus+:: { rules: allRules }, grafana+:: { labels: { 'app.kubernetes.io/name': 'grafana', @@ -228,7 +242,8 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson 'app.kubernetes.io/component': 'grafana', 'app.kubernetes.io/part-of': 'kube-prometheus', }, - dashboards: $.grafanaDashboards, + //dashboards: $.grafanaDashboards, + dashboards: allDashboards, }, }, } diff --git a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet new file mode 100644 index 00000000..afdd92ea --- /dev/null +++ b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet @@ -0,0 +1,81 @@ +{ + // Add you mixins here. + mixins+:: { + _config:: { // TODO(paulfantom): figure out how to pass this from higher up + prometheusName: 'k8s', + alertmanagerName: 'main', + namespace: 'default', + }, + base+: + (import '../alerts/general.libsonnet') + + (import '../alerts/node.libsonnet') + + (import '../rules/node-rules.libsonnet') + + (import '../rules/general.libsonnet') { + _config+:: { + nodeExporterSelector: 'job="node-exporter"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, + }, + + kubernetes: + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { + _config+:: { + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', + kubeletSelector: 'job="kubelet", metrics_path="/metrics"', + kubeStateMetricsSelector: 'job="kube-state-metrics"', + nodeExporterSelector: 'job="node-exporter"', + kubeSchedulerSelector: 'job="kube-scheduler"', + kubeControllerManagerSelector: 'job="kube-controller-manager"', + kubeApiserverSelector: 'job="apiserver"', + podLabel: 'pod', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, + }, + + kubeStateMetrics: + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') { + _config+:: { + kubeStateMetricsSelector: 'job="kube-state-metrics"', + }, + }, + + prometheusOperator: + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { + _config+:: { + //prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + $._config.namespace + '"', + prometheusOperatorSelector: 'job="prometheus-operator",namespace="monitoring"', + }, + }, + + prometheus: + (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { + _config+:: { + //prometheusSelector: 'job="prometheus-' + $._config.prometheusName + '",namespace="' + $._config.namespace + '"', + prometheusSelector: 'job="prometheus-k8s",namespace="monitoring"', + prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', + }, + }, + + alertmanager: + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') { + _config+:: { + alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', + alertmanagerClusterLabels: 'namespace,service', + //alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanagerName + '",namespace="' + $._config.namespace + '"', + alertmanagerSelector: 'job="alertmanager-main",namespace="monitoring"', + }, + }, + + nodeExporter: + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') { + _config+:: { + nodeExporterSelector: 'job="node-exporter"', + fsSpaceFillingUpCriticalThreshold: 15, + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + }, + }, + + }, +} From 18e804217aec246d373ed79306e2fffaebdcef4d Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 11 Jan 2021 15:59:40 +0100 Subject: [PATCH 086/388] manifests: regenerate --- manifests/grafana-dashboardDefinitions.yaml | 64 ++++++++++----------- manifests/grafana-deployment.yaml | 2 +- 2 files changed, 31 insertions(+), 35 deletions(-) diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index ed5c20a4..e5e62bc9 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -22243,7 +22243,7 @@ items: "timeShift": null, "title": "CPU Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22329,7 +22329,7 @@ items: "timeShift": null, "title": "CPU Saturation (load1 per CPU)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22427,7 +22427,7 @@ items: "timeShift": null, "title": "Memory Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22513,7 +22513,7 @@ items: "timeShift": null, "title": "Memory Saturation (Major Page Faults)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22627,7 +22627,7 @@ items: "timeShift": null, "title": "Net Utilisation (Bytes Receive/Transmit)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22729,7 +22729,7 @@ items: "timeShift": null, "title": "Net Saturation (Drops Receive/Transmit)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22827,7 +22827,7 @@ items: "timeShift": null, "title": "Disk IO Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -22913,7 +22913,7 @@ items: "timeShift": null, "title": "Disk IO Saturation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23011,7 +23011,7 @@ items: "timeShift": null, "title": "Disk Space Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23107,9 +23107,9 @@ items: "30d" ] }, - "timezone": "UTC", + "timezone": "utc", "title": "USE Method / Cluster", - "uid": "3e97d1d02672cdd0861f4c97c64f89b2", + "uid": "", "version": 0 } kind: ConfigMap @@ -23191,7 +23191,7 @@ items: "timeShift": null, "title": "CPU Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23277,7 +23277,7 @@ items: "timeShift": null, "title": "CPU Saturation (Load1 per CPU)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23375,7 +23375,7 @@ items: "timeShift": null, "title": "Memory Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23461,7 +23461,7 @@ items: "timeShift": null, "title": "Memory Saturation (Major Page Faults)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23575,7 +23575,7 @@ items: "timeShift": null, "title": "Net Utilisation (Bytes Receive/Transmit)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23677,7 +23677,7 @@ items: "timeShift": null, "title": "Net Saturation (Drops Receive/Transmit)", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23775,7 +23775,7 @@ items: "timeShift": null, "title": "Disk IO Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23861,7 +23861,7 @@ items: "timeShift": null, "title": "Disk IO Saturation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -23959,7 +23959,7 @@ items: "timeShift": null, "title": "Disk Space Utilisation", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24082,9 +24082,9 @@ items: "30d" ] }, - "timezone": "UTC", + "timezone": "utc", "title": "USE Method / Node", - "uid": "fac67cfbe174d3ef53eb473d73d9212f", + "uid": "", "version": 0 } kind: ConfigMap @@ -24181,7 +24181,7 @@ items: "timeShift": null, "title": "CPU Usage", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24295,7 +24295,7 @@ items: "timeShift": null, "title": "Load Average", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24422,7 +24422,7 @@ items: "timeShift": null, "title": "Memory Usage", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24525,9 +24525,6 @@ items: ], "thresholds": "80, 90", "title": "Memory Usage", - "tooltip": { - "shared": false - }, "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ @@ -24636,7 +24633,7 @@ items: "timeShift": null, "title": "Disk I/O", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24743,7 +24740,7 @@ items: "timeShift": null, "title": "Disk Space Usage", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24850,7 +24847,7 @@ items: "timeShift": null, "title": "Network Received", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -24944,7 +24941,7 @@ items: "timeShift": null, "title": "Network Transmitted", "tooltip": { - "shared": false, + "shared": true, "sort": 0, "value_type": "individual" }, @@ -25067,9 +25064,8 @@ items: "30d" ] }, - "timezone": "UTC", + "timezone": "browser", "title": "Nodes", - "uid": "fa49a4706d07a042595b664c87fb33ea", "version": 0 } kind: ConfigMap diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 99e17824..85d3f68d 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -13,7 +13,7 @@ spec: template: metadata: annotations: - checksum/grafana-dashboards: ce13f0b50d04c73fb01da858eb1fb608 + checksum/grafana-dashboards: a9e19e1ab605dc374f30edda771e6917 checksum/grafana-datasources: 48faab41f579fc8efde6034391496f6a labels: app: grafana From 5f9b222c413833980806b82a1468c7a1e3765678 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 11 Jan 2021 16:02:09 +0100 Subject: [PATCH 087/388] jsonnet: remove dead code --- .../kube-prometheus/kube-prometheus.libsonnet | 36 ------------------- 1 file changed, 36 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 709f51d3..1e757670 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -171,41 +171,6 @@ local mixins = import './mixins/monitoring-mixins.libsonnet'; 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', ], - //runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', - - cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', - kubeletSelector: 'job="kubelet", metrics_path="/metrics"', - kubeStateMetricsSelector: 'job="kube-state-metrics"', - nodeExporterSelector: 'job="node-exporter"', - //fsSpaceFillingUpCriticalThreshold: 15, - kubeSchedulerSelector: 'job="kube-scheduler"', - kubeControllerManagerSelector: 'job="kube-controller-manager"', - kubeApiserverSelector: 'job="apiserver"', - coreDNSSelector: 'job="kube-dns"', - //podLabel: 'pod', - - prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + $._config.namespace + '"', - - //alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', - //alertmanagerClusterLabels: 'namespace,service', - alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanager.name + '",namespace="' + $._config.namespace + '"', - prometheusSelector: 'job="prometheus-' + $._config.prometheus.name + '",namespace="' + $._config.namespace + '"', - //prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', - - - /*jobs: { - Kubelet: $._config.kubeletSelector, - KubeScheduler: $._config.kubeSchedulerSelector, - KubeControllerManager: $._config.kubeControllerManagerSelector, - KubeAPI: $._config.kubeApiserverSelector, - KubeStateMetrics: $._config.kubeStateMetricsSelector, - NodeExporter: $._config.nodeExporterSelector, - Alertmanager: $._config.alertmanagerSelector, - Prometheus: $._config.prometheusSelector, - PrometheusOperator: $._config.prometheusOperatorSelector, - CoreDNS: $._config.coreDNSSelector, - },*/ - resources+:: { 'addon-resizer': { requests: { cpu: '10m', memory: '30Mi' }, @@ -242,7 +207,6 @@ local mixins = import './mixins/monitoring-mixins.libsonnet'; 'app.kubernetes.io/component': 'grafana', 'app.kubernetes.io/part-of': 'kube-prometheus', }, - //dashboards: $.grafanaDashboards, dashboards: allDashboards, }, }, From 55900d9e1c24703bd5822b2a49a1aa11931db302 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 11 Jan 2021 16:43:31 +0100 Subject: [PATCH 088/388] jsonnet: wrap mixins into a function and parametrize Signed-off-by: paulfantom --- .../kube-prometheus/kube-prometheus.libsonnet | 33 +++++++++++-------- .../mixins/monitoring-mixins.libsonnet | 29 ++++++++-------- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 1e757670..6bafcff1 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -6,7 +6,7 @@ local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonn local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; -local mixins = import './mixins/monitoring-mixins.libsonnet'; +local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + @@ -40,6 +40,11 @@ local mixins = import './mixins/monitoring-mixins.libsonnet'; image: 'directxman12/k8s-prometheus-adapter:v0.8.2', prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', }), + mixins+:: monitoringMixins({ + namespace: $._config.namespace, + alertmanagerName: 'main', + prometheusName: 'k8s', + }), kubePrometheus+:: { namespace: { apiVersion: 'v1', @@ -183,21 +188,21 @@ local mixins = import './mixins/monitoring-mixins.libsonnet'; }, local allRules = - mixins.mixins.nodeExporter.prometheusRules + - mixins.mixins.kubernetes.prometheusRules + - mixins.mixins.base.prometheusRules + - mixins.mixins.kubeStateMetrics.prometheusAlerts + - mixins.mixins.nodeExporter.prometheusAlerts + - mixins.mixins.alertmanager.prometheusAlerts + - mixins.mixins.prometheusOperator.prometheusAlerts + - mixins.mixins.kubernetes.prometheusAlerts + - mixins.mixins.prometheus.prometheusAlerts + - mixins.mixins.base.prometheusAlerts, + $.mixins.nodeExporter.prometheusRules + + $.mixins.kubernetes.prometheusRules + + $.mixins.base.prometheusRules + + $.mixins.kubeStateMetrics.prometheusAlerts + + $.mixins.nodeExporter.prometheusAlerts + + $.mixins.alertmanager.prometheusAlerts + + $.mixins.prometheusOperator.prometheusAlerts + + $.mixins.kubernetes.prometheusAlerts + + $.mixins.prometheus.prometheusAlerts + + $.mixins.base.prometheusAlerts, local allDashboards = - mixins.mixins.nodeExporter.grafanaDashboards + - mixins.mixins.kubernetes.grafanaDashboards + - mixins.mixins.prometheus.grafanaDashboards, + $.mixins.nodeExporter.grafanaDashboards + + $.mixins.kubernetes.grafanaDashboards + + $.mixins.prometheus.grafanaDashboards, prometheus+:: { rules: allRules }, grafana+:: { diff --git a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet index afdd92ea..14682543 100644 --- a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet +++ b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet @@ -1,11 +1,13 @@ -{ - // Add you mixins here. - mixins+:: { - _config:: { // TODO(paulfantom): figure out how to pass this from higher up - prometheusName: 'k8s', - alertmanagerName: 'main', - namespace: 'default', - }, +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + prometheusName: error 'must provide namespace', + alertmanagerName: error 'must provide namespace', +}; + +function(params) { + local m = self, + config:: defaults + params, base+: (import '../alerts/general.libsonnet') + (import '../alerts/node.libsonnet') + @@ -44,16 +46,14 @@ prometheusOperator: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { _config+:: { - //prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + $._config.namespace + '"', - prometheusOperatorSelector: 'job="prometheus-operator",namespace="monitoring"', + prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + m.config.namespace + '"', }, }, prometheus: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { _config+:: { - //prometheusSelector: 'job="prometheus-' + $._config.prometheusName + '",namespace="' + $._config.namespace + '"', - prometheusSelector: 'job="prometheus-k8s",namespace="monitoring"', + prometheusSelector: 'job="prometheus-' + m.config.prometheusName + '",namespace="' + m.config.namespace + '"', prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', }, }, @@ -63,8 +63,7 @@ _config+:: { alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', alertmanagerClusterLabels: 'namespace,service', - //alertmanagerSelector: 'job="alertmanager-' + $._config.alertmanagerName + '",namespace="' + $._config.namespace + '"', - alertmanagerSelector: 'job="alertmanager-main",namespace="monitoring"', + alertmanagerSelector: 'job="alertmanager-' + m.config.alertmanagerName + '",namespace="' + m.config.namespace + '"', }, }, @@ -76,6 +75,4 @@ diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', }, }, - - }, } From b4fcf8f6cc10c7ed1ad80b670b6a75da57dbb4a2 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 09:13:35 +0100 Subject: [PATCH 089/388] jsonnet: fix copy-paste errors, format, and lint Signed-off-by: paulfantom --- .../kube-prometheus/kube-prometheus.libsonnet | 2 +- .../mixins/monitoring-mixins.libsonnet | 113 +++++++++--------- 2 files changed, 57 insertions(+), 58 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 6bafcff1..58392cc0 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -186,7 +186,7 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; limits: { cpu: '20m', memory: '40Mi' }, }, }, - + local allRules = $.mixins.nodeExporter.prometheusRules + $.mixins.kubernetes.prometheusRules + diff --git a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet index 14682543..bb035837 100644 --- a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet +++ b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet @@ -1,78 +1,77 @@ local defaults = { - local defaults = self, namespace: error 'must provide namespace', - prometheusName: error 'must provide namespace', - alertmanagerName: error 'must provide namespace', + prometheusName: error 'must provide Prometheus resource name', + alertmanagerName: error 'must provide Alertmanager resource name', }; function(params) { local m = self, config:: defaults + params, - base+: - (import '../alerts/general.libsonnet') + - (import '../alerts/node.libsonnet') + - (import '../rules/node-rules.libsonnet') + - (import '../rules/general.libsonnet') { - _config+:: { - nodeExporterSelector: 'job="node-exporter"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', - }, + base+: + (import '../alerts/general.libsonnet') + + (import '../alerts/node.libsonnet') + + (import '../rules/node-rules.libsonnet') + + (import '../rules/general.libsonnet') { + _config+:: { + nodeExporterSelector: 'job="node-exporter"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', }, + }, - kubernetes: - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { - _config+:: { - cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', - kubeletSelector: 'job="kubelet", metrics_path="/metrics"', - kubeStateMetricsSelector: 'job="kube-state-metrics"', - nodeExporterSelector: 'job="node-exporter"', - kubeSchedulerSelector: 'job="kube-scheduler"', - kubeControllerManagerSelector: 'job="kube-controller-manager"', - kubeApiserverSelector: 'job="apiserver"', - podLabel: 'pod', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', - diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', - }, + kubernetes: + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { + _config+:: { + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', + kubeletSelector: 'job="kubelet", metrics_path="/metrics"', + kubeStateMetricsSelector: 'job="kube-state-metrics"', + nodeExporterSelector: 'job="node-exporter"', + kubeSchedulerSelector: 'job="kube-scheduler"', + kubeControllerManagerSelector: 'job="kube-controller-manager"', + kubeApiserverSelector: 'job="apiserver"', + podLabel: 'pod', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', }, + }, - kubeStateMetrics: - (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') { - _config+:: { - kubeStateMetricsSelector: 'job="kube-state-metrics"', - }, + kubeStateMetrics: + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') { + _config+:: { + kubeStateMetricsSelector: 'job="kube-state-metrics"', }, + }, - prometheusOperator: - (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { - _config+:: { - prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + m.config.namespace + '"', - }, + prometheusOperator: + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { + _config+:: { + prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + m.config.namespace + '"', }, + }, - prometheus: - (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { - _config+:: { - prometheusSelector: 'job="prometheus-' + m.config.prometheusName + '",namespace="' + m.config.namespace + '"', - prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', - }, + prometheus: + (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { + _config+:: { + prometheusSelector: 'job="prometheus-' + m.config.prometheusName + '",namespace="' + m.config.namespace + '"', + prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', }, + }, - alertmanager: - (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') { - _config+:: { - alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', - alertmanagerClusterLabels: 'namespace,service', - alertmanagerSelector: 'job="alertmanager-' + m.config.alertmanagerName + '",namespace="' + m.config.namespace + '"', - }, + alertmanager: + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') { + _config+:: { + alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', + alertmanagerClusterLabels: 'namespace,service', + alertmanagerSelector: 'job="alertmanager-' + m.config.alertmanagerName + '",namespace="' + m.config.namespace + '"', }, + }, - nodeExporter: - (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') { - _config+:: { - nodeExporterSelector: 'job="node-exporter"', - fsSpaceFillingUpCriticalThreshold: 15, - diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - }, + nodeExporter: + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') { + _config+:: { + nodeExporterSelector: 'job="node-exporter"', + fsSpaceFillingUpCriticalThreshold: 15, + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', }, + }, } From 9cf2ce9ffc320b9cf3dd02495b5af3d0e68b21c8 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 09:53:03 +0100 Subject: [PATCH 090/388] jsonnet: create function responsible for prometheus objects Signed-off-by: paulfantom --- .../kube-prometheus/kube-prometheus.libsonnet | 59 +- .../prometheus/prometheus.libsonnet | 900 +++++++++--------- 2 files changed, 483 insertions(+), 476 deletions(-) diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 58392cc0..d5811aef 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -5,16 +5,15 @@ local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; +local prometheus = import './prometheus/prometheus.libsonnet'; local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + -(import './prometheus/prometheus.libsonnet') + - { alertmanager: alertmanager({ - name: 'main', + name: $._config.alertmanagerName, namespace: $._config.namespace, version: '0.21.0', image: 'quay.io/prometheus/alertmanager:v0.21.0', @@ -34,6 +33,14 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; version: '1.0.1', image: 'quay.io/prometheus/node-exporter:v1.0.1', }), + prometheus: prometheus({ + namespace: $._config.namespace, + version: '2.24.0', + image: 'quay.io/prometheus/prometheus:v2.24.0', + name: $._config.prometheusName, + alertmanagerName: $._config.alertmanagerName, + rules: $.allRules, + }), prometheusAdapter: prometheusAdapter({ namespace: $._config.namespace, version: '0.8.2', @@ -42,9 +49,24 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; }), mixins+:: monitoringMixins({ namespace: $._config.namespace, - alertmanagerName: 'main', - prometheusName: 'k8s', + alertmanagerName: $._config.alertmanagerName, + prometheusName: $._config.prometheusName, }), + + // FIXME(paulfantom) Remove this variable by moving each mixin to its own component + // Example: node_exporter mixin could be added in ./node-exporter/node-exporter.libsonnet + allRules:: + $.mixins.nodeExporter.prometheusRules + + $.mixins.kubernetes.prometheusRules + + $.mixins.base.prometheusRules + + $.mixins.kubeStateMetrics.prometheusAlerts + + $.mixins.nodeExporter.prometheusAlerts + + $.mixins.alertmanager.prometheusAlerts + + $.mixins.prometheusOperator.prometheusAlerts + + $.mixins.kubernetes.prometheusAlerts + + $.mixins.prometheus.prometheusAlerts + + $.mixins.base.prometheusAlerts, + kubePrometheus+:: { namespace: { apiVersion: 'v1', @@ -143,6 +165,8 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; } + { _config+:: { namespace: 'default', + prometheusName: 'k8s', + alertmanagerName: 'main', versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' }, imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, @@ -187,24 +211,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; }, }, - local allRules = - $.mixins.nodeExporter.prometheusRules + - $.mixins.kubernetes.prometheusRules + - $.mixins.base.prometheusRules + - $.mixins.kubeStateMetrics.prometheusAlerts + - $.mixins.nodeExporter.prometheusAlerts + - $.mixins.alertmanager.prometheusAlerts + - $.mixins.prometheusOperator.prometheusAlerts + - $.mixins.kubernetes.prometheusAlerts + - $.mixins.prometheus.prometheusAlerts + - $.mixins.base.prometheusAlerts, - - local allDashboards = - $.mixins.nodeExporter.grafanaDashboards + - $.mixins.kubernetes.grafanaDashboards + - $.mixins.prometheus.grafanaDashboards, - - prometheus+:: { rules: allRules }, grafana+:: { labels: { 'app.kubernetes.io/name': 'grafana', @@ -212,7 +218,12 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; 'app.kubernetes.io/component': 'grafana', 'app.kubernetes.io/part-of': 'kube-prometheus', }, - dashboards: allDashboards, + // FIXME(paulfantom): Same as with rules and alerts. + // This should be gathering all dashboards from components without having to enumerate all dashboards. + dashboards: + $.mixins.nodeExporter.grafanaDashboards + + $.mixins.kubernetes.grafanaDashboards + + $.mixins.prometheus.grafanaDashboards, }, }, } diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index fc99add3..e1b66923 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -1,488 +1,484 @@ local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'; -{ - _config+:: { - namespace: 'default', +local defaults = { + local defaults = self, + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + resources: { + requests: { memory: '400Mi' }, + }, - versions+:: { prometheus: 'v2.22.1' }, - imageRepos+:: { prometheus: 'quay.io/prometheus/prometheus' }, - alertmanager+:: { name: 'main' }, + name: error 'must provide name', + alertmanagerName: error 'must provide alertmanagerName', + namespaces: ['default', 'kube-system', defaults.namespace], + replicas: 2, + rules: { + groups: [], + }, + commonLabels:: { + 'app.kubernetes.io/name': 'prometheus', + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + } + { prometheus: defaults.name }, +}; - prometheus+:: { - name: 'k8s', - replicas: 2, - rules: {}, - namespaces: ['default', 'kube-system', $._config.namespace], - labels: { - 'app.kubernetes.io/name': 'prometheus', - 'app.kubernetes.io/version': $._config.versions.prometheus, - 'app.kubernetes.io/component': 'prometheus', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - selectorLabels: { - [labelName]: $._config.prometheus.labels[labelName] - for labelName in std.objectFields($._config.prometheus.labels) - if !std.setMember(labelName, ['app.kubernetes.io/version']) - }, + +function(params) { + local p = self, + config:: defaults + params, + // Safety check + assert std.isObject(p.config.resources), + + serviceAccount: { + apiVersion: 'v1', + kind: 'ServiceAccount', + metadata: { + name: 'prometheus-' + p.config.name, + namespace: p.config.namespace, + labels: p.config.commonLabels, }, }, - prometheus+:: { - local p = self, - - name:: $._config.prometheus.name, - namespace:: $._config.namespace, - roleBindingNamespaces:: $._config.prometheus.namespaces, - replicas:: $._config.prometheus.replicas, - prometheusRules:: $._config.prometheus.rules, - alertmanagerName:: $.alertmanager.service.metadata.name, - - serviceAccount: { - apiVersion: 'v1', - kind: 'ServiceAccount', - metadata: { - name: 'prometheus-' + p.name, - namespace: p.namespace, - labels: $._config.prometheus.labels, - }, + service: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'prometheus-' + p.config.name, + namespace: p.config.namespace, + labels: { prometheus: p.config.name } + p.config.commonLabels, }, - - service: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'prometheus-' + p.name, - namespace: p.namespace, - labels: { prometheus: p.name } + $._config.prometheus.labels, - }, - spec: { - ports: [ - { name: 'web', targetPort: 'web', port: 9090 }, - ], - selector: { app: 'prometheus', prometheus: p.name } + $._config.prometheus.selectorLabels, - sessionAffinity: 'ClientIP', - }, + spec: { + ports: [ + { name: 'web', targetPort: 'web', port: 9090 }, + ], + selector: { app: 'prometheus' } + p.config.selectorLabels, + sessionAffinity: 'ClientIP', }, + }, - rules: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: { - prometheus: p.name, - role: 'alert-rules', - } + $._config.prometheus.labels, - name: 'prometheus-' + p.name + '-rules', - namespace: p.namespace, - }, - spec: { - groups: p.prometheusRules.groups, - }, + rules: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: { + prometheus: p.config.name, + role: 'alert-rules', + } + p.config.commonLabels, + name: 'prometheus-' + p.config.name + '-rules', + namespace: p.config.namespace, }, + spec: { + groups: p.config.rules.groups, + }, + }, - roleBindingSpecificNamespaces: - local newSpecificRoleBinding(namespace) = { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'prometheus-' + p.name, - namespace: namespace, - labels: $._config.prometheus.labels, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'prometheus-' + p.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'prometheus-' + p.name, - namespace: p.namespace, - }], - }; - { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBindingList', - items: [newSpecificRoleBinding(x) for x in p.roleBindingNamespaces], - }, - - clusterRole: { + roleBindingSpecificNamespaces: + local newSpecificRoleBinding(namespace) = { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', + kind: 'RoleBinding', metadata: { - name: 'prometheus-' + p.name, - labels: $._config.prometheus.labels, + name: 'prometheus-' + p.config.name, + namespace: namespace, + labels: p.config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'prometheus-' + p.config.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p.config.name, + namespace: p.config.namespace, + }], + }; + { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBindingList', + items: [newSpecificRoleBinding(x) for x in p.config.namespaces], + }, + + clusterRole: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRole', + metadata: { + name: 'prometheus-' + p.config.name, + labels: p.config.commonLabels, + }, + rules: [ + { + apiGroups: [''], + resources: ['nodes/metrics'], + verbs: ['get'], + }, + { + nonResourceURLs: ['/metrics'], + verbs: ['get'], + }, + ], + }, + + roleConfig: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'prometheus-' + p.config.name + '-config', + namespace: p.config.namespace, + labels: p.config.commonLabels, + }, + rules: [{ + apiGroups: [''], + resources: ['configmaps'], + verbs: ['get'], + }], + }, + + roleBindingConfig: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'prometheus-' + p.config.name + '-config', + namespace: p.config.namespace, + labels: p.config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'prometheus-' + p.config.name + '-config', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p.config.name, + namespace: p.config.namespace, + }], + }, + + clusterRoleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'ClusterRoleBinding', + metadata: { + name: 'prometheus-' + p.config.name, + labels: p.config.commonLabels, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'ClusterRole', + name: 'prometheus-' + p.config.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'prometheus-' + p.config.name, + namespace: p.config.namespace, + }], + }, + + roleSpecificNamespaces: + local newSpecificRole(namespace) = { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'prometheus-' + p.config.name, + namespace: namespace, + labels: p.config.commonLabels, }, rules: [ { apiGroups: [''], - resources: ['nodes/metrics'], - verbs: ['get'], + resources: ['services', 'endpoints', 'pods'], + verbs: ['get', 'list', 'watch'], }, { - nonResourceURLs: ['/metrics'], - verbs: ['get'], + apiGroups: ['extensions'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], }, ], - }, - - roleConfig: { + }; + { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: { - name: 'prometheus-' + p.name + '-config', - namespace: p.namespace, - labels: $._config.prometheus.labels, - }, - rules: [{ - apiGroups: [''], - resources: ['configmaps'], - verbs: ['get'], - }], + kind: 'RoleList', + items: [newSpecificRole(x) for x in p.config.namespaces], }, - roleBindingConfig: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', - metadata: { - name: 'prometheus-' + p.name + '-config', - namespace: p.namespace, - labels: $._config.prometheus.labels, - }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', - name: 'prometheus-' + p.name + '-config', - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'prometheus-' + p.name, - namespace: p.namespace, - }], + prometheus: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'Prometheus', + metadata: { + name: p.config.name, + namespace: p.config.namespace, + labels: { prometheus: p.config.name } + p.config.commonLabels, }, - - clusterRoleBinding: { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', - metadata: { - name: 'prometheus-' + p.name, - labels: $._config.prometheus.labels, + spec: { + replicas: p.config.replicas, + version: p.config.version, + image: p.config.image, + podMetadata: { + labels: p.config.commonLabels, }, - roleRef: { - apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', - name: 'prometheus-' + p.name, - }, - subjects: [{ - kind: 'ServiceAccount', - name: 'prometheus-' + p.name, - namespace: p.namespace, - }], - }, - - roleSpecificNamespaces: - local newSpecificRole(namespace) = { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', - metadata: { - name: 'prometheus-' + p.name, - namespace: namespace, - labels: $._config.prometheus.labels, - }, - rules: [ - { - apiGroups: [''], - resources: ['services', 'endpoints', 'pods'], - verbs: ['get', 'list', 'watch'], - }, - { - apiGroups: ['extensions'], - resources: ['ingresses'], - verbs: ['get', 'list', 'watch'], - }, - ], - }; - { - apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleList', - items: [newSpecificRole(x) for x in p.roleBindingNamespaces], - }, - - prometheus: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'Prometheus', - metadata: { - name: p.name, - namespace: p.namespace, - labels: { prometheus: p.name } + $._config.prometheus.labels, - }, - spec: { - replicas: p.replicas, - version: $._config.versions.prometheus, - image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus, - podMetadata: { - labels: $._config.prometheus.labels, - }, - serviceAccountName: 'prometheus-' + p.name, - serviceMonitorSelector: {}, - podMonitorSelector: {}, - probeSelector: {}, - serviceMonitorNamespaceSelector: {}, - podMonitorNamespaceSelector: {}, - probeNamespaceSelector: {}, - nodeSelector: { 'kubernetes.io/os': 'linux' }, - ruleSelector: { - matchLabels: { - role: 'alert-rules', - prometheus: p.name, - }, - }, - resources: { - requests: { memory: '400Mi' }, - }, - alerting: { - alertmanagers: [{ - namespace: p.namespace, - name: p.alertmanagerName, - port: 'web', - }], - }, - securityContext: { - runAsUser: 1000, - runAsNonRoot: true, - fsGroup: 2000, + serviceAccountName: 'prometheus-' + p.config.name, + serviceMonitorSelector: {}, + podMonitorSelector: {}, + probeSelector: {}, + serviceMonitorNamespaceSelector: {}, + podMonitorNamespaceSelector: {}, + probeNamespaceSelector: {}, + nodeSelector: { 'kubernetes.io/os': 'linux' }, + ruleSelector: { + matchLabels: { + role: 'alert-rules', + prometheus: p.config.name, }, }, - }, - - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'prometheus', - namespace: p.namespace, - labels: $._config.prometheus.labels, - }, - spec: { - selector: { - matchLabels: { prometheus: p.name } + $._config.prometheus.selectorLabels, - }, - endpoints: [{ + resources: p.config.resources, + alerting: { + alertmanagers: [{ + namespace: p.config.namespace, + name: 'alertmanager-' + p.config.alertmanagerName, port: 'web', - interval: '30s', }], }, - }, - - serviceMonitorKubeScheduler: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-scheduler', - namespace: p.namespace, - labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { insecureSkipVerify: true }, - }], - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorKubelet: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kubelet', - namespace: p.namespace, - labels: { 'app.kubernetes.io/name': 'kubelet' }, - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ - { - port: 'https-metrics', - scheme: 'https', - interval: '30s', - honorLabels: true, - tlsConfig: { insecureSkipVerify: true }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings, - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/cadvisor', - interval: '30s', - honorLabels: true, - honorTimestamps: false, - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - metricRelabelings: [ - // Drop a bunch of metrics which are disabled but still sent, see - // https://github.com/google/cadvisor/issues/1925. - { - sourceLabels: ['__name__'], - regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', - action: 'drop', - }, - ], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/probes', - interval: '30s', - honorLabels: true, - tlsConfig: { insecureSkipVerify: true }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - }, - ], - selector: { - matchLabels: { 'k8s-app': 'kubelet' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorKubeControllerManager: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-controller-manager', - namespace: p.namespace, - labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|request|server).*', - action: 'drop', - }, - ], - }], - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorApiserver: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-apiserver', - namespace: p.namespace, - labels: { 'app.kubernetes.io/name': 'apiserver' }, - }, - spec: { - jobLabel: 'component', - selector: { - matchLabels: { - component: 'apiserver', - provider: 'kubernetes', - }, - }, - namespaceSelector: { - matchNames: ['default'], - }, - endpoints: [{ - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - serverName: 'kubernetes', - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|server).*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_step_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__', 'le'], - regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', - action: 'drop', - }, - ], - }], - }, - }, - - serviceMonitorCoreDNS: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'coredns', - namespace: p.namespace, - labels: { 'app.kubernetes.io/name': 'coredns' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - endpoints: [{ - port: 'metrics', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - }], + securityContext: { + runAsUser: 1000, + runAsNonRoot: true, + fsGroup: 2000, }, }, }, + + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'prometheus', + namespace: p.config.namespace, + labels: p.config.commonLabels, + }, + spec: { + selector: { + matchLabels: p.config.selectorLabels, + }, + endpoints: [{ + port: 'web', + interval: '30s', + }], + }, + }, + + serviceMonitorKubeScheduler: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-scheduler', + namespace: p.config.namespace, + labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { insecureSkipVerify: true }, + }], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubelet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kubelet', + namespace: p.config.namespace, + labels: { 'app.kubernetes.io/name': 'kubelet' }, + }, + spec: { + jobLabel: 'k8s-app', + endpoints: [ + { + port: 'https-metrics', + scheme: 'https', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings, + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/cadvisor', + interval: '30s', + honorLabels: true, + honorTimestamps: false, + tlsConfig: { + insecureSkipVerify: true, + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + metricRelabelings: [ + // Drop a bunch of metrics which are disabled but still sent, see + // https://github.com/google/cadvisor/issues/1925. + { + sourceLabels: ['__name__'], + regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', + action: 'drop', + }, + ], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/probes', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + ], + selector: { + matchLabels: { 'k8s-app': 'kubelet' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubeControllerManager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-controller-manager', + namespace: p.config.namespace, + labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|request|server).*', + action: 'drop', + }, + ], + }], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorApiserver: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-apiserver', + namespace: p.config.namespace, + labels: { 'app.kubernetes.io/name': 'apiserver' }, + }, + spec: { + jobLabel: 'component', + selector: { + matchLabels: { + component: 'apiserver', + provider: 'kubernetes', + }, + }, + namespaceSelector: { + matchNames: ['default'], + }, + endpoints: [{ + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + serverName: 'kubernetes', + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|server).*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_step_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__', 'le'], + regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', + action: 'drop', + }, + ], + }], + }, + }, + + serviceMonitorCoreDNS: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'coredns', + namespace: p.config.namespace, + labels: { 'app.kubernetes.io/name': 'coredns' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + endpoints: [{ + port: 'metrics', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }], + }, + }, } From 5dcb5de78812cd80745aa6ecc04e6b8dc8913c53 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 09:59:29 +0100 Subject: [PATCH 091/388] manifests: regenerate --- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 ++++---- manifests/prometheus-roleBindingConfig.yaml | 2 +- manifests/prometheus-roleBindingSpecificNamespaces.yaml | 6 +++--- manifests/prometheus-roleConfig.yaml | 2 +- manifests/prometheus-roleSpecificNamespaces.yaml | 6 +++--- manifests/prometheus-rules.yaml | 2 +- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index b5f08060..3ba90def 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index a52cf1e8..edb32698 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 2b7dd140..36fd374f 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 prometheus: k8s name: k8s namespace: monitoring @@ -15,7 +15,7 @@ spec: - name: alertmanager-main namespace: monitoring port: web - image: quay.io/prometheus/prometheus:v2.22.1 + image: quay.io/prometheus/prometheus:v2.24.0 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -23,7 +23,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -43,4 +43,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: v2.22.1 + version: 2.24.0 diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index feaf95e5..f0a88d7d 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index ed2ac384..d4d922cb 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index 2b94cc72..2a749463 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index b7c962c0..a11ce701 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: default rules: @@ -36,7 +36,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: kube-system rules: @@ -65,7 +65,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml index cd9c2019..fd56b0aa 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/prometheus-rules.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 prometheus: k8s role: alert-rules name: prometheus-k8s-rules diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index ff66c892..7ae91474 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index a4157e78..283b0821 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index 38622d37..a36e3941 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: v2.22.1 + app.kubernetes.io/version: 2.24.0 name: prometheus namespace: monitoring spec: From e2c50fa40f3f03959d695b8b3ddb95869eb21a33 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 16:45:00 +0100 Subject: [PATCH 092/388] jsonnet: update prometheus-operator dependency --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 20d65bdf..e9484736 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.44" + "version": "release-0.45" }, { "source": { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index b4af75ef..7efb4031 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "22aaf848a27f6e45702131e22a596778686068d5", + "version": "5555f492df250168657b72bb8cb60bec071de71f", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "d8b7d3766225908d0239fd0d78258892cd0fc384", - "sum": "Nl+N/h76bzD9tZ8tx7tuNIKHwCIJ9zyOsAWplH8HvAE=" + "version": "5555f492df250168657b72bb8cb60bec071de71f", + "sum": "quzK9/gITldAfVGBkFUsLjQ3Y2F4NOJ2GQUjPSD8HHQ=" }, { "source": { From bed5cc8efb1ec5b628aa1ed5a026bb8bcc42bbb0 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 16:59:15 +0100 Subject: [PATCH 093/388] jsonnet/kube-prometheus: use refactored upstream prometheus-operator library --- .../kube-prometheus/kube-prometheus.libsonnet | 69 ++--------- .../prometheus-operator.libsonnet | 109 ++++++++++++++++++ 2 files changed, 119 insertions(+), 59 deletions(-) create mode 100644 jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index d5811aef..a0891027 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,16 +1,14 @@ -local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet'; - local alertmanager = import './alertmanager/alertmanager.libsonnet'; local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; +local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; local prometheus = import './prometheus/prometheus.libsonnet'; local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + -(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + { alertmanager: alertmanager({ name: $._config.alertmanagerName, @@ -47,6 +45,15 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; image: 'directxman12/k8s-prometheus-adapter:v0.8.2', prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', }), + prometheusOperator: prometheusOperator({ + namespace: $._config.namespace, + version: '0.45.0', + image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0', + configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0', + commonLabels+: { + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + }), mixins+:: monitoringMixins({ namespace: $._config.namespace, alertmanagerName: $._config.alertmanagerName, @@ -76,62 +83,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; }, }, }, - prometheusOperator+:: - { - service+: { - spec+: { - ports: [ - { - name: 'https', - port: 8443, - targetPort: 'https', - }, - ], - }, - }, - serviceMonitor+: { - spec+: { - endpoints: [ - { - port: 'https', - scheme: 'https', - honorLabels: true, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - }, - ], - }, - }, - clusterRole+: { - rules+: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], - }, - } + - (kubeRbacProxyContainer { - config+:: { - kubeRbacProxy: { - image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy, - name: 'kube-rbac-proxy', - securePortName: 'https', - securePort: 8443, - secureListenAddress: ':%d' % self.securePort, - upstream: 'http://127.0.0.1:8080/', - tlsCipherSuites: $._config.tlsCipherSuites, - }, - }, - }).deploymentMixin, grafana+:: { local dashboardDefinitions = super.dashboardDefinitions, diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet new file mode 100644 index 00000000..91469503 --- /dev/null +++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet @@ -0,0 +1,109 @@ +local krp = (import '../kube-rbac-proxy/container.libsonnet'); +local prometheusOperator = import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet'; + +local defaults = { + local defaults = self, + name: 'prometheus-operator', + namespace: error 'must provide namespace', + version: error 'must provide version', + image: error 'must provide image', + configReloaderImage: error 'must provide config reloader image', + resources: { + limits: { cpu: '200m', memory: '200Mi' }, + requests: { cpu: '100m', memory: '100Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': defaults.name, + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'controller', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, +}; + +function(params) { + local po = self, + config:: defaults + params, + // Safety check + assert std.isObject(po.config.resources), + + //TODO(paulfantom): it would be better to include it on the same level as self. + local polib = prometheusOperator(po.config), + + '0alertmanagerConfigCustomResourceDefinition': polib['0alertmanagerConfigCustomResourceDefinition'], + '0alertmanagerCustomResourceDefinition': polib['0alertmanagerCustomResourceDefinition'], + '0podmonitorCustomResourceDefinition': polib['0podmonitorCustomResourceDefinition'], + '0probeCustomResourceDefinition': polib['0probeCustomResourceDefinition'], + '0prometheusCustomResourceDefinition': polib['0prometheusCustomResourceDefinition'], + '0prometheusruleCustomResourceDefinition': polib['0prometheusruleCustomResourceDefinition'], + '0servicemonitorCustomResourceDefinition': polib['0servicemonitorCustomResourceDefinition'], + '0thanosrulerCustomResourceDefinition': polib['0thanosrulerCustomResourceDefinition'], + + serviceAccount: polib.serviceAccount, + service: polib.service { + spec+: { + ports: [ + { + name: 'https', + port: 8443, + targetPort: 'https', + }, + ], + }, + }, + + serviceMonitor: polib.serviceMonitor { + spec+: { + endpoints: [ + { + port: 'https', + scheme: 'https', + honorLabels: true, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + }, + ], + }, + }, + + clusterRoleBinding: polib.clusterRoleBinding, + clusterRole: polib.clusterRole { + rules+: [ + { + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], + }, + ], + }, + + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + upstream: 'http://127.0.0.1:8080/', + secureListenAddress: ':8443', + ports: [ + { name: 'https', containerPort: 8443 }, + ], + }), + + deployment: polib.deployment { + spec+: { + template+: { + spec+: { + containers+: [kubeRbacProxy], + }, + }, + }, + }, +} From 7335ac40d0cc30c62e1243c16973d75c8855742e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 16:59:39 +0100 Subject: [PATCH 094/388] jsonnet: remove unused kube-rbac-proxy config and helper lib --- .../kube-prometheus/kube-prometheus.libsonnet | 43 +-------- .../kube-rbac-proxy/containerMixin.libsonnet | 95 ------------------- 2 files changed, 1 insertion(+), 137 deletions(-) delete mode 100644 jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index a0891027..e97f07f1 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -119,48 +119,7 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; prometheusName: 'k8s', alertmanagerName: 'main', - versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' }, - imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, - - tlsCipherSuites: [ - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 - 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721 - - // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 - // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2 - // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 - // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 - // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2 - // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169 - - // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go - - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', - 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', - 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', - ], - - resources+:: { - 'addon-resizer': { - requests: { cpu: '10m', memory: '30Mi' }, - limits: { cpu: '50m', memory: '30Mi' }, - }, - 'kube-rbac-proxy': { - requests: { cpu: '10m', memory: '20Mi' }, - limits: { cpu: '20m', memory: '40Mi' }, - }, - }, + versions+:: { grafana: '7.3.5' }, grafana+:: { labels: { diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet b/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet deleted file mode 100644 index 5122e837..00000000 --- a/jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet +++ /dev/null @@ -1,95 +0,0 @@ -// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet -// are converted to use kube-rbac-proxy/container.libsonnet - -{ - local krp = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - - specMixin:: { - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - spec+: { - template+: { - spec+: { - containers+: [{ - name: krp.config.kubeRbacProxy.name, - image: krp.config.kubeRbacProxy.image, - args: [ - '--logtostderr', - '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, - '--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites), - '--upstream=' + krp.config.kubeRbacProxy.upstream, - ], - ports: [ - { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, - ], - securityContext: { - runAsUser: 65532, - runAsGroup: 65532, - runAsNonRoot: true, - }, - }], - }, - }, - }, - }, - - deploymentMixin:: { - local dm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - deployment+: krp.specMixin { - config+:: { - kubeRbacProxy+: dm.config.kubeRbacProxy, - }, - }, - }, - - statefulSetMixin:: { - local sm = self, - config+:: { - kubeRbacProxy: { - image: error 'must provide image', - name: error 'must provide name', - securePortName: error 'must provide securePortName', - securePort: error 'must provide securePort', - secureListenAddress: error 'must provide secureListenAddress', - upstream: error 'must provide upstream', - tlsCipherSuites: error 'must provide tlsCipherSuites', - }, - }, - statefulSet+: krp.specMixin { - config+:: { - kubeRbacProxy+: sm.config.kubeRbacProxy, - }, - }, - }, -} From 255cd9a1c53898f2005f95199b73a878361e88e1 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 13 Jan 2021 16:59:48 +0100 Subject: [PATCH 095/388] manifests: regenerate --- .../prometheus-operator-serviceMonitor.yaml | 6 ++- ...managerConfigCustomResourceDefinition.yaml | 43 ++++++++++++------- ...r-0prometheusCustomResourceDefinition.yaml | 9 ++-- .../prometheus-operator-clusterRole.yaml | 3 +- ...rometheus-operator-clusterRoleBinding.yaml | 3 +- .../setup/prometheus-operator-deployment.yaml | 20 ++++++--- .../setup/prometheus-operator-service.yaml | 4 +- .../prometheus-operator-serviceAccount.yaml | 3 +- 8 files changed, 62 insertions(+), 29 deletions(-) diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 4412f1ac..8cf19eec 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 name: prometheus-operator namespace: monitoring spec: @@ -19,4 +20,5 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index 312288f4..faa6e92e 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -47,6 +47,7 @@ spec: properties: name: description: Label to match. + minLength: 1 type: string regex: description: Whether to match on equality (false) or regular-expression (true). @@ -56,7 +57,6 @@ spec: type: string required: - name - - value type: object type: array targetMatch: @@ -66,6 +66,7 @@ spec: properties: name: description: Label to match. + minLength: 1 type: string regex: description: Whether to match on equality (false) or regular-expression (true). @@ -75,7 +76,6 @@ spec: type: string required: - name - - value type: object type: array type: object @@ -91,9 +91,10 @@ spec: description: EmailConfig configures notifications via Email. properties: authIdentity: + description: The identity to use for authentication. type: string authPassword: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -108,7 +109,7 @@ spec: - key type: object authSecret: - description: SecretKeySelector selects a key of a Secret. + description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -123,7 +124,7 @@ spec: - key type: object authUsername: - description: SMTP authentication information. + description: The username to use for authentication. type: string from: description: The sender address. @@ -135,6 +136,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -262,6 +264,7 @@ spec: type: array name: description: Name of the receiver. Must be unique across all items from the list. + minLength: 1 type: string opsgenieConfigs: description: List of OpsGenie configurations. @@ -296,6 +299,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -466,7 +470,7 @@ spec: responders: description: List of responders responsible for notifications. items: - description: OpsGenieConfigResponder defines a responder to an incident. One of id, name or username has to be defined. + description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. properties: id: description: ID of the responder. @@ -476,10 +480,13 @@ spec: type: string type: description: Type of responder. + minLength: 1 type: string username: description: Username of the responder. type: string + required: + - type type: object type: array sendResolved: @@ -520,6 +527,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -901,7 +909,7 @@ spec: description: Notification title. type: string token: - description: Your registered application’s API token, see https://pushover.net/apps + description: The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -922,7 +930,7 @@ spec: description: A title for supplementary URL, otherwise just the URL is shown type: string userKey: - description: The recipient user’s user key. + description: The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -956,6 +964,7 @@ spec: okText: type: string text: + minLength: 1 type: string title: type: string @@ -967,8 +976,10 @@ spec: style: type: string text: + minLength: 1 type: string type: + minLength: 1 type: string url: type: string @@ -1011,8 +1022,10 @@ spec: short: type: boolean title: + minLength: 1 type: string value: + minLength: 1 type: string required: - title @@ -1207,7 +1220,7 @@ spec: description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config properties: apiKey: - description: The API key to use when talking to the VictorOps API. + description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -1231,6 +1244,7 @@ spec: properties: key: description: Key of the tuple. + minLength: 1 type: string value: description: Value of the tuple. @@ -1407,8 +1421,6 @@ spec: stateMessage: description: Contains long explanation of the alerted problem. type: string - required: - - routingKey type: object type: array webhookConfigs: @@ -1566,8 +1578,9 @@ spec: type: object type: object maxAlerts: - description: Maximum number of alerts to be sent per webhook message. + description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. format: int32 + minimum: 0 type: integer sendResolved: description: Whether or not to notify about resolved alerts. @@ -1790,7 +1803,7 @@ spec: type: object type: array route: - description: The Alertmanager route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route. + description: The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. properties: continue: description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. @@ -1813,6 +1826,7 @@ spec: properties: name: description: Label to match. + minLength: 1 type: string regex: description: Whether to match on equality (false) or regular-expression (true). @@ -1822,11 +1836,10 @@ spec: type: string required: - name - - value type: object type: array receiver: - description: Name of the receiver for this route. If present, it should be listed in the `receivers` field. The field can be omitted only for nested routes otherwise it is mandatory. + description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. type: string repeatInterval: description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 3cfc36ab..694f6bfd 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -2255,7 +2255,7 @@ spec: type: string type: object podMonitorNamespaceSelector: - description: Namespaces to be selected for PodMonitor discovery. If nil, only check own namespace. + description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -2846,7 +2846,7 @@ spec: description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). type: string retentionSize: - description: Maximum amount of disk space used by blocks. + description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.' type: string routePrefix: description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. @@ -3016,7 +3016,7 @@ spec: description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. type: string serviceMonitorNamespaceSelector: - description: Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. + description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -3453,6 +3453,9 @@ spec: required: - key type: object + tracingConfigFile: + description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence. + type: string version: description: Version describes the version of Thanos to use. type: string diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index 5d13eb90..2821c35d 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index c2e44128..9c5b8dfa 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index 2361874a..c423a57a 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 name: prometheus-operator namespace: monitoring spec: @@ -13,18 +14,20 @@ spec: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/part-of: kube-prometheus template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1 - image: quay.io/prometheus-operator/prometheus-operator:v0.44.1 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.45.0 name: prometheus-operator ports: - containerPort: 8080 @@ -48,12 +51,19 @@ spec: ports: - containerPort: 8443 name: https + resources: + limits: + cpu: 20m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi securityContext: runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 nodeSelector: - beta.kubernetes.io/os: linux + kubernetes.io/os: linux securityContext: runAsNonRoot: true runAsUser: 65534 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index ebfd02b6..0a667c83 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -4,7 +4,8 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 name: prometheus-operator namespace: monitoring spec: @@ -16,3 +17,4 @@ spec: selector: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 7799e114..7b8cd289 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -4,6 +4,7 @@ metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator - app.kubernetes.io/version: v0.44.1 + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 name: prometheus-operator namespace: monitoring From b67686409e7bb10c25b47a492c176c60545b6f66 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 14 Jan 2021 13:19:39 +0100 Subject: [PATCH 096/388] jsonnet: remove wrapping prometheus-operator lib --- .../prometheus-operator.libsonnet | 124 ++++++++---------- 1 file changed, 55 insertions(+), 69 deletions(-) diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet index 91469503..26940c61 100644 --- a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet @@ -25,85 +25,71 @@ local defaults = { }, }; -function(params) { - local po = self, - config:: defaults + params, +function(params) + local config = defaults + params; // Safety check - assert std.isObject(po.config.resources), + assert std.isObject(config.resources); - //TODO(paulfantom): it would be better to include it on the same level as self. - local polib = prometheusOperator(po.config), + prometheusOperator(config) { + service+: { + spec+: { + ports: [ + { + name: 'https', + port: 8443, + targetPort: 'https', + }, + ], + }, + }, - '0alertmanagerConfigCustomResourceDefinition': polib['0alertmanagerConfigCustomResourceDefinition'], - '0alertmanagerCustomResourceDefinition': polib['0alertmanagerCustomResourceDefinition'], - '0podmonitorCustomResourceDefinition': polib['0podmonitorCustomResourceDefinition'], - '0probeCustomResourceDefinition': polib['0probeCustomResourceDefinition'], - '0prometheusCustomResourceDefinition': polib['0prometheusCustomResourceDefinition'], - '0prometheusruleCustomResourceDefinition': polib['0prometheusruleCustomResourceDefinition'], - '0servicemonitorCustomResourceDefinition': polib['0servicemonitorCustomResourceDefinition'], - '0thanosrulerCustomResourceDefinition': polib['0thanosrulerCustomResourceDefinition'], + serviceMonitor+: { + spec+: { + endpoints: [ + { + port: 'https', + scheme: 'https', + honorLabels: true, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + }, + ], + }, + }, - serviceAccount: polib.serviceAccount, - service: polib.service { - spec+: { - ports: [ + clusterRole+: { + rules+: [ { - name: 'https', - port: 8443, - targetPort: 'https', + apiGroups: ['authentication.k8s.io'], + resources: ['tokenreviews'], + verbs: ['create'], + }, + { + apiGroups: ['authorization.k8s.io'], + resources: ['subjectaccessreviews'], + verbs: ['create'], }, ], }, - }, - serviceMonitor: polib.serviceMonitor { - spec+: { - endpoints: [ - { - port: 'https', - scheme: 'https', - honorLabels: true, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, + local kubeRbacProxy = krp({ + name: 'kube-rbac-proxy', + upstream: 'http://127.0.0.1:8080/', + secureListenAddress: ':8443', + ports: [ + { name: 'https', containerPort: 8443 }, + ], + }), + + deployment+: { + spec+: { + template+: { + spec+: { + containers+: [kubeRbacProxy], }, }, - ], - }, - }, - - clusterRoleBinding: polib.clusterRoleBinding, - clusterRole: polib.clusterRole { - rules+: [ - { - apiGroups: ['authentication.k8s.io'], - resources: ['tokenreviews'], - verbs: ['create'], - }, - { - apiGroups: ['authorization.k8s.io'], - resources: ['subjectaccessreviews'], - verbs: ['create'], - }, - ], - }, - - local kubeRbacProxy = krp({ - name: 'kube-rbac-proxy', - upstream: 'http://127.0.0.1:8080/', - secureListenAddress: ':8443', - ports: [ - { name: 'https', containerPort: 8443 }, - ], - }), - - deployment: polib.deployment { - spec+: { - template+: { - spec+: { - containers+: [kubeRbacProxy], - }, }, }, - }, -} + } From ba052559cf7acf7deaf4c045a94723a128956e97 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 14 Jan 2021 15:56:55 +0100 Subject: [PATCH 097/388] jsonnet: separate mixins into components Signed-off-by: paulfantom --- .../alertmanager/alertmanager.libsonnet | 28 +++++++++ .../kube-prometheus/kube-prometheus.libsonnet | 41 +++++++++---- .../kube-state-metrics.libsonnet | 31 +++++++++- .../mixins/monitoring-mixins.libsonnet | 42 ------------- .../node-exporter/node-exporter.libsonnet | 53 +++++++++++++---- .../prometheus-operator.libsonnet | 29 +++++++++ .../prometheus/prometheus.libsonnet | 59 +++++++++++-------- 7 files changed, 191 insertions(+), 92 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index 2fee6e1e..452a2cc2 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -55,6 +55,14 @@ local defaults = { ], }, replicas: 3, + mixin: { + ruleLabels: {}, + _config: { + alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', + alertmanagerClusterLabels: 'namespace,service', + alertmanagerSelector: 'job="alertmanager-' + defaults.name + '",namespace="' + defaults.namespace + '"', + }, + }, }; @@ -63,6 +71,26 @@ function(params) { config:: defaults + params, // Safety check assert std.isObject(am.config.resources), + assert std.isObject(am.config.mixin._config), + + mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') { + _config+:: am.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: am.config.commonLabels + am.config.mixin.ruleLabels, + name: am.config.name + '-rules', + namespace: am.config.namespace, + }, + spec: { + local r = if std.objectHasAll(am.mixin, 'prometheusRules') then am.mixin.prometheusRules else {}, + local a = if std.objectHasAll(am.mixin, 'prometheusAlerts') then am.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, secret: { apiVersion: 'v1', diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index e97f07f1..6688f023 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -5,6 +5,7 @@ local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; local prometheus = import './prometheus/prometheus.libsonnet'; +local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; @@ -15,6 +16,9 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; namespace: $._config.namespace, version: '0.21.0', image: 'quay.io/prometheus/alertmanager:v0.21.0', + mixin+: { + ruleLabels: $._config.ruleLabels, + }, }), blackboxExporter: blackboxExporter({ namespace: $._config.namespace, @@ -25,11 +29,17 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; namespace: $._config.namespace, version: '1.9.7', image: 'quay.io/coreos/kube-state-metrics:v1.9.7', + mixin+: { + ruleLabels: $._config.ruleLabels, + }, }), nodeExporter: nodeExporter({ namespace: $._config.namespace, version: '1.0.1', image: 'quay.io/prometheus/node-exporter:v1.0.1', + mixin+: { + ruleLabels: $._config.ruleLabels, + }, }), prometheus: prometheus({ namespace: $._config.namespace, @@ -37,7 +47,9 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; image: 'quay.io/prometheus/prometheus:v2.24.0', name: $._config.prometheusName, alertmanagerName: $._config.alertmanagerName, - rules: $.allRules, + mixin+: { + ruleLabels: $._config.ruleLabels, + }, }), prometheusAdapter: prometheusAdapter({ namespace: $._config.namespace, @@ -53,25 +65,26 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; commonLabels+: { 'app.kubernetes.io/part-of': 'kube-prometheus', }, + mixin+: { + ruleLabels: $._config.ruleLabels, + }, }), mixins+:: monitoringMixins({ namespace: $._config.namespace, - alertmanagerName: $._config.alertmanagerName, - prometheusName: $._config.prometheusName, }), // FIXME(paulfantom) Remove this variable by moving each mixin to its own component // Example: node_exporter mixin could be added in ./node-exporter/node-exporter.libsonnet allRules:: - $.mixins.nodeExporter.prometheusRules + + //$.mixins.nodeExporter.prometheusRules + $.mixins.kubernetes.prometheusRules + $.mixins.base.prometheusRules + - $.mixins.kubeStateMetrics.prometheusAlerts + - $.mixins.nodeExporter.prometheusAlerts + - $.mixins.alertmanager.prometheusAlerts + - $.mixins.prometheusOperator.prometheusAlerts + + //$.mixins.kubeStateMetrics.prometheusAlerts + + //$.mixins.nodeExporter.prometheusAlerts + + //$.mixins.alertmanager.prometheusAlerts + + //$.mixins.prometheusOperator.prometheusAlerts + $.mixins.kubernetes.prometheusAlerts + - $.mixins.prometheus.prometheusAlerts + + //$.mixins.prometheus.prometheusAlerts + $.mixins.base.prometheusAlerts, kubePrometheus+:: { @@ -118,6 +131,10 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; namespace: 'default', prometheusName: 'k8s', alertmanagerName: 'main', + ruleLabels: { + role: 'alert-rules', + prometheus: $._config.prometheusName, + }, versions+:: { grafana: '7.3.5' }, @@ -131,9 +148,9 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; // FIXME(paulfantom): Same as with rules and alerts. // This should be gathering all dashboards from components without having to enumerate all dashboards. dashboards: - $.mixins.nodeExporter.grafanaDashboards + - $.mixins.kubernetes.grafanaDashboards + - $.mixins.prometheus.grafanaDashboards, + //$.mixins.nodeExporter.grafanaDashboards + + $.mixins.kubernetes.grafanaDashboards, + //$.mixins.prometheus.grafanaDashboards, }, }, } diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index 037d023b..c3236589 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -2,6 +2,7 @@ local krp = (import '../kube-rbac-proxy/container.libsonnet'); local defaults = { local defaults = self, + name: 'kube-state-metrics', namespace: error 'must provide namespace', version: error 'must provide version', image: error 'must provide version', @@ -13,7 +14,7 @@ local defaults = { scrapeInterval: '30s', scrapeTimeout: '30s', commonLabels:: { - 'app.kubernetes.io/name': 'kube-state-metrics', + 'app.kubernetes.io/name': defaults.name, 'app.kubernetes.io/version': defaults.version, 'app.kubernetes.io/component': 'exporter', 'app.kubernetes.io/part-of': 'kube-prometheus', @@ -23,6 +24,12 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, + mixin: { + ruleLabels: {}, + _config: { + kubeStateMetricsSelector: 'job="' + defaults.name + '"', + }, + }, }; function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet') { @@ -30,14 +37,34 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- config:: defaults + params, // Safety check assert std.isObject(ksm.config.resources), + assert std.isObject(ksm.config.mixin._config), - name:: 'kube-state-metrics', + name:: ksm.config.name, namespace:: ksm.config.namespace, version:: ksm.config.version, image:: ksm.config.image, commonLabels:: ksm.config.commonLabels, podLabels:: ksm.config.selectorLabels, + mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') { + _config+:: ksm.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: ksm.config.commonLabels + ksm.config.mixin.ruleLabels, + name: ksm.config.name + '-rules', + namespace: ksm.config.namespace, + }, + spec: { + local r = if std.objectHasAll(ksm.mixin, 'prometheusRules') then ksm.mixin.prometheusRules else {}, + local a = if std.objectHasAll(ksm.mixin, 'prometheusAlerts') then ksm.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, + service+: { spec+: { ports: [ diff --git a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet index bb035837..95b88db6 100644 --- a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet +++ b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet @@ -1,7 +1,5 @@ local defaults = { namespace: error 'must provide namespace', - prometheusName: error 'must provide Prometheus resource name', - alertmanagerName: error 'must provide Alertmanager resource name', }; function(params) { @@ -34,44 +32,4 @@ function(params) { hostNetworkInterfaceSelector: 'device!~"veth.+"', }, }, - - kubeStateMetrics: - (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') { - _config+:: { - kubeStateMetricsSelector: 'job="kube-state-metrics"', - }, - }, - - prometheusOperator: - (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { - _config+:: { - prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + m.config.namespace + '"', - }, - }, - - prometheus: - (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { - _config+:: { - prometheusSelector: 'job="prometheus-' + m.config.prometheusName + '",namespace="' + m.config.namespace + '"', - prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', - }, - }, - - alertmanager: - (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') { - _config+:: { - alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', - alertmanagerClusterLabels: 'namespace,service', - alertmanagerSelector: 'job="alertmanager-' + m.config.alertmanagerName + '",namespace="' + m.config.namespace + '"', - }, - }, - - nodeExporter: - (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') { - _config+:: { - nodeExporterSelector: 'job="node-exporter"', - fsSpaceFillingUpCriticalThreshold: 15, - diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - }, - }, } diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index bb16fc41..1c4321b1 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -2,6 +2,7 @@ local krp = (import '../kube-rbac-proxy/container.libsonnet'); local defaults = { local defaults = self, + name: 'node-exporter', namespace: error 'must provide namespace', version: error 'must provide version', image: error 'must provide version', @@ -12,7 +13,7 @@ local defaults = { listenAddress: '127.0.0.1', port: 9100, commonLabels:: { - 'app.kubernetes.io/name': 'node-exporter', + 'app.kubernetes.io/name': defaults.name, 'app.kubernetes.io/version': defaults.version, 'app.kubernetes.io/component': 'exporter', 'app.kubernetes.io/part-of': 'kube-prometheus', @@ -22,6 +23,14 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, + mixin: { + ruleLabels: {}, + _config: { + nodeExporterSelector: 'job="' + defaults.name + '"', + fsSpaceFillingUpCriticalThreshold: 15, + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + }, + }, }; @@ -30,22 +39,42 @@ function(params) { config:: defaults + params, // Safety check assert std.isObject(ne.config.resources), + assert std.isObject(ne.config.mixin._config), + + mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') { + _config+:: ne.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: ne.config.commonLabels + ne.config.mixin.ruleLabels, + name: ne.config.name + '-rules', + namespace: ne.config.namespace, + }, + spec: { + local r = if std.objectHasAll(ne.mixin, 'prometheusRules') then ne.mixin.prometheusRules else {}, + local a = if std.objectHasAll(ne.mixin, 'prometheusAlerts') then ne.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, clusterRoleBinding: { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRoleBinding', metadata: { - name: 'node-exporter', + name: ne.config.name, labels: ne.config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', - name: 'node-exporter', + name: ne.config.name, }, subjects: [{ kind: 'ServiceAccount', - name: 'node-exporter', + name: ne.config.name, namespace: ne.config.namespace, }], }, @@ -54,7 +83,7 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', metadata: { - name: 'node-exporter', + name: ne.config.name, labels: ne.config.commonLabels, }, rules: [ @@ -75,7 +104,7 @@ function(params) { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { - name: 'node-exporter', + name: ne.config.name, namespace: ne.config.namespace, labels: ne.config.commonLabels, }, @@ -85,7 +114,7 @@ function(params) { apiVersion: 'v1', kind: 'Service', metadata: { - name: 'node-exporter', + name: ne.config.name, namespace: ne.config.namespace, labels: ne.config.commonLabels, }, @@ -102,7 +131,7 @@ function(params) { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { - name: 'node-exporter', + name: ne.config.name, namespace: ne.config.namespace, labels: ne.config.commonLabels, }, @@ -134,7 +163,7 @@ function(params) { daemonset: local nodeExporter = { - name: 'node-exporter', + name: ne.config.name, image: ne.config.image, args: [ '--web.listen-address=' + std.join(':', [ne.config.listenAddress, std.toString(ne.config.port)]), @@ -177,7 +206,7 @@ function(params) { apiVersion: 'apps/v1', kind: 'DaemonSet', metadata: { - name: 'node-exporter', + name: ne.config.name, namespace: ne.config.namespace, labels: ne.config.commonLabels, }, @@ -199,7 +228,7 @@ function(params) { { name: 'sys', hostPath: { path: '/sys' } }, { name: 'root', hostPath: { path: '/' } }, ], - serviceAccountName: 'node-exporter', + serviceAccountName: ne.config.name, securityContext: { runAsUser: 65534, runAsNonRoot: true, @@ -210,4 +239,6 @@ function(params) { }, }, }, + + } diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet index 26940c61..b1497416 100644 --- a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet @@ -23,6 +23,15 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, + mixin: { + ruleLabels: { + role: 'alert-rules', + prometheus: defaults.name, + }, + _config: { + prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + defaults.namespace + '"', + }, + }, }; function(params) @@ -31,6 +40,26 @@ function(params) assert std.isObject(config.resources); prometheusOperator(config) { + local po = self, + mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { + _config+:: config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: config.commonLabels + config.mixin.ruleLabels, + name: config.name + '-rules', + namespace: config.namespace, + }, + spec: { + local r = if std.objectHasAll(po.mixin, 'prometheusRules') then po.mixin.prometheusRules else {}, + local a = if std.objectHasAll(po.mixin, 'prometheusAlerts') then po.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, + service+: { spec+: { ports: [ diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index e1b66923..1673c9e7 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -13,9 +13,6 @@ local defaults = { alertmanagerName: error 'must provide alertmanagerName', namespaces: ['default', 'kube-system', defaults.namespace], replicas: 2, - rules: { - groups: [], - }, commonLabels:: { 'app.kubernetes.io/name': 'prometheus', 'app.kubernetes.io/version': defaults.version, @@ -27,6 +24,19 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) } + { prometheus: defaults.name }, + ruleSelector: { + matchLabels: defaults.mixin.ruleLabels, + }, + mixin: { + ruleLabels: { + role: 'alert-rules', + prometheus: defaults.name, + }, + _config: { + prometheusSelector: 'job="prometheus-' + defaults.name + '",namespace="' + defaults.namespace + '"', + prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', + }, + }, }; @@ -35,6 +45,26 @@ function(params) { config:: defaults + params, // Safety check assert std.isObject(p.config.resources), + assert std.isObject(p.config.mixin._config), + + mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { + _config+:: p.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: p.config.commonLabels + p.config.mixin.ruleLabels, + name: p.config.name + '-rules', + namespace: p.config.namespace, + }, + spec: { + local r = if std.objectHasAll(p.mixin, 'prometheusRules') then p.mixin.prometheusRules else {}, + local a = if std.objectHasAll(p.mixin, 'prometheusAlerts') then p.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, serviceAccount: { apiVersion: 'v1', @@ -63,22 +93,6 @@ function(params) { }, }, - rules: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: { - prometheus: p.config.name, - role: 'alert-rules', - } + p.config.commonLabels, - name: 'prometheus-' + p.config.name + '-rules', - namespace: p.config.namespace, - }, - spec: { - groups: p.config.rules.groups, - }, - }, - roleBindingSpecificNamespaces: local newSpecificRoleBinding(namespace) = { apiVersion: 'rbac.authorization.k8s.io/v1', @@ -230,12 +244,7 @@ function(params) { podMonitorNamespaceSelector: {}, probeNamespaceSelector: {}, nodeSelector: { 'kubernetes.io/os': 'linux' }, - ruleSelector: { - matchLabels: { - role: 'alert-rules', - prometheus: p.config.name, - }, - }, + ruleSelector: p.config.ruleSelector, resources: p.config.resources, alerting: { alertmanagers: [{ From e556dbfd88a963c73159246b950b75193d72d800 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 14 Jan 2021 16:58:14 +0100 Subject: [PATCH 098/388] jsonnet: add separated kubernetes mixin and custom kube prometheus alerts --- example.jsonnet | 11 +++-- .../kube-prometheus/kube-prometheus.libsonnet | 34 ++++++------- .../{ => mixin}/alerts/alerts.libsonnet | 0 .../{ => mixin}/alerts/general.libsonnet | 0 .../{ => mixin}/alerts/node.libsonnet | 0 .../{ => mixin}/alerts/tests.yaml | 0 .../kube-prometheus/mixin/custom.libsonnet | 42 ++++++++++++++++ .../mixin/kubernetes.libsonnet | 49 +++++++++++++++++++ .../{ => mixin}/rules/general.libsonnet | 0 .../{ => mixin}/rules/node-rules.libsonnet | 0 .../{ => mixin}/rules/rules.libsonnet | 0 .../mixins/monitoring-mixins.libsonnet | 35 ------------- 12 files changed, 112 insertions(+), 59 deletions(-) rename jsonnet/kube-prometheus/{ => mixin}/alerts/alerts.libsonnet (100%) rename jsonnet/kube-prometheus/{ => mixin}/alerts/general.libsonnet (100%) rename jsonnet/kube-prometheus/{ => mixin}/alerts/node.libsonnet (100%) rename jsonnet/kube-prometheus/{ => mixin}/alerts/tests.yaml (100%) create mode 100644 jsonnet/kube-prometheus/mixin/custom.libsonnet create mode 100644 jsonnet/kube-prometheus/mixin/kubernetes.libsonnet rename jsonnet/kube-prometheus/{ => mixin}/rules/general.libsonnet (100%) rename jsonnet/kube-prometheus/{ => mixin}/rules/node-rules.libsonnet (100%) rename jsonnet/kube-prometheus/{ => mixin}/rules/rules.libsonnet (100%) delete mode 100644 jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet diff --git a/example.jsonnet b/example.jsonnet index a459460d..94a40b70 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -14,17 +14,20 @@ local kp = }, }; -{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['setup/0namespace-namespace']: kp.kubePrometheus.namespace } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] - for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) } + -// serviceMonitor is separated so that it can be created after the CRDs are ready +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 6688f023..6d8710a8 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,13 +1,14 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet'; local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; +local customMixin = import './mixin/custom.libsonnet'; local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; +local kubernetesMixin = import './mixin/kubernetes.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; local prometheus = import './prometheus/prometheus.libsonnet'; local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; -local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + { @@ -69,25 +70,18 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; ruleLabels: $._config.ruleLabels, }, }), - mixins+:: monitoringMixins({ + kubernetesMixin: kubernetesMixin({ namespace: $._config.namespace, + mixin+: { + ruleLabels: $._config.ruleLabels, + }, }), - - // FIXME(paulfantom) Remove this variable by moving each mixin to its own component - // Example: node_exporter mixin could be added in ./node-exporter/node-exporter.libsonnet - allRules:: - //$.mixins.nodeExporter.prometheusRules + - $.mixins.kubernetes.prometheusRules + - $.mixins.base.prometheusRules + - //$.mixins.kubeStateMetrics.prometheusAlerts + - //$.mixins.nodeExporter.prometheusAlerts + - //$.mixins.alertmanager.prometheusAlerts + - //$.mixins.prometheusOperator.prometheusAlerts + - $.mixins.kubernetes.prometheusAlerts + - //$.mixins.prometheus.prometheusAlerts + - $.mixins.base.prometheusAlerts, - - kubePrometheus+:: { + kubePrometheus: customMixin({ + namespace: $._config.namespace, + mixin+: { + ruleLabels: $._config.ruleLabels, + }, + }) + { namespace: { apiVersion: 'v1', kind: 'Namespace', @@ -147,9 +141,9 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; }, // FIXME(paulfantom): Same as with rules and alerts. // This should be gathering all dashboards from components without having to enumerate all dashboards. - dashboards: + dashboards: {}, //$.mixins.nodeExporter.grafanaDashboards + - $.mixins.kubernetes.grafanaDashboards, + //$.mixins.kubernetes.grafanaDashboards, //$.mixins.prometheus.grafanaDashboards, }, }, diff --git a/jsonnet/kube-prometheus/alerts/alerts.libsonnet b/jsonnet/kube-prometheus/mixin/alerts/alerts.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/alerts/alerts.libsonnet rename to jsonnet/kube-prometheus/mixin/alerts/alerts.libsonnet diff --git a/jsonnet/kube-prometheus/alerts/general.libsonnet b/jsonnet/kube-prometheus/mixin/alerts/general.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/alerts/general.libsonnet rename to jsonnet/kube-prometheus/mixin/alerts/general.libsonnet diff --git a/jsonnet/kube-prometheus/alerts/node.libsonnet b/jsonnet/kube-prometheus/mixin/alerts/node.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/alerts/node.libsonnet rename to jsonnet/kube-prometheus/mixin/alerts/node.libsonnet diff --git a/jsonnet/kube-prometheus/alerts/tests.yaml b/jsonnet/kube-prometheus/mixin/alerts/tests.yaml similarity index 100% rename from jsonnet/kube-prometheus/alerts/tests.yaml rename to jsonnet/kube-prometheus/mixin/alerts/tests.yaml diff --git a/jsonnet/kube-prometheus/mixin/custom.libsonnet b/jsonnet/kube-prometheus/mixin/custom.libsonnet new file mode 100644 index 00000000..d1c0b086 --- /dev/null +++ b/jsonnet/kube-prometheus/mixin/custom.libsonnet @@ -0,0 +1,42 @@ +local defaults = { + name: 'kube-prometheus', + namespace: error 'must provide namespace', + commonLabels:: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin: { + ruleLabels: {}, + _config: { + nodeExporterSelector: 'job="node-exporter"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, + }, +}; + +function(params) { + local m = self, + config:: defaults + params, + + local alertsandrules = (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet'), + + mixin:: alertsandrules { + _config+:: m.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: m.config.commonLabels + m.config.mixin.ruleLabels, + name: m.config.name + '-rules', + namespace: m.config.namespace, + }, + spec: { + local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules else {}, + local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, +} diff --git a/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet b/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet new file mode 100644 index 00000000..b3bc563e --- /dev/null +++ b/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet @@ -0,0 +1,49 @@ +local defaults = { + name: 'kubernetes', + namespace: error 'must provide namespace', + commonLabels:: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/component': 'exporter', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin: { + ruleLabels: {}, + _config: { + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', + kubeletSelector: 'job="kubelet", metrics_path="/metrics"', + kubeStateMetricsSelector: 'job="kube-state-metrics"', + nodeExporterSelector: 'job="node-exporter"', + kubeSchedulerSelector: 'job="kube-scheduler"', + kubeControllerManagerSelector: 'job="kube-controller-manager"', + kubeApiserverSelector: 'job="apiserver"', + podLabel: 'pod', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, + }, +}; + +function(params) { + local m = self, + config:: defaults + params, + + mixin:: (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { + _config+:: m.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: m.config.commonLabels + m.config.mixin.ruleLabels, + name: m.config.name + '-rules', + namespace: m.config.namespace, + }, + spec: { + local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules else {}, + local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts else {}, + groups: a + r, + }, + }, +} diff --git a/jsonnet/kube-prometheus/rules/general.libsonnet b/jsonnet/kube-prometheus/mixin/rules/general.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/rules/general.libsonnet rename to jsonnet/kube-prometheus/mixin/rules/general.libsonnet diff --git a/jsonnet/kube-prometheus/rules/node-rules.libsonnet b/jsonnet/kube-prometheus/mixin/rules/node-rules.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/rules/node-rules.libsonnet rename to jsonnet/kube-prometheus/mixin/rules/node-rules.libsonnet diff --git a/jsonnet/kube-prometheus/rules/rules.libsonnet b/jsonnet/kube-prometheus/mixin/rules/rules.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/rules/rules.libsonnet rename to jsonnet/kube-prometheus/mixin/rules/rules.libsonnet diff --git a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet b/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet deleted file mode 100644 index 95b88db6..00000000 --- a/jsonnet/kube-prometheus/mixins/monitoring-mixins.libsonnet +++ /dev/null @@ -1,35 +0,0 @@ -local defaults = { - namespace: error 'must provide namespace', -}; - -function(params) { - local m = self, - config:: defaults + params, - base+: - (import '../alerts/general.libsonnet') + - (import '../alerts/node.libsonnet') + - (import '../rules/node-rules.libsonnet') + - (import '../rules/general.libsonnet') { - _config+:: { - nodeExporterSelector: 'job="node-exporter"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', - }, - }, - - kubernetes: - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { - _config+:: { - cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', - kubeletSelector: 'job="kubelet", metrics_path="/metrics"', - kubeStateMetricsSelector: 'job="kube-state-metrics"', - nodeExporterSelector: 'job="node-exporter"', - kubeSchedulerSelector: 'job="kube-scheduler"', - kubeControllerManagerSelector: 'job="kube-controller-manager"', - kubeApiserverSelector: 'job="apiserver"', - podLabel: 'pod', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', - diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', - }, - }, -} From 86d4571aeab3f49048c524028dc519943da1fa91 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 14 Jan 2021 18:38:43 +0100 Subject: [PATCH 099/388] jsonnet: remove grafana global state --- .../kube-prometheus/grafana/grafana.libsonnet | 85 +++++++++++++++++++ .../kube-prometheus/kube-prometheus.libsonnet | 59 ++----------- 2 files changed, 94 insertions(+), 50 deletions(-) create mode 100644 jsonnet/kube-prometheus/grafana/grafana.libsonnet diff --git a/jsonnet/kube-prometheus/grafana/grafana.libsonnet b/jsonnet/kube-prometheus/grafana/grafana.libsonnet new file mode 100644 index 00000000..d20c0b70 --- /dev/null +++ b/jsonnet/kube-prometheus/grafana/grafana.libsonnet @@ -0,0 +1,85 @@ +local defaults = { + local defaults = self, + name: 'grafana', + namespace: error 'must provide namespace', + version: error 'must provide version', + // image: error 'must provide image', + imageRepos: 'grafana/grafana', + resources: { + requests: { cpu: '100m', memory: '100Mi' }, + limits: { cpu: '200m', memory: '200Mi' }, + }, + commonLabels:: { + 'app.kubernetes.io/name': defaults.name, + 'app.kubernetes.io/version': defaults.version, + 'app.kubernetes.io/component': 'grafana', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + selectorLabels:: { + [labelName]: defaults.commonLabels[labelName] + for labelName in std.objectFields(defaults.commonLabels) + if !std.setMember(labelName, ['app.kubernetes.io/version']) + }, + prometheusName: error 'must provide prometheus name', + dashboards: {}, +}; + +function(params) { + local g = self, + config:: defaults + params, + //local g.config = defaults + params, + // Safety check + assert std.isObject(g.config.resources), + + local glib = (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + { + _config+:: { + namespace: g.config.namespace, + versions+:: { + grafana: g.config.version, + }, + imageRepos+:: { + grafana: g.config.imageRepos, + }, + prometheus+:: { + name: g.config.prometheusName, + }, + grafana+:: { + labels: g.config.commonLabels, + dashboards: g.config.dashboards, + resources: g.config.resources, + }, + }, + }, + + service: glib.grafana.service, + serviceAccount: glib.grafana.serviceAccount, + deployment: glib.grafana.deployment, + dashboardDatasources: glib.grafana.dashboardDatasources, + dashboardSources: glib.grafana.dashboardSources, + + dashboardDefinitions: if std.length(g.config.dashboards) > 0 then { + apiVersion: 'v1', + kind: 'ConfigMapList', + items: g.dashboardDefinitions, + }, + serviceMonitor: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'grafana', + namespace: g.config.namespace, + labels: g.config.commonLabels, + }, + spec: { + selector: { + matchLabels: { + app: 'grafana', + }, + }, + endpoints: [{ + port: 'http', + interval: '15s', + }], + }, + }, +} diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 6d8710a8..709cbfe9 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,6 +1,7 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet'; local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; local customMixin = import './mixin/custom.libsonnet'; +local grafana = import './grafana/grafana.libsonnet'; local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; local kubernetesMixin = import './mixin/kubernetes.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet'; @@ -9,8 +10,6 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib local prometheus = import './prometheus/prometheus.libsonnet'; local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; - -(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + { alertmanager: alertmanager({ name: $._config.alertmanagerName, @@ -26,6 +25,13 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib version: '0.18.0', image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', }), + grafana: grafana({ + namespace: $._config.namespace, + version: '7.3.5', + image: 'grafana/grafana:v7.3.7', + dashboards: {}, + prometheusName: $._config.prometheusName, + }), kubeStateMetrics: kubeStateMetrics({ namespace: $._config.namespace, version: '1.9.7', @@ -56,7 +62,7 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib namespace: $._config.namespace, version: '0.8.2', image: 'directxman12/k8s-prometheus-adapter:v0.8.2', - prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', + prometheusURL: 'http://prometheus-' + $._config.prometheusName + '.' + $._config.namespace + '.svc.cluster.local:9090/', }), prometheusOperator: prometheusOperator({ namespace: $._config.namespace, @@ -90,36 +96,6 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib }, }, }, - - grafana+:: { - local dashboardDefinitions = super.dashboardDefinitions, - - dashboardDefinitions: { - apiVersion: 'v1', - kind: 'ConfigMapList', - items: dashboardDefinitions, - }, - serviceMonitor: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'grafana', - namespace: $._config.namespace, - labels: $._config.grafana.labels, - }, - spec: { - selector: { - matchLabels: { - app: 'grafana', - }, - }, - endpoints: [{ - port: 'http', - interval: '15s', - }], - }, - }, - }, } + { _config+:: { namespace: 'default', @@ -129,22 +105,5 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib role: 'alert-rules', prometheus: $._config.prometheusName, }, - - versions+:: { grafana: '7.3.5' }, - - grafana+:: { - labels: { - 'app.kubernetes.io/name': 'grafana', - 'app.kubernetes.io/version': $._config.versions.grafana, - 'app.kubernetes.io/component': 'grafana', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - // FIXME(paulfantom): Same as with rules and alerts. - // This should be gathering all dashboards from components without having to enumerate all dashboards. - dashboards: {}, - //$.mixins.nodeExporter.grafanaDashboards + - //$.mixins.kubernetes.grafanaDashboards, - //$.mixins.prometheus.grafanaDashboards, - }, }, } From 5624c5a9a8ac90f985a7624b1d98f93bd0eb1d73 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 09:26:57 +0100 Subject: [PATCH 100/388] jsonnet: refactor the rest of mixins and grafana inclusion Signed-off-by: paulfantom --- example.jsonnet | 2 +- .../kube-prometheus/grafana/grafana.libsonnet | 2 +- .../kube-prometheus/kube-prometheus.libsonnet | 9 ++++++-- .../kube-prometheus/mixin/custom.libsonnet | 6 ++--- .../mixin/kubernetes.libsonnet | 22 +++++++++---------- 5 files changed, 23 insertions(+), 18 deletions(-) diff --git a/example.jsonnet b/example.jsonnet index 94a40b70..8cc37f9c 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -14,7 +14,7 @@ local kp = }, }; -{ ['setup/0namespace-namespace']: kp.kubePrometheus.namespace } + +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) diff --git a/jsonnet/kube-prometheus/grafana/grafana.libsonnet b/jsonnet/kube-prometheus/grafana/grafana.libsonnet index d20c0b70..4dfe516c 100644 --- a/jsonnet/kube-prometheus/grafana/grafana.libsonnet +++ b/jsonnet/kube-prometheus/grafana/grafana.libsonnet @@ -60,7 +60,7 @@ function(params) { dashboardDefinitions: if std.length(g.config.dashboards) > 0 then { apiVersion: 'v1', kind: 'ConfigMapList', - items: g.dashboardDefinitions, + items: glib.grafana.dashboardDefinitions, }, serviceMonitor: { apiVersion: 'monitoring.coreos.com/v1', diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index 709cbfe9..fbf5963d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -11,6 +11,7 @@ local prometheus = import './prometheus/prometheus.libsonnet'; local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; { + local all = self, alertmanager: alertmanager({ name: $._config.alertmanagerName, namespace: $._config.namespace, @@ -25,12 +26,16 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib version: '0.18.0', image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', }), + // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards + local allDashboards = $.nodeExporter.mixin.grafanaDashboards + + $.prometheus.mixin.grafanaDashboards + + $.kubernetesMixin.mixin.grafanaDashboards, grafana: grafana({ namespace: $._config.namespace, version: '7.3.5', image: 'grafana/grafana:v7.3.7', - dashboards: {}, prometheusName: $._config.prometheusName, + dashboards: allDashboards, }), kubeStateMetrics: kubeStateMetrics({ namespace: $._config.namespace, @@ -106,4 +111,4 @@ local prometheusOperator = import './prometheus-operator/prometheus-operator.lib prometheus: $._config.prometheusName, }, }, -} +} \ No newline at end of file diff --git a/jsonnet/kube-prometheus/mixin/custom.libsonnet b/jsonnet/kube-prometheus/mixin/custom.libsonnet index d1c0b086..278ddc76 100644 --- a/jsonnet/kube-prometheus/mixin/custom.libsonnet +++ b/jsonnet/kube-prometheus/mixin/custom.libsonnet @@ -9,9 +9,9 @@ local defaults = { mixin: { ruleLabels: {}, _config: { - nodeExporterSelector: 'job="node-exporter"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', - }, + nodeExporterSelector: 'job="node-exporter"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, }, }; diff --git a/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet b/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet index b3bc563e..f399a529 100644 --- a/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet +++ b/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet @@ -9,17 +9,17 @@ local defaults = { mixin: { ruleLabels: {}, _config: { - cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', - kubeletSelector: 'job="kubelet", metrics_path="/metrics"', - kubeStateMetricsSelector: 'job="kube-state-metrics"', - nodeExporterSelector: 'job="node-exporter"', - kubeSchedulerSelector: 'job="kube-scheduler"', - kubeControllerManagerSelector: 'job="kube-controller-manager"', - kubeApiserverSelector: 'job="apiserver"', - podLabel: 'pod', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', - diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', + kubeletSelector: 'job="kubelet", metrics_path="/metrics"', + kubeStateMetricsSelector: 'job="kube-state-metrics"', + nodeExporterSelector: 'job="node-exporter"', + kubeSchedulerSelector: 'job="kube-scheduler"', + kubeControllerManagerSelector: 'job="kube-controller-manager"', + kubeApiserverSelector: 'job="apiserver"', + podLabel: 'pod', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', }, }, }; From f1bd7af6576d728c037249be02e6a3d869273258 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 11:07:32 +0100 Subject: [PATCH 101/388] jsonnet: helmize :) Signed-off-by: paulfantom --- example.jsonnet | 6 +- examples/kustomize.jsonnet | 17 +- .../kube-prometheus/kube-prometheus.libsonnet | 170 +++++++++--------- 3 files changed, 97 insertions(+), 96 deletions(-) diff --git a/example.jsonnet b/example.jsonnet index 8cc37f9c..c3c496b9 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -9,8 +9,10 @@ local kp = // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; diff --git a/examples/kustomize.jsonnet b/examples/kustomize.jsonnet index 7b1cf6a2..875d3501 100644 --- a/examples/kustomize.jsonnet +++ b/examples/kustomize.jsonnet @@ -1,27 +1,32 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; local manifests = // Uncomment line below to enable vertical auto scaling of kube-state-metrics //{ ['ksm-autoscaler-' + name]: kp.ksmAutoscaler[name] for name in std.objectFields(kp.ksmAutoscaler) } + - { ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + + { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] - for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) } + - // serviceMonitor is separated so that it can be created after the CRDs are ready + // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + + { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + + { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + - { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }; + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + + { ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) }; local kustomizationResourceFile(name) = './manifests/' + name + '.yaml'; local kustomization = { diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet index fbf5963d..d5346317 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet @@ -1,114 +1,108 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet'; local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; -local customMixin = import './mixin/custom.libsonnet'; local grafana = import './grafana/grafana.libsonnet'; local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; +local customMixin = import './mixin/custom.libsonnet'; local kubernetesMixin = import './mixin/kubernetes.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; local prometheus = import './prometheus/prometheus.libsonnet'; -local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; { - local all = self, - alertmanager: alertmanager({ - name: $._config.alertmanagerName, - namespace: $._config.namespace, - version: '0.21.0', - image: 'quay.io/prometheus/alertmanager:v0.21.0', - mixin+: { - ruleLabels: $._config.ruleLabels, + // using `values` as this is similar to helm + values:: { + common: { + namespace: 'default', + ruleLabels: { + role: 'alert-rules', + prometheus: $.values.prometheus.name, + }, }, - }), - blackboxExporter: blackboxExporter({ - namespace: $._config.namespace, - version: '0.18.0', - image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', - }), - // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards - local allDashboards = $.nodeExporter.mixin.grafanaDashboards + - $.prometheus.mixin.grafanaDashboards + - $.kubernetesMixin.mixin.grafanaDashboards, - grafana: grafana({ - namespace: $._config.namespace, - version: '7.3.5', - image: 'grafana/grafana:v7.3.7', - prometheusName: $._config.prometheusName, - dashboards: allDashboards, - }), - kubeStateMetrics: kubeStateMetrics({ - namespace: $._config.namespace, - version: '1.9.7', - image: 'quay.io/coreos/kube-state-metrics:v1.9.7', - mixin+: { - ruleLabels: $._config.ruleLabels, + alertmanager: { + name: 'main', + namespace: $.values.common.namespace, + version: '0.21.0', + image: 'quay.io/prometheus/alertmanager:v0.21.0', + mixin+: { + ruleLabels: $.values.common.ruleLabels, + }, }, - }), - nodeExporter: nodeExporter({ - namespace: $._config.namespace, - version: '1.0.1', - image: 'quay.io/prometheus/node-exporter:v1.0.1', - mixin+: { - ruleLabels: $._config.ruleLabels, + blackboxExporter: { + namespace: $.values.common.namespace, + version: '0.18.0', + image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', }, - }), - prometheus: prometheus({ - namespace: $._config.namespace, - version: '2.24.0', - image: 'quay.io/prometheus/prometheus:v2.24.0', - name: $._config.prometheusName, - alertmanagerName: $._config.alertmanagerName, - mixin+: { - ruleLabels: $._config.ruleLabels, + grafana: { + namespace: $.values.common.namespace, + version: '7.3.5', + image: 'grafana/grafana:v7.3.7', + prometheusName: $.values.prometheus.name, + // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards + dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesMixin.mixin.grafanaDashboards, }, - }), - prometheusAdapter: prometheusAdapter({ - namespace: $._config.namespace, - version: '0.8.2', - image: 'directxman12/k8s-prometheus-adapter:v0.8.2', - prometheusURL: 'http://prometheus-' + $._config.prometheusName + '.' + $._config.namespace + '.svc.cluster.local:9090/', - }), - prometheusOperator: prometheusOperator({ - namespace: $._config.namespace, - version: '0.45.0', - image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0', - configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0', - commonLabels+: { - 'app.kubernetes.io/part-of': 'kube-prometheus', + kubeStateMetrics: { + namespace: $.values.common.namespace, + version: '1.9.7', + image: 'quay.io/coreos/kube-state-metrics:v1.9.7', + mixin+: { ruleLabels: $.values.common.ruleLabels }, }, - mixin+: { - ruleLabels: $._config.ruleLabels, + nodeExporter: { + namespace: $.values.common.namespace, + version: '1.0.1', + image: 'quay.io/prometheus/node-exporter:v1.0.1', + mixin+: { ruleLabels: $.values.common.ruleLabels }, }, - }), - kubernetesMixin: kubernetesMixin({ - namespace: $._config.namespace, - mixin+: { - ruleLabels: $._config.ruleLabels, + prometheus: { + namespace: $.values.common.namespace, + version: '2.24.0', + image: 'quay.io/prometheus/prometheus:v2.24.0', + name: 'k8s', + alertmanagerName: $.values.alertmanager.name, + mixin+: { ruleLabels: $.values.common.ruleLabels }, }, - }), - kubePrometheus: customMixin({ - namespace: $._config.namespace, - mixin+: { - ruleLabels: $._config.ruleLabels, + prometheusAdapter: { + namespace: $.values.common.namespace, + version: '0.8.2', + image: 'directxman12/k8s-prometheus-adapter:v0.8.2', + prometheusURL: 'http://prometheus-' + $.values.prometheus.name + '.' + $.values.common.namespace + '.svc.cluster.local:9090/', }, - }) + { + prometheusOperator: { + namespace: $.values.common.namespace, + version: '0.45.0', + image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0', + configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0', + commonLabels+: { + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + kubernetesMixin: { + namespace: $.values.common.namespace, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + kubePrometheus: { + namespace: $.values.common.namespace, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + }, + }, + + alertmanager: alertmanager($.values.alertmanager), + blackboxExporter: blackboxExporter($.values.blackboxExporter), + grafana: grafana($.values.grafana), + kubeStateMetrics: kubeStateMetrics($.values.kubeStateMetrics), + nodeExporter: nodeExporter($.values.nodeExporter), + prometheus: prometheus($.values.prometheus), + prometheusAdapter: prometheusAdapter($.values.prometheusAdapter), + prometheusOperator: prometheusOperator($.values.prometheusOperator), + kubernetesMixin: kubernetesMixin($.values.kubernetesMixin), + kubePrometheus: customMixin($.values.kubePrometheus) + { namespace: { apiVersion: 'v1', kind: 'Namespace', metadata: { - name: $._config.namespace, + name: $.values.kubePrometheus.namespace, }, }, }, -} + { - _config+:: { - namespace: 'default', - prometheusName: 'k8s', - alertmanagerName: 'main', - ruleLabels: { - role: 'alert-rules', - prometheus: $._config.prometheusName, - }, - }, -} \ No newline at end of file +} From d4c48539a09a63bd34a45425f19e5e5a64d136c8 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 11:49:43 +0100 Subject: [PATCH 102/388] jsonnet: fix too much nesting of data in PrometheusRules Signed-off-by: paulfantom --- jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet | 4 ++-- .../kube-state-metrics/kube-state-metrics.libsonnet | 4 ++-- jsonnet/kube-prometheus/mixin/custom.libsonnet | 4 ++-- jsonnet/kube-prometheus/mixin/kubernetes.libsonnet | 4 ++-- jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet | 4 ++-- .../prometheus-operator/prometheus-operator.libsonnet | 4 ++-- jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet index 452a2cc2..5e992176 100644 --- a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet @@ -86,8 +86,8 @@ function(params) { namespace: am.config.namespace, }, spec: { - local r = if std.objectHasAll(am.mixin, 'prometheusRules') then am.mixin.prometheusRules else {}, - local a = if std.objectHasAll(am.mixin, 'prometheusAlerts') then am.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(am.mixin, 'prometheusRules') then am.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(am.mixin, 'prometheusAlerts') then am.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet index c3236589..fdfe3bd5 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet @@ -59,8 +59,8 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- namespace: ksm.config.namespace, }, spec: { - local r = if std.objectHasAll(ksm.mixin, 'prometheusRules') then ksm.mixin.prometheusRules else {}, - local a = if std.objectHasAll(ksm.mixin, 'prometheusAlerts') then ksm.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(ksm.mixin, 'prometheusRules') then ksm.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(ksm.mixin, 'prometheusAlerts') then ksm.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, diff --git a/jsonnet/kube-prometheus/mixin/custom.libsonnet b/jsonnet/kube-prometheus/mixin/custom.libsonnet index 278ddc76..13c36332 100644 --- a/jsonnet/kube-prometheus/mixin/custom.libsonnet +++ b/jsonnet/kube-prometheus/mixin/custom.libsonnet @@ -34,8 +34,8 @@ function(params) { namespace: m.config.namespace, }, spec: { - local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules else {}, - local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, diff --git a/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet b/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet index f399a529..f9e5791f 100644 --- a/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet +++ b/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet @@ -41,8 +41,8 @@ function(params) { namespace: m.config.namespace, }, spec: { - local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules else {}, - local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules.groups else {}, + local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts.groups else {}, groups: a + r, }, }, diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet index 1c4321b1..c5b82498 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet @@ -54,8 +54,8 @@ function(params) { namespace: ne.config.namespace, }, spec: { - local r = if std.objectHasAll(ne.mixin, 'prometheusRules') then ne.mixin.prometheusRules else {}, - local a = if std.objectHasAll(ne.mixin, 'prometheusAlerts') then ne.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(ne.mixin, 'prometheusRules') then ne.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(ne.mixin, 'prometheusAlerts') then ne.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet index b1497416..8114f91c 100644 --- a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet @@ -54,8 +54,8 @@ function(params) namespace: config.namespace, }, spec: { - local r = if std.objectHasAll(po.mixin, 'prometheusRules') then po.mixin.prometheusRules else {}, - local a = if std.objectHasAll(po.mixin, 'prometheusAlerts') then po.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(po.mixin, 'prometheusRules') then po.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(po.mixin, 'prometheusAlerts') then po.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet index 1673c9e7..76a251ff 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet @@ -60,8 +60,8 @@ function(params) { namespace: p.config.namespace, }, spec: { - local r = if std.objectHasAll(p.mixin, 'prometheusRules') then p.mixin.prometheusRules else {}, - local a = if std.objectHasAll(p.mixin, 'prometheusAlerts') then p.mixin.prometheusAlerts else {}, + local r = if std.objectHasAll(p.mixin, 'prometheusRules') then p.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(p.mixin, 'prometheusAlerts') then p.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, From 092b22d62bd9b0a8cc2fb14c793c42d4e3964de8 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 11:58:04 +0100 Subject: [PATCH 103/388] regenerate --- README.md | 17 +- ...prometheus-rules-and-grafana-dashboards.md | 17 +- kustomization.yaml | 8 +- manifests/alertmanager-prometheusRule.yaml | 116 + manifests/grafana-deployment.yaml | 2 +- manifests/kube-prometheus-prometheusRule.yaml | 63 + .../kube-state-metrics-prometheusRule.yaml | 40 + ...es.yaml => kubernetes-prometheusRule.yaml} | 2071 ++++++----------- manifests/node-exporter-prometheusRule.yaml | 266 +++ .../prometheus-operator-prometheusRule.yaml | 79 + manifests/prometheus-prometheusRule.yaml | 213 ++ 11 files changed, 1479 insertions(+), 1413 deletions(-) create mode 100644 manifests/alertmanager-prometheusRule.yaml create mode 100644 manifests/kube-prometheus-prometheusRule.yaml create mode 100644 manifests/kube-state-metrics-prometheusRule.yaml rename manifests/{prometheus-rules.yaml => kubernetes-prometheusRule.yaml} (62%) create mode 100644 manifests/node-exporter-prometheusRule.yaml create mode 100644 manifests/prometheus-operator-prometheusRule.yaml create mode 100644 manifests/prometheus-prometheusRule.yaml diff --git a/README.md b/README.md index 8e6d6694..b0aab969 100644 --- a/README.md +++ b/README.md @@ -217,25 +217,30 @@ local kp = // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; -{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] - for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) } + -// serviceMonitor is separated so that it can be created after the CRDs are ready +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } ``` And here's the [build.sh](build.sh) script (which uses `vendor/` to render all manifests in a json structure of `{filename: manifest-content}`): diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index f9decdcd..b6c9f978 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -21,25 +21,30 @@ local kp = // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; -{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] - for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) } + -// serviceMonitor is separated so that it can be created after the CRDs are ready +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } ``` ## Prometheus rules diff --git a/kustomization.yaml b/kustomization.yaml index 7066018a..2ebd021b 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./manifests/alertmanager-alertmanager.yaml +- ./manifests/alertmanager-prometheusRule.yaml - ./manifests/alertmanager-secret.yaml - ./manifests/alertmanager-service.yaml - ./manifests/alertmanager-serviceAccount.yaml @@ -20,15 +21,19 @@ resources: - ./manifests/grafana-service.yaml - ./manifests/grafana-serviceAccount.yaml - ./manifests/grafana-serviceMonitor.yaml +- ./manifests/kube-prometheus-prometheusRule.yaml - ./manifests/kube-state-metrics-clusterRole.yaml - ./manifests/kube-state-metrics-clusterRoleBinding.yaml - ./manifests/kube-state-metrics-deployment.yaml +- ./manifests/kube-state-metrics-prometheusRule.yaml - ./manifests/kube-state-metrics-service.yaml - ./manifests/kube-state-metrics-serviceAccount.yaml - ./manifests/kube-state-metrics-serviceMonitor.yaml +- ./manifests/kubernetes-prometheusRule.yaml - ./manifests/node-exporter-clusterRole.yaml - ./manifests/node-exporter-clusterRoleBinding.yaml - ./manifests/node-exporter-daemonset.yaml +- ./manifests/node-exporter-prometheusRule.yaml - ./manifests/node-exporter-service.yaml - ./manifests/node-exporter-serviceAccount.yaml - ./manifests/node-exporter-serviceMonitor.yaml @@ -46,13 +51,14 @@ resources: - ./manifests/prometheus-adapter-serviceMonitor.yaml - ./manifests/prometheus-clusterRole.yaml - ./manifests/prometheus-clusterRoleBinding.yaml +- ./manifests/prometheus-operator-prometheusRule.yaml - ./manifests/prometheus-operator-serviceMonitor.yaml - ./manifests/prometheus-prometheus.yaml +- ./manifests/prometheus-prometheusRule.yaml - ./manifests/prometheus-roleBindingConfig.yaml - ./manifests/prometheus-roleBindingSpecificNamespaces.yaml - ./manifests/prometheus-roleConfig.yaml - ./manifests/prometheus-roleSpecificNamespaces.yaml -- ./manifests/prometheus-rules.yaml - ./manifests/prometheus-service.yaml - ./manifests/prometheus-serviceAccount.yaml - ./manifests/prometheus-serviceMonitor.yaml diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml new file mode 100644 index 00000000..ea78ad11 --- /dev/null +++ b/manifests/alertmanager-prometheusRule.yaml @@ -0,0 +1,116 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 + prometheus: k8s + role: alert-rules + name: main-rules + namespace: monitoring +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerFailedReload + annotations: + description: Configuration has failed to load for {{ $labels.namespace }}/{{ $labels.pod}}. + summary: Reloading an Alertmanager configuration has failed. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"}[5m]) == 0 + for: 10m + labels: + severity: critical + - alert: AlertmanagerMembersInconsistent + annotations: + description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only found {{ $value }} members of the {{$labels.job}} cluster. + summary: A member of an Alertmanager cluster has not found all other cluster members. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m]) + < on (namespace,service) group_left + count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m])) + for: 10m + labels: + severity: critical + - alert: AlertmanagerFailedToSendAlerts + annotations: + description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration }}. + summary: An Alertmanager instance failed to send notifications. + expr: | + ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: warning + - alert: AlertmanagerClusterFailedToSendAlerts + annotations: + description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. + summary: All Alertmanager instances in a cluster failed to send notifications. + expr: | + min by (namespace,service) ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: critical + - alert: AlertmanagerConfigInconsistent + annotations: + description: Alertmanager instances within the {{$labels.job}} cluster have different configurations. + summary: Alertmanager instances within the same cluster have different configurations. + expr: | + count by (namespace,service) ( + count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager-main",namespace="monitoring"}) + ) + != 1 + for: 20m + labels: + severity: critical + - alert: AlertmanagerClusterDown + annotations: + description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have been up for less than half of the last 5m.' + summary: Half or more of the Alertmanager instances within the same cluster are down. + expr: | + ( + count by (namespace,service) ( + avg_over_time(up{job="alertmanager-main",namespace="monitoring"}[5m]) < 0.5 + ) + / + count by (namespace,service) ( + up{job="alertmanager-main",namespace="monitoring"} + ) + ) + >= 0.5 + for: 5m + labels: + severity: critical + - alert: AlertmanagerClusterCrashlooping + annotations: + description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have restarted at least 5 times in the last 10m.' + summary: Half or more of the Alertmanager instances within the same cluster are crashlooping. + expr: | + ( + count by (namespace,service) ( + changes(process_start_time_seconds{job="alertmanager-main",namespace="monitoring"}[10m]) > 4 + ) + / + count by (namespace,service) ( + up{job="alertmanager-main",namespace="monitoring"} + ) + ) + >= 0.5 + for: 5m + labels: + severity: critical diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 85d3f68d..d6bb77da 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -13,7 +13,7 @@ spec: template: metadata: annotations: - checksum/grafana-dashboards: a9e19e1ab605dc374f30edda771e6917 + checksum/grafana-dashboards: b02ae450c84445cbaca8c685eefaec6c checksum/grafana-datasources: 48faab41f579fc8efde6034391496f6a labels: app: grafana diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml new file mode 100644 index 00000000..26e7da58 --- /dev/null +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -0,0 +1,63 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-prometheus + app.kubernetes.io/part-of: kube-prometheus + prometheus: k8s + role: alert-rules + name: kube-prometheus-rules + namespace: monitoring +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 + for: 10m + labels: + severity: warning + - alert: Watchdog + annotations: + message: | + This is an alert meant to ensure that the entire alerting pipeline is functional. + This alert is always firing, therefore it should always be firing in Alertmanager + and always fire against a receiver. There are integrations with various notification + mechanisms that send a notification when this alert is not firing. For example the + "DeadMansSnitch" integration in PagerDuty. + expr: vector(1) + labels: + severity: none + - name: node-network + rules: + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" + expr: | + changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + record: cluster:node_cpu:ratio + - name: kube-prometheus-general.rules + rules: + - expr: count without(instance, pod, node) (up == 1) + record: count:up1 + - expr: count without(instance, pod, node) (up == 0) + record: count:up0 diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml new file mode 100644 index 00000000..28c9ec05 --- /dev/null +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -0,0 +1,40 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.9.7 + prometheus: k8s + role: alert-rules + name: kube-state-metrics-rules + namespace: monitoring +spec: + groups: + - name: kube-state-metrics + rules: + - alert: KubeStateMetricsListErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + summary: kube-state-metrics is experiencing errors in list operations. + expr: | + (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical + - alert: KubeStateMetricsWatchErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + summary: kube-state-metrics is experiencing errors in watch operations. + expr: | + (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical diff --git a/manifests/prometheus-rules.yaml b/manifests/kubernetes-prometheusRule.yaml similarity index 62% rename from manifests/prometheus-rules.yaml rename to manifests/kubernetes-prometheusRule.yaml index fd56b0aa..d683cff6 100644 --- a/manifests/prometheus-rules.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -2,73 +2,688 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: - app.kubernetes.io/component: prometheus - app.kubernetes.io/name: prometheus + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 prometheus: k8s role: alert-rules - name: prometheus-k8s-rules + name: kubernetes-rules namespace: monitoring spec: groups: - - name: node-exporter.rules + - name: kubernetes-apps rules: - - expr: | - count without (cpu) ( - count without (mode) ( - node_cpu_seconds_total{job="node-exporter"} + - alert: KubePodCrashLooping + annotations: + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping + summary: Pod is crash looping. + expr: | + rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[5m]) * 60 * 5 > 0 + for: 15m + labels: + severity: warning + - alert: KubePodNotReady + annotations: + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready + summary: Pod has been in a non-ready state for more than 15 minutes. + expr: | + sum by (namespace, pod) ( + max by(namespace, pod) ( + kube_pod_status_phase{job="kube-state-metrics", phase=~"Pending|Unknown"} + ) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) ( + 1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) ) - ) - record: instance:node_num_cpu:sum - - expr: | - 1 - avg without (cpu, mode) ( - rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) - ) - record: instance:node_cpu_utilisation:rate1m - - expr: | + ) > 0 + for: 15m + labels: + severity: warning + - alert: KubeDeploymentGenerationMismatch + annotations: + description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment }} does not match, this indicates that the Deployment has failed but has not been rolled back. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch + summary: Deployment generation mismatch due to possible roll-back + expr: | + kube_deployment_status_observed_generation{job="kube-state-metrics"} + != + kube_deployment_metadata_generation{job="kube-state-metrics"} + for: 15m + labels: + severity: warning + - alert: KubeDeploymentReplicasMismatch + annotations: + description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: | ( - node_load1{job="node-exporter"} + kube_deployment_spec_replicas{job="kube-state-metrics"} + != + kube_deployment_status_replicas_available{job="kube-state-metrics"} + ) and ( + changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning + - alert: KubeStatefulSetReplicasMismatch + annotations: + description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: | + ( + kube_statefulset_status_replicas_ready{job="kube-state-metrics"} + != + kube_statefulset_status_replicas{job="kube-state-metrics"} + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning + - alert: KubeStatefulSetGenerationMismatch + annotations: + description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset }} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch + summary: StatefulSet generation mismatch due to possible roll-back + expr: | + kube_statefulset_status_observed_generation{job="kube-state-metrics"} + != + kube_statefulset_metadata_generation{job="kube-state-metrics"} + for: 15m + labels: + severity: warning + - alert: KubeStatefulSetUpdateNotRolledOut + annotations: + description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} update has not been rolled out. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout + summary: StatefulSet update has not been rolled out. + expr: | + ( + max without (revision) ( + kube_statefulset_status_current_revision{job="kube-state-metrics"} + unless + kube_statefulset_status_update_revision{job="kube-state-metrics"} + ) + * + ( + kube_statefulset_replicas{job="kube-state-metrics"} + != + kube_statefulset_status_replicas_updated{job="kube-state-metrics"} + ) + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning + - alert: KubeDaemonSetRolloutStuck + annotations: + description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has not finished or progressed for at least 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck + summary: DaemonSet rollout is stuck. + expr: | + ( + ( + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} + ) or ( + kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} + != + 0 + ) or ( + kube_daemonset_updated_number_scheduled{job="kube-state-metrics"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} + ) or ( + kube_daemonset_status_number_available{job="kube-state-metrics"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} + ) + ) and ( + changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning + - alert: KubeContainerWaiting + annotations: + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} has been in waiting state for longer than 1 hour. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting + summary: Pod container waiting longer than 1 hour + expr: | + sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0 + for: 1h + labels: + severity: warning + - alert: KubeDaemonSetNotScheduled + annotations: + description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are not scheduled.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled + summary: DaemonSet pods are not scheduled. + expr: | + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} + - + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} > 0 + for: 10m + labels: + severity: warning + - alert: KubeDaemonSetMisScheduled + annotations: + description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are running where they are not supposed to run.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled + summary: DaemonSet pods are misscheduled. + expr: | + kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0 + for: 15m + labels: + severity: warning + - alert: KubeJobCompletion + annotations: + description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking more than 12 hours to complete. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion + summary: Job did not complete in time + expr: | + kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0 + for: 12h + labels: + severity: warning + - alert: KubeJobFailed + annotations: + description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to complete. Removing failed job after investigation should clear this alert. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed + summary: Job failed to complete. + expr: | + kube_job_failed{job="kube-state-metrics"} > 0 + for: 15m + labels: + severity: warning + - alert: KubeHpaReplicasMismatch + annotations: + description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched the desired number of replicas for longer than 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch + summary: HPA has not matched descired number of replicas. + expr: | + (kube_hpa_status_desired_replicas{job="kube-state-metrics"} + != + kube_hpa_status_current_replicas{job="kube-state-metrics"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics"} + > + kube_hpa_spec_min_replicas{job="kube-state-metrics"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics"} + < + kube_hpa_spec_max_replicas{job="kube-state-metrics"}) + and + changes(kube_hpa_status_current_replicas[15m]) == 0 + for: 15m + labels: + severity: warning + - alert: KubeHpaMaxedOut + annotations: + description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running at max replicas for longer than 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout + summary: HPA is running at max replicas + expr: | + kube_hpa_status_current_replicas{job="kube-state-metrics"} + == + kube_hpa_spec_max_replicas{job="kube-state-metrics"} + for: 15m + labels: + severity: warning + - name: kubernetes-resources + rules: + - alert: KubeCPUOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: | + sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) + / + sum(kube_node_status_allocatable_cpu_cores) + > + (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) + for: 5m + labels: + severity: warning + - alert: KubeMemoryOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit + summary: Cluster has overcommitted memory resource requests. + expr: | + sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) + / + sum(kube_node_status_allocatable_memory_bytes) + > + (count(kube_node_status_allocatable_memory_bytes)-1) + / + count(kube_node_status_allocatable_memory_bytes) + for: 5m + labels: + severity: warning + - alert: KubeCPUQuotaOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Namespaces. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: | + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(kube_node_status_allocatable_cpu_cores) + > 1.5 + for: 5m + labels: + severity: warning + - alert: KubeMemoryQuotaOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Namespaces. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryquotaovercommit + summary: Cluster has overcommitted memory resource requests. + expr: | + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) + / + sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) + > 1.5 + for: 5m + labels: + severity: warning + - alert: KubeQuotaAlmostFull + annotations: + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull + summary: Namespace quota is going to be full. + expr: | + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 0.9 < 1 + for: 15m + labels: + severity: info + - alert: KubeQuotaFullyUsed + annotations: + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused + summary: Namespace quota is fully used. + expr: | + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + == 1 + for: 15m + labels: + severity: info + - alert: KubeQuotaExceeded + annotations: + description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded + summary: Namespace quota has exceeded the limits. + expr: | + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 1 + for: 15m + labels: + severity: warning + - alert: CPUThrottlingHigh + annotations: + description: '{{ $value | humanizePercentage }} throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ $labels.pod }}.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh + summary: Processes experience elevated CPU throttling. + expr: | + sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) + / + sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) + > ( 25 / 100 ) + for: 15m + labels: + severity: info + - name: kubernetes-storage + rules: + - alert: KubePersistentVolumeFillingUp + annotations: + description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage }} free. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: | + kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} + < 0.03 + for: 1m + labels: + severity: critical + - alert: KubePersistentVolumeFillingUp + annotations: + description: Based on recent sampling, the PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is expected to fill up within four days. Currently {{ $value | humanizePercentage }} is available. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: | + ( + kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} + ) < 0.15 + and + predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 + for: 1h + labels: + severity: warning + - alert: KubePersistentVolumeErrors + annotations: + description: The persistent volume {{ $labels.persistentvolume }} has status {{ $labels.phase }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors + summary: PersistentVolume is having issues with provisioning. + expr: | + kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 + for: 5m + labels: + severity: critical + - name: kubernetes-system + rules: + - alert: KubeVersionMismatch + annotations: + description: There are {{ $value }} different semantic versions of Kubernetes components running. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch + summary: Different semantic versions of Kubernetes components running. + expr: | + count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 + for: 15m + labels: + severity: warning + - alert: KubeClientErrors + annotations: + description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance }}' is experiencing {{ $value | humanizePercentage }} errors.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors + summary: Kubernetes API server client is experiencing errors. + expr: | + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + / + sum(rate(rest_client_requests_total[5m])) by (instance, job)) + > 0.01 + for: 15m + labels: + severity: warning + - name: kube-apiserver-slos + rules: + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: | + sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) + and + sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) + for: 2m + labels: + long: 1h + severity: critical + short: 5m + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: | + sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) + and + sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) + for: 15m + labels: + long: 6h + severity: critical + short: 30m + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: | + sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) + and + sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) + for: 1h + labels: + long: 1d + severity: warning + short: 2h + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: | + sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) + and + sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) + for: 3h + labels: + long: 3d + severity: warning + short: 6h + - name: kubernetes-system-apiserver + rules: + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: | + apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 + labels: + severity: warning + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: | + apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 + labels: + severity: critical + - alert: AggregatedAPIErrors + annotations: + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors + summary: An aggregated API has reported errors. + expr: | + sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 + labels: + severity: warning + - alert: AggregatedAPIDown + annotations: + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has been only {{ $value | humanize }}% available over the last 10m. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown + summary: An aggregated API is down. + expr: | + (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 + for: 5m + labels: + severity: warning + - alert: KubeAPIDown + annotations: + description: KubeAPI has disappeared from Prometheus target discovery. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapidown + summary: Target disappeared from Prometheus target discovery. + expr: | + absent(up{job="apiserver"} == 1) + for: 15m + labels: + severity: critical + - name: kubernetes-system-kubelet + rules: + - alert: KubeNodeNotReady + annotations: + description: '{{ $labels.node }} has been unready for more than 15 minutes.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodenotready + summary: Node is not ready. + expr: | + kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 + for: 15m + labels: + severity: warning + - alert: KubeNodeUnreachable + annotations: + description: '{{ $labels.node }} is unreachable and some workloads may be rescheduled.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable + summary: Node is unreachable. + expr: | + (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 + for: 15m + labels: + severity: warning + - alert: KubeletTooManyPods + annotations: + description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage }} of its Pod capacity. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods + summary: Kubelet is running at capacity. + expr: | + count by(node) ( + (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) + ) / - instance:node_num_cpu:sum{job="node-exporter"} - ) - record: instance:node_load1_per_cpu:ratio - - expr: | - 1 - ( - node_memory_MemAvailable_bytes{job="node-exporter"} - / - node_memory_MemTotal_bytes{job="node-exporter"} - ) - record: instance:node_memory_utilisation:ratio - - expr: | - rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) - record: instance:node_vmstat_pgmajfault:rate1m - - expr: | - rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) - record: instance_device:node_disk_io_time_seconds:rate1m - - expr: | - rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) - record: instance_device:node_disk_io_time_weighted_seconds:rate1m - - expr: | - sum without (device) ( - rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_receive_bytes_excluding_lo:rate1m - - expr: | - sum without (device) ( - rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_transmit_bytes_excluding_lo:rate1m - - expr: | - sum without (device) ( - rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_receive_drop_excluding_lo:rate1m - - expr: | - sum without (device) ( - rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) - ) - record: instance:node_network_transmit_drop_excluding_lo:rate1m + max by(node) ( + kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 + ) > 0.95 + for: 15m + labels: + severity: warning + - alert: KubeNodeReadinessFlapping + annotations: + description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping + summary: Node readiness status is flapping. + expr: | + sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 + for: 15m + labels: + severity: warning + - alert: KubeletPlegDurationHigh + annotations: + description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{ $value }} seconds on node {{ $labels.node }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh + summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. + expr: | + node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 + for: 5m + labels: + severity: warning + - alert: KubeletPodStartUpLatencyHigh + annotations: + description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds on node {{ $labels.node }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh + summary: Kubelet Pod startup latency is too high. + expr: | + histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 + for: 15m + labels: + severity: warning + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: | + kubelet_certificate_manager_client_ttl_seconds < 604800 + labels: + severity: warning + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: | + kubelet_certificate_manager_client_ttl_seconds < 86400 + labels: + severity: critical + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: | + kubelet_certificate_manager_server_ttl_seconds < 604800 + labels: + severity: warning + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: | + kubelet_certificate_manager_server_ttl_seconds < 86400 + labels: + severity: critical + - alert: KubeletClientCertificateRenewalErrors + annotations: + description: Kubelet on node {{ $labels.node }} has failed to renew its client certificate ({{ $value | humanize }} errors in the last 5 minutes). + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors + summary: Kubelet has failed to renew its client certificate. + expr: | + increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning + - alert: KubeletServerCertificateRenewalErrors + annotations: + description: Kubelet on node {{ $labels.node }} has failed to renew its server certificate ({{ $value | humanize }} errors in the last 5 minutes). + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors + summary: Kubelet has failed to renew its server certificate. + expr: | + increase(kubelet_server_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning + - alert: KubeletDown + annotations: + description: Kubelet has disappeared from Prometheus target discovery. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletdown + summary: Target disappeared from Prometheus target discovery. + expr: | + absent(up{job="kubelet", metrics_path="/metrics"} == 1) + for: 15m + labels: + severity: critical + - name: kubernetes-system-scheduler + rules: + - alert: KubeSchedulerDown + annotations: + description: KubeScheduler has disappeared from Prometheus target discovery. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeschedulerdown + summary: Target disappeared from Prometheus target discovery. + expr: | + absent(up{job="kube-scheduler"} == 1) + for: 15m + labels: + severity: critical + - name: kubernetes-system-controller-manager + rules: + - alert: KubeControllerManagerDown + annotations: + description: KubeControllerManager has disappeared from Prometheus target discovery. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown + summary: Target disappeared from Prometheus target discovery. + expr: | + absent(up{job="kube-controller-manager"} == 1) + for: 15m + labels: + severity: critical - name: kube-apiserver.rules rules: - expr: | @@ -750,1345 +1365,3 @@ spec: labels: quantile: "0.5" record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - name: kube-prometheus-node-recording.rules - rules: - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) - record: instance:node_cpu:rate:sum - - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) - record: instance:node_network_receive_bytes:rate:sum - - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) - record: instance:node_network_transmit_bytes:rate:sum - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) - record: instance:node_cpu:ratio - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) - record: cluster:node_cpu:sum_rate5m - - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) - record: cluster:node_cpu:ratio - - name: kube-prometheus-general.rules - rules: - - expr: count without(instance, pod, node) (up == 1) - record: count:up1 - - expr: count without(instance, pod, node) (up == 0) - record: count:up0 - - name: kube-state-metrics - rules: - - alert: KubeStateMetricsListErrors - annotations: - description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors - summary: kube-state-metrics is experiencing errors in list operations. - expr: | - (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) - / - sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) - > 0.01 - for: 15m - labels: - severity: critical - - alert: KubeStateMetricsWatchErrors - annotations: - description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors - summary: kube-state-metrics is experiencing errors in watch operations. - expr: | - (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) - / - sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) - > 0.01 - for: 15m - labels: - severity: critical - - name: node-exporter - rules: - - alert: NodeFilesystemSpaceFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup - summary: Filesystem is predicted to run out of space within the next 24 hours. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 - and - predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemSpaceFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup - summary: Filesystem is predicted to run out of space within the next 4 hours. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 - and - predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeFilesystemAlmostOutOfSpace - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace - summary: Filesystem has less than 5% space left. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemAlmostOutOfSpace - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace - summary: Filesystem has less than 3% space left. - expr: | - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeFilesystemFilesFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup - summary: Filesystem is predicted to run out of inodes within the next 24 hours. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 - and - predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemFilesFillingUp - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup - summary: Filesystem is predicted to run out of inodes within the next 4 hours. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 - and - predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeFilesystemAlmostOutOfFiles - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles - summary: Filesystem has less than 5% inodes left. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning - - alert: NodeFilesystemAlmostOutOfFiles - annotations: - description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles - summary: Filesystem has less than 3% inodes left. - expr: | - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical - - alert: NodeNetworkReceiveErrs - annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs - summary: Network interface is reporting many receive errors. - expr: | - rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 - for: 1h - labels: - severity: warning - - alert: NodeNetworkTransmitErrs - annotations: - description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs - summary: Network interface is reporting many transmit errors. - expr: | - rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 - for: 1h - labels: - severity: warning - - alert: NodeHighNumberConntrackEntriesUsed - annotations: - description: '{{ $value | humanizePercentage }} of conntrack entries are used.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodehighnumberconntrackentriesused - summary: Number of conntrack are getting close to the limit. - expr: | - (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 - labels: - severity: warning - - alert: NodeTextFileCollectorScrapeError - annotations: - description: Node Exporter text file collector failed to scrape. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodetextfilecollectorscrapeerror - summary: Node Exporter text file collector failed to scrape. - expr: | - node_textfile_scrape_error{job="node-exporter"} == 1 - labels: - severity: warning - - alert: NodeClockSkewDetected - annotations: - message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected - summary: Clock skew detected. - expr: | - ( - node_timex_offset_seconds > 0.05 - and - deriv(node_timex_offset_seconds[5m]) >= 0 - ) - or - ( - node_timex_offset_seconds < -0.05 - and - deriv(node_timex_offset_seconds[5m]) <= 0 - ) - for: 10m - labels: - severity: warning - - alert: NodeClockNotSynchronising - annotations: - message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising - summary: Clock not synchronising. - expr: | - min_over_time(node_timex_sync_status[5m]) == 0 - and - node_timex_maxerror_seconds >= 16 - for: 10m - labels: - severity: warning - - alert: NodeRAIDDegraded - annotations: - description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded - summary: RAID Array is degraded - expr: | - node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 - for: 15m - labels: - severity: critical - - alert: NodeRAIDDiskFailure - annotations: - description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure - summary: Failed device in RAID array - expr: | - node_md_disks{state="fail"} > 0 - labels: - severity: warning - - name: alertmanager.rules - rules: - - alert: AlertmanagerFailedReload - annotations: - description: Configuration has failed to load for {{ $labels.namespace }}/{{ $labels.pod}}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedreload - summary: Reloading an Alertmanager configuration has failed. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_config_last_reload_successful{job="alertmanager-main",namespace="monitoring"}[5m]) == 0 - for: 10m - labels: - severity: critical - - alert: AlertmanagerMembersInconsistent - annotations: - description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only found {{ $value }} members of the {{$labels.job}} cluster. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagermembersinconsistent - summary: A member of an Alertmanager cluster has not found all other cluster members. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m]) - < on (namespace,service) group_left - count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m])) - for: 10m - labels: - severity: critical - - alert: AlertmanagerFailedToSendAlerts - annotations: - description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedtosendalerts - summary: An Alertmanager instance failed to send notifications. - expr: | - ( - rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) - / - rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: warning - - alert: AlertmanagerClusterFailedToSendAlerts - annotations: - description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts - summary: All Alertmanager instances in a cluster failed to send notifications. - expr: | - min by (namespace,service) ( - rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) - / - rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: critical - - alert: AlertmanagerConfigInconsistent - annotations: - description: Alertmanager instances within the {{$labels.job}} cluster have different configurations. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerconfiginconsistent - summary: Alertmanager instances within the same cluster have different configurations. - expr: | - count by (namespace,service) ( - count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="alertmanager-main",namespace="monitoring"}) - ) - != 1 - for: 20m - labels: - severity: critical - - alert: AlertmanagerClusterDown - annotations: - description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have been up for less than half of the last 5m.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterdown - summary: Half or more of the Alertmanager instances within the same cluster are down. - expr: | - ( - count by (namespace,service) ( - avg_over_time(up{job="alertmanager-main",namespace="monitoring"}[5m]) < 0.5 - ) - / - count by (namespace,service) ( - up{job="alertmanager-main",namespace="monitoring"} - ) - ) - >= 0.5 - for: 5m - labels: - severity: critical - - alert: AlertmanagerClusterCrashlooping - annotations: - description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have restarted at least 5 times in the last 10m.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclustercrashlooping - summary: Half or more of the Alertmanager instances within the same cluster are crashlooping. - expr: | - ( - count by (namespace,service) ( - changes(process_start_time_seconds{job="alertmanager-main",namespace="monitoring"}[10m]) > 4 - ) - / - count by (namespace,service) ( - up{job="alertmanager-main",namespace="monitoring"} - ) - ) - >= 0.5 - for: 5m - labels: - severity: critical - - name: prometheus-operator - rules: - - alert: PrometheusOperatorListErrors - annotations: - description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors - summary: Errors while performing list operations in controller. - expr: | - (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 - for: 15m - labels: - severity: warning - - alert: PrometheusOperatorWatchErrors - annotations: - description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors - summary: Errors while performing watch operations in controller. - expr: | - (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 - for: 15m - labels: - severity: warning - - alert: PrometheusOperatorSyncFailed - annotations: - description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed - summary: Last controller reconciliation failed - expr: | - min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 - for: 10m - labels: - severity: warning - - alert: PrometheusOperatorReconcileErrors - annotations: - description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors - summary: Errors while reconciling controller. - expr: | - (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="monitoring"}[5m]))) > 0.1 - for: 10m - labels: - severity: warning - - alert: PrometheusOperatorNodeLookupErrors - annotations: - description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors - summary: Errors while reconciling Prometheus. - expr: | - rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]) > 0.1 - for: 10m - labels: - severity: warning - - alert: PrometheusOperatorNotReady - annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready - summary: Prometheus operator not ready - expr: | - min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="monitoring"}[5m]) == 0) - for: 5m - labels: - severity: warning - - alert: PrometheusOperatorRejectedResources - annotations: - description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources - summary: Resources rejected by Prometheus operator - expr: | - min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 - for: 5m - labels: - severity: warning - - name: kubernetes-apps - rules: - - alert: KubePodCrashLooping - annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping - summary: Pod is crash looping. - expr: | - rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[5m]) * 60 * 5 > 0 - for: 15m - labels: - severity: warning - - alert: KubePodNotReady - annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready - summary: Pod has been in a non-ready state for more than 15 minutes. - expr: | - sum by (namespace, pod) ( - max by(namespace, pod) ( - kube_pod_status_phase{job="kube-state-metrics", phase=~"Pending|Unknown"} - ) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) ( - 1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) - ) - ) > 0 - for: 15m - labels: - severity: warning - - alert: KubeDeploymentGenerationMismatch - annotations: - description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment }} does not match, this indicates that the Deployment has failed but has not been rolled back. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch - summary: Deployment generation mismatch due to possible roll-back - expr: | - kube_deployment_status_observed_generation{job="kube-state-metrics"} - != - kube_deployment_metadata_generation{job="kube-state-metrics"} - for: 15m - labels: - severity: warning - - alert: KubeDeploymentReplicasMismatch - annotations: - description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch - summary: Deployment has not matched the expected number of replicas. - expr: | - ( - kube_deployment_spec_replicas{job="kube-state-metrics"} - != - kube_deployment_status_replicas_available{job="kube-state-metrics"} - ) and ( - changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeStatefulSetReplicasMismatch - annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch - summary: Deployment has not matched the expected number of replicas. - expr: | - ( - kube_statefulset_status_replicas_ready{job="kube-state-metrics"} - != - kube_statefulset_status_replicas{job="kube-state-metrics"} - ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeStatefulSetGenerationMismatch - annotations: - description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset }} does not match, this indicates that the StatefulSet has failed but has not been rolled back. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch - summary: StatefulSet generation mismatch due to possible roll-back - expr: | - kube_statefulset_status_observed_generation{job="kube-state-metrics"} - != - kube_statefulset_metadata_generation{job="kube-state-metrics"} - for: 15m - labels: - severity: warning - - alert: KubeStatefulSetUpdateNotRolledOut - annotations: - description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} update has not been rolled out. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout - summary: StatefulSet update has not been rolled out. - expr: | - ( - max without (revision) ( - kube_statefulset_status_current_revision{job="kube-state-metrics"} - unless - kube_statefulset_status_update_revision{job="kube-state-metrics"} - ) - * - ( - kube_statefulset_replicas{job="kube-state-metrics"} - != - kube_statefulset_status_replicas_updated{job="kube-state-metrics"} - ) - ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeDaemonSetRolloutStuck - annotations: - description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has not finished or progressed for at least 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck - summary: DaemonSet rollout is stuck. - expr: | - ( - ( - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - ) or ( - kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} - != - 0 - ) or ( - kube_daemonset_updated_number_scheduled{job="kube-state-metrics"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - ) or ( - kube_daemonset_status_number_available{job="kube-state-metrics"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - ) - ) and ( - changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning - - alert: KubeContainerWaiting - annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} has been in waiting state for longer than 1 hour. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting - summary: Pod container waiting longer than 1 hour - expr: | - sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0 - for: 1h - labels: - severity: warning - - alert: KubeDaemonSetNotScheduled - annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are not scheduled.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled - summary: DaemonSet pods are not scheduled. - expr: | - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} - - - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics"} > 0 - for: 10m - labels: - severity: warning - - alert: KubeDaemonSetMisScheduled - annotations: - description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are running where they are not supposed to run.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled - summary: DaemonSet pods are misscheduled. - expr: | - kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0 - for: 15m - labels: - severity: warning - - alert: KubeJobCompletion - annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking more than 12 hours to complete. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion - summary: Job did not complete in time - expr: | - kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0 - for: 12h - labels: - severity: warning - - alert: KubeJobFailed - annotations: - description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to complete. Removing failed job after investigation should clear this alert. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed - summary: Job failed to complete. - expr: | - kube_job_failed{job="kube-state-metrics"} > 0 - for: 15m - labels: - severity: warning - - alert: KubeHpaReplicasMismatch - annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched the desired number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch - summary: HPA has not matched descired number of replicas. - expr: | - (kube_hpa_status_desired_replicas{job="kube-state-metrics"} - != - kube_hpa_status_current_replicas{job="kube-state-metrics"}) - and - (kube_hpa_status_current_replicas{job="kube-state-metrics"} - > - kube_hpa_spec_min_replicas{job="kube-state-metrics"}) - and - (kube_hpa_status_current_replicas{job="kube-state-metrics"} - < - kube_hpa_spec_max_replicas{job="kube-state-metrics"}) - and - changes(kube_hpa_status_current_replicas[15m]) == 0 - for: 15m - labels: - severity: warning - - alert: KubeHpaMaxedOut - annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running at max replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout - summary: HPA is running at max replicas - expr: | - kube_hpa_status_current_replicas{job="kube-state-metrics"} - == - kube_hpa_spec_max_replicas{job="kube-state-metrics"} - for: 15m - labels: - severity: warning - - name: kubernetes-resources - rules: - - alert: KubeCPUOvercommit - annotations: - description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit - summary: Cluster has overcommitted CPU resource requests. - expr: | - sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) - / - sum(kube_node_status_allocatable_cpu_cores) - > - (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) - for: 5m - labels: - severity: warning - - alert: KubeMemoryOvercommit - annotations: - description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit - summary: Cluster has overcommitted memory resource requests. - expr: | - sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) - / - sum(kube_node_status_allocatable_memory_bytes) - > - (count(kube_node_status_allocatable_memory_bytes)-1) - / - count(kube_node_status_allocatable_memory_bytes) - for: 5m - labels: - severity: warning - - alert: KubeCPUQuotaOvercommit - annotations: - description: Cluster has overcommitted CPU resource requests for Namespaces. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit - summary: Cluster has overcommitted CPU resource requests. - expr: | - sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) - / - sum(kube_node_status_allocatable_cpu_cores) - > 1.5 - for: 5m - labels: - severity: warning - - alert: KubeMemoryQuotaOvercommit - annotations: - description: Cluster has overcommitted memory resource requests for Namespaces. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryquotaovercommit - summary: Cluster has overcommitted memory resource requests. - expr: | - sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) - / - sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) - > 1.5 - for: 5m - labels: - severity: warning - - alert: KubeQuotaAlmostFull - annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull - summary: Namespace quota is going to be full. - expr: | - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - > 0.9 < 1 - for: 15m - labels: - severity: info - - alert: KubeQuotaFullyUsed - annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused - summary: Namespace quota is fully used. - expr: | - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - == 1 - for: 15m - labels: - severity: info - - alert: KubeQuotaExceeded - annotations: - description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded - summary: Namespace quota has exceeded the limits. - expr: | - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - > 1 - for: 15m - labels: - severity: warning - - alert: CPUThrottlingHigh - annotations: - description: '{{ $value | humanizePercentage }} throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ $labels.pod }}.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh - summary: Processes experience elevated CPU throttling. - expr: | - sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) - / - sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) - > ( 25 / 100 ) - for: 15m - labels: - severity: info - - name: kubernetes-storage - rules: - - alert: KubePersistentVolumeFillingUp - annotations: - description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage }} free. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup - summary: PersistentVolume is filling up. - expr: | - kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} - < 0.03 - for: 1m - labels: - severity: critical - - alert: KubePersistentVolumeFillingUp - annotations: - description: Based on recent sampling, the PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is expected to fill up within four days. Currently {{ $value | humanizePercentage }} is available. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup - summary: PersistentVolume is filling up. - expr: | - ( - kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} - ) < 0.15 - and - predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 - for: 1h - labels: - severity: warning - - alert: KubePersistentVolumeErrors - annotations: - description: The persistent volume {{ $labels.persistentvolume }} has status {{ $labels.phase }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors - summary: PersistentVolume is having issues with provisioning. - expr: | - kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 - for: 5m - labels: - severity: critical - - name: kubernetes-system - rules: - - alert: KubeVersionMismatch - annotations: - description: There are {{ $value }} different semantic versions of Kubernetes components running. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch - summary: Different semantic versions of Kubernetes components running. - expr: | - count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 - for: 15m - labels: - severity: warning - - alert: KubeClientErrors - annotations: - description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance }}' is experiencing {{ $value | humanizePercentage }} errors.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors - summary: Kubernetes API server client is experiencing errors. - expr: | - (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) - / - sum(rate(rest_client_requests_total[5m])) by (instance, job)) - > 0.01 - for: 15m - labels: - severity: warning - - name: kube-apiserver-slos - rules: - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) - and - sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) - for: 2m - labels: - long: 1h - severity: critical - short: 5m - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) - and - sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) - for: 15m - labels: - long: 6h - severity: critical - short: 30m - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) - and - sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) - for: 1h - labels: - long: 1d - severity: warning - short: 2h - - alert: KubeAPIErrorBudgetBurn - annotations: - description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: | - sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) - and - sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) - for: 3h - labels: - long: 3d - severity: warning - short: 6h - - name: kubernetes-system-apiserver - rules: - - alert: KubeClientCertificateExpiration - annotations: - description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration - summary: Client certificate is about to expire. - expr: | - apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 - labels: - severity: warning - - alert: KubeClientCertificateExpiration - annotations: - description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration - summary: Client certificate is about to expire. - expr: | - apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 - labels: - severity: critical - - alert: AggregatedAPIErrors - annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors - summary: An aggregated API has reported errors. - expr: | - sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 - labels: - severity: warning - - alert: AggregatedAPIDown - annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has been only {{ $value | humanize }}% available over the last 10m. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown - summary: An aggregated API is down. - expr: | - (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 - for: 5m - labels: - severity: warning - - alert: KubeAPIDown - annotations: - description: KubeAPI has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapidown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="apiserver"} == 1) - for: 15m - labels: - severity: critical - - name: kubernetes-system-kubelet - rules: - - alert: KubeNodeNotReady - annotations: - description: '{{ $labels.node }} has been unready for more than 15 minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodenotready - summary: Node is not ready. - expr: | - kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 - for: 15m - labels: - severity: warning - - alert: KubeNodeUnreachable - annotations: - description: '{{ $labels.node }} is unreachable and some workloads may be rescheduled.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable - summary: Node is unreachable. - expr: | - (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 - for: 15m - labels: - severity: warning - - alert: KubeletTooManyPods - annotations: - description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage }} of its Pod capacity. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods - summary: Kubelet is running at capacity. - expr: | - count by(node) ( - (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) - ) - / - max by(node) ( - kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 - ) > 0.95 - for: 15m - labels: - severity: warning - - alert: KubeNodeReadinessFlapping - annotations: - description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping - summary: Node readiness status is flapping. - expr: | - sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 - for: 15m - labels: - severity: warning - - alert: KubeletPlegDurationHigh - annotations: - description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh - summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. - expr: | - node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 - for: 5m - labels: - severity: warning - - alert: KubeletPodStartUpLatencyHigh - annotations: - description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh - summary: Kubelet Pod startup latency is too high. - expr: | - histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 - for: 15m - labels: - severity: warning - - alert: KubeletClientCertificateExpiration - annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration - summary: Kubelet client certificate is about to expire. - expr: | - kubelet_certificate_manager_client_ttl_seconds < 604800 - labels: - severity: warning - - alert: KubeletClientCertificateExpiration - annotations: - description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration - summary: Kubelet client certificate is about to expire. - expr: | - kubelet_certificate_manager_client_ttl_seconds < 86400 - labels: - severity: critical - - alert: KubeletServerCertificateExpiration - annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration - summary: Kubelet server certificate is about to expire. - expr: | - kubelet_certificate_manager_server_ttl_seconds < 604800 - labels: - severity: warning - - alert: KubeletServerCertificateExpiration - annotations: - description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration - summary: Kubelet server certificate is about to expire. - expr: | - kubelet_certificate_manager_server_ttl_seconds < 86400 - labels: - severity: critical - - alert: KubeletClientCertificateRenewalErrors - annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its client certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors - summary: Kubelet has failed to renew its client certificate. - expr: | - increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: KubeletServerCertificateRenewalErrors - annotations: - description: Kubelet on node {{ $labels.node }} has failed to renew its server certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors - summary: Kubelet has failed to renew its server certificate. - expr: | - increase(kubelet_server_expiration_renew_errors[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: KubeletDown - annotations: - description: Kubelet has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletdown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="kubelet", metrics_path="/metrics"} == 1) - for: 15m - labels: - severity: critical - - name: kubernetes-system-scheduler - rules: - - alert: KubeSchedulerDown - annotations: - description: KubeScheduler has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeschedulerdown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="kube-scheduler"} == 1) - for: 15m - labels: - severity: critical - - name: kubernetes-system-controller-manager - rules: - - alert: KubeControllerManagerDown - annotations: - description: KubeControllerManager has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown - summary: Target disappeared from Prometheus target discovery. - expr: | - absent(up{job="kube-controller-manager"} == 1) - for: 15m - labels: - severity: critical - - name: prometheus - rules: - - alert: PrometheusBadConfig - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to reload its configuration. - summary: Failed Prometheus configuration reload. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(prometheus_config_last_reload_successful{job="prometheus-k8s",namespace="monitoring"}[5m]) == 0 - for: 10m - labels: - severity: critical - - alert: PrometheusNotificationQueueRunningFull - annotations: - description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. - summary: Prometheus alert notification queue predicted to run full in less than 30m. - expr: | - # Without min_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - predict_linear(prometheus_notifications_queue_length{job="prometheus-k8s",namespace="monitoring"}[5m], 60 * 30) - > - min_over_time(prometheus_notifications_queue_capacity{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - for: 15m - labels: - severity: warning - - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers - annotations: - description: '{{ printf "%.1f" $value }}% errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' - summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. - expr: | - ( - rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - * 100 - > 1 - for: 15m - labels: - severity: warning - - alert: PrometheusNotConnectedToAlertmanagers - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. - summary: Prometheus is not connected to any Alertmanagers. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(prometheus_notifications_alertmanagers_discovered{job="prometheus-k8s",namespace="monitoring"}[5m]) < 1 - for: 10m - labels: - severity: warning - - alert: PrometheusTSDBReloadsFailing - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} reload failures over the last 3h. - summary: Prometheus has issues reloading blocks from disk. - expr: | - increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 - for: 4h - labels: - severity: warning - - alert: PrometheusTSDBCompactionsFailing - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} compaction failures over the last 3h. - summary: Prometheus has issues compacting blocks. - expr: | - increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 - for: 4h - labels: - severity: warning - - alert: PrometheusNotIngestingSamples - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. - summary: Prometheus is not ingesting samples. - expr: | - ( - rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 - and - ( - sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="prometheus-k8s",namespace="monitoring"}) > 0 - or - sum without(rule_group) (prometheus_rule_group_rules{job="prometheus-k8s",namespace="monitoring"}) > 0 - ) - ) - for: 10m - labels: - severity: warning - - alert: PrometheusDuplicateTimestamps - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with different values but duplicated timestamp. - summary: Prometheus is dropping samples with duplicate timestamps. - expr: | - rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 10m - labels: - severity: warning - - alert: PrometheusOutOfOrderTimestamps - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. - summary: Prometheus drops samples with out-of-order timestamps. - expr: | - rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 10m - labels: - severity: warning - - alert: PrometheusRemoteStorageFailures - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ $labels.url }} - summary: Prometheus fails to send samples to remote storage. - expr: | - ( - rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - ( - rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - + - rate(prometheus_remote_storage_succeeded_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - ) - * 100 - > 1 - for: 15m - labels: - severity: critical - - alert: PrometheusRemoteWriteBehind - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url }}. - summary: Prometheus remote write is behind. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) - - ignoring(remote_name, url) group_right - max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - > 120 - for: 15m - labels: - severity: critical - - alert: PrometheusRemoteWriteDesiredShards - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write desired shards calculation wants to run {{ $value }} shards for queue {{ $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` $labels.instance | query | first | value }}. - summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. - expr: | - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - max_over_time(prometheus_remote_storage_shards_desired{job="prometheus-k8s",namespace="monitoring"}[5m]) - > - max_over_time(prometheus_remote_storage_shards_max{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - for: 15m - labels: - severity: warning - - alert: PrometheusRuleFailures - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to evaluate {{ printf "%.0f" $value }} rules in the last 5m. - summary: Prometheus is failing rule evaluations. - expr: | - increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 15m - labels: - severity: critical - - alert: PrometheusMissingRuleEvaluations - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ printf "%.0f" $value }} rule group evaluations in the last 5m. - summary: Prometheus is missing rule evaluations due to slow rule group evaluation. - expr: | - increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: PrometheusTargetLimitHit - annotations: - description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because the number of targets exceeded the configured target_limit. - summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. - expr: | - increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 - for: 15m - labels: - severity: warning - - alert: PrometheusErrorSendingAlertsToAnyAlertmanager - annotations: - description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' - summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. - expr: | - min without (alertmanager) ( - rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - / - rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) - ) - * 100 - > 3 - for: 15m - labels: - severity: critical - - name: general.rules - rules: - - alert: TargetDown - annotations: - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' - expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 - for: 10m - labels: - severity: warning - - alert: Watchdog - annotations: - message: | - This is an alert meant to ensure that the entire alerting pipeline is functional. - This alert is always firing, therefore it should always be firing in Alertmanager - and always fire against a receiver. There are integrations with various notification - mechanisms that send a notification when this alert is not firing. For example the - "DeadMansSnitch" integration in PagerDuty. - expr: vector(1) - labels: - severity: none - - name: node-network - rules: - - alert: NodeNetworkInterfaceFlapping - annotations: - message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" - expr: | - changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 - for: 2m - labels: - severity: warning diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml new file mode 100644 index 00000000..eee95a1a --- /dev/null +++ b/manifests/node-exporter-prometheusRule.yaml @@ -0,0 +1,266 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: node-exporter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 1.0.1 + prometheus: k8s + role: alert-rules + name: node-exporter-rules + namespace: monitoring +spec: + groups: + - name: node-exporter + rules: + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. + summary: Filesystem is predicted to run out of space within the next 24 hours. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. + summary: Filesystem is predicted to run out of space within the next 4 hours. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. + summary: Filesystem has less than 5% space left. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. + summary: Filesystem has less than 3% space left. + expr: | + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. + summary: Filesystem is predicted to run out of inodes within the next 24 hours. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. + summary: Filesystem is predicted to run out of inodes within the next 4 hours. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. + summary: Filesystem has less than 5% inodes left. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. + summary: Filesystem has less than 3% inodes left. + expr: | + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical + - alert: NodeNetworkReceiveErrs + annotations: + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' + summary: Network interface is reporting many receive errors. + expr: | + rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning + - alert: NodeNetworkTransmitErrs + annotations: + description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' + summary: Network interface is reporting many transmit errors. + expr: | + rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning + - alert: NodeHighNumberConntrackEntriesUsed + annotations: + description: '{{ $value | humanizePercentage }} of conntrack entries are used.' + summary: Number of conntrack are getting close to the limit. + expr: | + (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 + labels: + severity: warning + - alert: NodeTextFileCollectorScrapeError + annotations: + description: Node Exporter text file collector failed to scrape. + summary: Node Exporter text file collector failed to scrape. + expr: | + node_textfile_scrape_error{job="node-exporter"} == 1 + labels: + severity: warning + - alert: NodeClockSkewDetected + annotations: + message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + summary: Clock skew detected. + expr: | + ( + node_timex_offset_seconds > 0.05 + and + deriv(node_timex_offset_seconds[5m]) >= 0 + ) + or + ( + node_timex_offset_seconds < -0.05 + and + deriv(node_timex_offset_seconds[5m]) <= 0 + ) + for: 10m + labels: + severity: warning + - alert: NodeClockNotSynchronising + annotations: + message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. + summary: Clock not synchronising. + expr: | + min_over_time(node_timex_sync_status[5m]) == 0 + and + node_timex_maxerror_seconds >= 16 + for: 10m + labels: + severity: warning + - alert: NodeRAIDDegraded + annotations: + description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. + summary: RAID Array is degraded + expr: | + node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 + for: 15m + labels: + severity: critical + - alert: NodeRAIDDiskFailure + annotations: + description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. + summary: Failed device in RAID array + expr: | + node_md_disks{state="fail"} > 0 + labels: + severity: warning + - name: node-exporter.rules + rules: + - expr: | + count without (cpu) ( + count without (mode) ( + node_cpu_seconds_total{job="node-exporter"} + ) + ) + record: instance:node_num_cpu:sum + - expr: | + 1 - avg without (cpu, mode) ( + rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) + ) + record: instance:node_cpu_utilisation:rate1m + - expr: | + ( + node_load1{job="node-exporter"} + / + instance:node_num_cpu:sum{job="node-exporter"} + ) + record: instance:node_load1_per_cpu:ratio + - expr: | + 1 - ( + node_memory_MemAvailable_bytes{job="node-exporter"} + / + node_memory_MemTotal_bytes{job="node-exporter"} + ) + record: instance:node_memory_utilisation:ratio + - expr: | + rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) + record: instance:node_vmstat_pgmajfault:rate1m + - expr: | + rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_seconds:rate1m + - expr: | + rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_weighted_seconds:rate1m + - expr: | + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_bytes_excluding_lo:rate1m + - expr: | + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_bytes_excluding_lo:rate1m + - expr: | + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_drop_excluding_lo:rate1m + - expr: | + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_drop_excluding_lo:rate1m diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml new file mode 100644 index 00000000..c1f85086 --- /dev/null +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -0,0 +1,79 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.45.0 + prometheus: k8s + role: alert-rules + name: prometheus-operator-rules + namespace: monitoring +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorListErrors + annotations: + description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. + summary: Errors while performing list operations in controller. + expr: | + (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning + - alert: PrometheusOperatorWatchErrors + annotations: + description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. + summary: Errors while performing watch operations in controller. + expr: | + (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning + - alert: PrometheusOperatorSyncFailed + annotations: + description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. + summary: Last controller reconciliation failed + expr: | + min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 + for: 10m + labels: + severity: warning + - alert: PrometheusOperatorReconcileErrors + annotations: + description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' + summary: Errors while reconciling controller. + expr: | + (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="monitoring"}[5m]))) > 0.1 + for: 10m + labels: + severity: warning + - alert: PrometheusOperatorNodeLookupErrors + annotations: + description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. + summary: Errors while reconciling Prometheus. + expr: | + rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]) > 0.1 + for: 10m + labels: + severity: warning + - alert: PrometheusOperatorNotReady + annotations: + description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. + summary: Prometheus operator not ready + expr: | + min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="monitoring"}[5m]) == 0) + for: 5m + labels: + severity: warning + - alert: PrometheusOperatorRejectedResources + annotations: + description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. + summary: Resources rejected by Prometheus operator + expr: | + min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 + for: 5m + labels: + severity: warning diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml new file mode 100644 index 00000000..aa4f0ce9 --- /dev/null +++ b/manifests/prometheus-prometheusRule.yaml @@ -0,0 +1,213 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.24.0 + prometheus: k8s + role: alert-rules + name: k8s-rules + namespace: monitoring +spec: + groups: + - name: prometheus + rules: + - alert: PrometheusBadConfig + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to reload its configuration. + summary: Failed Prometheus configuration reload. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_config_last_reload_successful{job="prometheus-k8s",namespace="monitoring"}[5m]) == 0 + for: 10m + labels: + severity: critical + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. + summary: Prometheus alert notification queue predicted to run full in less than 30m. + expr: | + # Without min_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + predict_linear(prometheus_notifications_queue_length{job="prometheus-k8s",namespace="monitoring"}[5m], 60 * 30) + > + min_over_time(prometheus_notifications_queue_capacity{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + for: 15m + labels: + severity: warning + - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers + annotations: + description: '{{ printf "%.1f" $value }}% errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' + summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. + expr: | + ( + rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + / + rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + * 100 + > 1 + for: 15m + labels: + severity: warning + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. + summary: Prometheus is not connected to any Alertmanagers. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_notifications_alertmanagers_discovered{job="prometheus-k8s",namespace="monitoring"}[5m]) < 1 + for: 10m + labels: + severity: warning + - alert: PrometheusTSDBReloadsFailing + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} reload failures over the last 3h. + summary: Prometheus has issues reloading blocks from disk. + expr: | + increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 + for: 4h + labels: + severity: warning + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} compaction failures over the last 3h. + summary: Prometheus has issues compacting blocks. + expr: | + increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 + for: 4h + labels: + severity: warning + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. + summary: Prometheus is not ingesting samples. + expr: | + ( + rate(prometheus_tsdb_head_samples_appended_total{job="prometheus-k8s",namespace="monitoring"}[5m]) <= 0 + and + ( + sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="prometheus-k8s",namespace="monitoring"}) > 0 + or + sum without(rule_group) (prometheus_rule_group_rules{job="prometheus-k8s",namespace="monitoring"}) > 0 + ) + ) + for: 10m + labels: + severity: warning + - alert: PrometheusDuplicateTimestamps + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with different values but duplicated timestamp. + summary: Prometheus is dropping samples with duplicate timestamps. + expr: | + rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 + for: 10m + labels: + severity: warning + - alert: PrometheusOutOfOrderTimestamps + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. + summary: Prometheus drops samples with out-of-order timestamps. + expr: | + rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 + for: 10m + labels: + severity: warning + - alert: PrometheusRemoteStorageFailures + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ $labels.url }} + summary: Prometheus fails to send samples to remote storage. + expr: | + ( + rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + / + ( + rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + + + rate(prometheus_remote_storage_succeeded_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + ) + * 100 + > 1 + for: 15m + labels: + severity: critical + - alert: PrometheusRemoteWriteBehind + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url }}. + summary: Prometheus remote write is behind. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) + - ignoring(remote_name, url) group_right + max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + > 120 + for: 15m + labels: + severity: critical + - alert: PrometheusRemoteWriteDesiredShards + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write desired shards calculation wants to run {{ $value }} shards for queue {{ $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` $labels.instance | query | first | value }}. + summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. + expr: | + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_shards_desired{job="prometheus-k8s",namespace="monitoring"}[5m]) + > + max_over_time(prometheus_remote_storage_shards_max{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + for: 15m + labels: + severity: warning + - alert: PrometheusRuleFailures + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to evaluate {{ printf "%.0f" $value }} rules in the last 5m. + summary: Prometheus is failing rule evaluations. + expr: | + increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 + for: 15m + labels: + severity: critical + - alert: PrometheusMissingRuleEvaluations + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ printf "%.0f" $value }} rule group evaluations in the last 5m. + summary: Prometheus is missing rule evaluations due to slow rule group evaluation. + expr: | + increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 + for: 15m + labels: + severity: warning + - alert: PrometheusTargetLimitHit + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because the number of targets exceeded the configured target_limit. + summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. + expr: | + increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 + for: 15m + labels: + severity: warning + - alert: PrometheusErrorSendingAlertsToAnyAlertmanager + annotations: + description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' + summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. + expr: | + min without (alertmanager) ( + rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + / + rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + ) + * 100 + > 3 + for: 15m + labels: + severity: critical From 1eedb90c17943566b6750076082b1e9912393f7d Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 14:54:19 +0100 Subject: [PATCH 104/388] jsonnet: move files around Signed-off-by: paulfantom --- example.jsonnet | 16 +++++++-------- examples/kustomize.jsonnet | 2 +- .../all-namespaces.libsonnet} | 0 .../anti-affinity.libsonnet} | 0 .../config-mixins.libsonnet} | 2 +- .../custom-metrics.libsonnet} | 0 ...g-deprecated-metrics-relabelings.libsonnet | 0 .../external-metrics.libsonnet} | 0 .../grafana-weave-net-cluster.json | 0 .../{ => addons}/grafana-weave-net.json | 0 .../{lib => addons}/image.libsonnet | 0 .../insecure-kubelet.libsonnet} | 0 .../kops-coredns.libsonnet} | 0 .../managed-cluster.libsonnet} | 2 +- .../node-ports.libsonnet} | 0 .../static-etcd.libsonnet} | 0 .../strip-limits.libsonnet} | 0 .../thanos-sidecar.libsonnet} | 0 .../weave-net.libsonnet} | 0 .../alertmanager.libsonnet | 0 .../blackbox-exporter.libsonnet | 2 +- .../{grafana => components}/grafana.libsonnet | 0 .../ksm-autoscaler.libsonnet | 0 .../kube-rbac-proxy.libsonnet} | 0 .../kube-state-metrics.libsonnet | 2 +- .../mixin/alerts/alerts.libsonnet | 0 .../mixin/alerts/general.libsonnet | 0 .../mixin/alerts/node.libsonnet | 0 .../{ => components}/mixin/alerts/tests.yaml | 0 .../{ => components}/mixin/custom.libsonnet | 0 .../mixin/kubernetes.libsonnet | 0 .../mixin/rules/general.libsonnet | 0 .../mixin/rules/node-rules.libsonnet | 0 .../mixin/rules/rules.libsonnet | 0 .../node-exporter.libsonnet | 2 +- .../prometheus-adapter.libsonnet | 0 .../prometheus-operator.libsonnet | 2 +- .../prometheus.libsonnet | 2 +- .../kube-prometheus-ksonnet.libsonnet | 8 -------- jsonnet/kube-prometheus/lib/lib.libsonnet | 1 - ...be-prometheus.libsonnet => main.libsonnet} | 20 +++++++++---------- .../aws.libsonnet} | 0 .../bootkube.libsonnet} | 0 .../eks.libsonnet} | 0 .../gke.libsonnet} | 2 +- .../kops.libsonnet} | 0 .../kubeadm.libsonnet} | 0 .../kubespray.libsonnet} | 0 48 files changed, 27 insertions(+), 36 deletions(-) rename jsonnet/kube-prometheus/{kube-prometheus-all-namespaces.libsonnet => addons/all-namespaces.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-anti-affinity.libsonnet => addons/anti-affinity.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-config-mixins.libsonnet => addons/config-mixins.libsonnet} (94%) rename jsonnet/kube-prometheus/{kube-prometheus-custom-metrics.libsonnet => addons/custom-metrics.libsonnet} (100%) rename jsonnet/kube-prometheus/{ => addons}/dropping-deprecated-metrics-relabelings.libsonnet (100%) rename jsonnet/kube-prometheus/{kube-prometheus-external-metrics.libsonnet => addons/external-metrics.libsonnet} (100%) rename jsonnet/kube-prometheus/{ => addons}/grafana-weave-net-cluster.json (100%) rename jsonnet/kube-prometheus/{ => addons}/grafana-weave-net.json (100%) rename jsonnet/kube-prometheus/{lib => addons}/image.libsonnet (100%) rename jsonnet/kube-prometheus/{kube-prometheus-insecure-kubelet.libsonnet => addons/insecure-kubelet.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-kops-coredns.libsonnet => addons/kops-coredns.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-managed-cluster.libsonnet => addons/managed-cluster.libsonnet} (94%) rename jsonnet/kube-prometheus/{kube-prometheus-node-ports.libsonnet => addons/node-ports.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-static-etcd.libsonnet => addons/static-etcd.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-strip-limits.libsonnet => addons/strip-limits.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-thanos-sidecar.libsonnet => addons/thanos-sidecar.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-weave-net.libsonnet => addons/weave-net.libsonnet} (100%) rename jsonnet/kube-prometheus/{alertmanager => components}/alertmanager.libsonnet (100%) rename jsonnet/kube-prometheus/{blackbox-exporter => components}/blackbox-exporter.libsonnet (99%) rename jsonnet/kube-prometheus/{grafana => components}/grafana.libsonnet (100%) rename jsonnet/kube-prometheus/{ksm-autoscaler => components}/ksm-autoscaler.libsonnet (100%) rename jsonnet/kube-prometheus/{kube-rbac-proxy/container.libsonnet => components/kube-rbac-proxy.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-state-metrics => components}/kube-state-metrics.libsonnet (98%) rename jsonnet/kube-prometheus/{ => components}/mixin/alerts/alerts.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/alerts/general.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/alerts/node.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/alerts/tests.yaml (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/custom.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/kubernetes.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/rules/general.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/rules/node-rules.libsonnet (100%) rename jsonnet/kube-prometheus/{ => components}/mixin/rules/rules.libsonnet (100%) rename jsonnet/kube-prometheus/{node-exporter => components}/node-exporter.libsonnet (99%) rename jsonnet/kube-prometheus/{prometheus-adapter => components}/prometheus-adapter.libsonnet (100%) rename jsonnet/kube-prometheus/{prometheus-operator => components}/prometheus-operator.libsonnet (98%) rename jsonnet/kube-prometheus/{prometheus => components}/prometheus.libsonnet (99%) delete mode 100644 jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet delete mode 100644 jsonnet/kube-prometheus/lib/lib.libsonnet rename jsonnet/kube-prometheus/{kube-prometheus.libsonnet => main.libsonnet} (82%) rename jsonnet/kube-prometheus/{kube-prometheus-kube-aws.libsonnet => platforms/aws.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-bootkube.libsonnet => platforms/bootkube.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-eks.libsonnet => platforms/eks.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-gke.libsonnet => platforms/gke.libsonnet} (73%) rename jsonnet/kube-prometheus/{kube-prometheus-kops.libsonnet => platforms/kops.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-kubeadm.libsonnet => platforms/kubeadm.libsonnet} (100%) rename jsonnet/kube-prometheus/{kube-prometheus-kubespray.libsonnet => platforms/kubespray.libsonnet} (100%) diff --git a/example.jsonnet b/example.jsonnet index c3c496b9..ca5028c8 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -1,13 +1,13 @@ local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + // Uncomment the following imports to enable its patches - // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + + // (import 'kube-prometheus/addons/anti-affinity.libsonnet') + + // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + + // (import 'kube-prometheus/addons/node-ports.libsonnet') + + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + + // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + + // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + + // (import 'kube-prometheus/addons/external-metrics.libsonnet') + { values+:: { common+: { diff --git a/examples/kustomize.jsonnet b/examples/kustomize.jsonnet index 875d3501..ab548b05 100644 --- a/examples/kustomize.jsonnet +++ b/examples/kustomize.jsonnet @@ -1,5 +1,5 @@ local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + { + (import 'kube-prometheus/main.libsonnet') + { values+:: { common+: { namespace: 'monitoring', diff --git a/jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet b/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-all-namespaces.libsonnet rename to jsonnet/kube-prometheus/addons/all-namespaces.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet rename to jsonnet/kube-prometheus/addons/anti-affinity.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet similarity index 94% rename from jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet rename to jsonnet/kube-prometheus/addons/config-mixins.libsonnet index ff8fd297..5798e71d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-config-mixins.libsonnet +++ b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet @@ -1,4 +1,4 @@ -local l = import 'lib/lib.libsonnet'; +local l = import 'image.libsonnet'; // withImageRepository is a mixin that replaces all images prefixes by repository. eg. // quay.io/coreos/addon-resizer -> $repository/addon-resizer diff --git a/jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet b/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-custom-metrics.libsonnet rename to jsonnet/kube-prometheus/addons/custom-metrics.libsonnet diff --git a/jsonnet/kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet rename to jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet b/jsonnet/kube-prometheus/addons/external-metrics.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-external-metrics.libsonnet rename to jsonnet/kube-prometheus/addons/external-metrics.libsonnet diff --git a/jsonnet/kube-prometheus/grafana-weave-net-cluster.json b/jsonnet/kube-prometheus/addons/grafana-weave-net-cluster.json similarity index 100% rename from jsonnet/kube-prometheus/grafana-weave-net-cluster.json rename to jsonnet/kube-prometheus/addons/grafana-weave-net-cluster.json diff --git a/jsonnet/kube-prometheus/grafana-weave-net.json b/jsonnet/kube-prometheus/addons/grafana-weave-net.json similarity index 100% rename from jsonnet/kube-prometheus/grafana-weave-net.json rename to jsonnet/kube-prometheus/addons/grafana-weave-net.json diff --git a/jsonnet/kube-prometheus/lib/image.libsonnet b/jsonnet/kube-prometheus/addons/image.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/lib/image.libsonnet rename to jsonnet/kube-prometheus/addons/image.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet b/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet rename to jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet b/jsonnet/kube-prometheus/addons/kops-coredns.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-kops-coredns.libsonnet rename to jsonnet/kube-prometheus/addons/kops-coredns.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-managed-cluster.libsonnet b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet similarity index 94% rename from jsonnet/kube-prometheus/kube-prometheus-managed-cluster.libsonnet rename to jsonnet/kube-prometheus/addons/managed-cluster.libsonnet index 9b4e1a8c..8e09330c 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-managed-cluster.libsonnet +++ b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -1,5 +1,5 @@ // On managed Kubernetes clusters some of the control plane components are not exposed to customers. -// Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'kube-prometheus.libsonnet' defaults +// Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'main.libsonnet' defaults { _config+:: { diff --git a/jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet b/jsonnet/kube-prometheus/addons/node-ports.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-node-ports.libsonnet rename to jsonnet/kube-prometheus/addons/node-ports.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet rename to jsonnet/kube-prometheus/addons/static-etcd.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet b/jsonnet/kube-prometheus/addons/strip-limits.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet rename to jsonnet/kube-prometheus/addons/strip-limits.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet rename to jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet b/jsonnet/kube-prometheus/addons/weave-net.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-weave-net.libsonnet rename to jsonnet/kube-prometheus/addons/weave-net.libsonnet diff --git a/jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet rename to jsonnet/kube-prometheus/components/alertmanager.libsonnet diff --git a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet similarity index 99% rename from jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet rename to jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index ce421209..bbe03ed6 100644 --- a/jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -1,4 +1,4 @@ -local krp = import '../kube-rbac-proxy/container.libsonnet'; +local krp = import './kube-rbac-proxy.libsonnet'; local defaults = { local defaults = self, diff --git a/jsonnet/kube-prometheus/grafana/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/grafana/grafana.libsonnet rename to jsonnet/kube-prometheus/components/grafana.libsonnet diff --git a/jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet b/jsonnet/kube-prometheus/components/ksm-autoscaler.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/ksm-autoscaler/ksm-autoscaler.libsonnet rename to jsonnet/kube-prometheus/components/ksm-autoscaler.libsonnet diff --git a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet b/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet rename to jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet similarity index 98% rename from jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet rename to jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index fdfe3bd5..fa1bfd59 100644 --- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -1,4 +1,4 @@ -local krp = (import '../kube-rbac-proxy/container.libsonnet'); +local krp = import './kube-rbac-proxy.libsonnet'; local defaults = { local defaults = self, diff --git a/jsonnet/kube-prometheus/mixin/alerts/alerts.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/alerts.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/alerts/alerts.libsonnet rename to jsonnet/kube-prometheus/components/mixin/alerts/alerts.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/alerts/general.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/alerts/general.libsonnet rename to jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/alerts/node.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/alerts/node.libsonnet rename to jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/alerts/tests.yaml b/jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml similarity index 100% rename from jsonnet/kube-prometheus/mixin/alerts/tests.yaml rename to jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml diff --git a/jsonnet/kube-prometheus/mixin/custom.libsonnet b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/custom.libsonnet rename to jsonnet/kube-prometheus/components/mixin/custom.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/kubernetes.libsonnet b/jsonnet/kube-prometheus/components/mixin/kubernetes.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/kubernetes.libsonnet rename to jsonnet/kube-prometheus/components/mixin/kubernetes.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/rules/general.libsonnet b/jsonnet/kube-prometheus/components/mixin/rules/general.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/rules/general.libsonnet rename to jsonnet/kube-prometheus/components/mixin/rules/general.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/rules/node-rules.libsonnet b/jsonnet/kube-prometheus/components/mixin/rules/node-rules.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/rules/node-rules.libsonnet rename to jsonnet/kube-prometheus/components/mixin/rules/node-rules.libsonnet diff --git a/jsonnet/kube-prometheus/mixin/rules/rules.libsonnet b/jsonnet/kube-prometheus/components/mixin/rules/rules.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/mixin/rules/rules.libsonnet rename to jsonnet/kube-prometheus/components/mixin/rules/rules.libsonnet diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet similarity index 99% rename from jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet rename to jsonnet/kube-prometheus/components/node-exporter.libsonnet index c5b82498..bd4fbfe7 100644 --- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -1,4 +1,4 @@ -local krp = (import '../kube-rbac-proxy/container.libsonnet'); +local krp = import './kube-rbac-proxy.libsonnet'; local defaults = { local defaults = self, diff --git a/jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet rename to jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet similarity index 98% rename from jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet rename to jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index 8114f91c..96f263d9 100644 --- a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -1,4 +1,4 @@ -local krp = (import '../kube-rbac-proxy/container.libsonnet'); +local krp = import './kube-rbac-proxy.libsonnet'; local prometheusOperator = import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet'; local defaults = { diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet similarity index 99% rename from jsonnet/kube-prometheus/prometheus/prometheus.libsonnet rename to jsonnet/kube-prometheus/components/prometheus.libsonnet index 76a251ff..e93f8537 100644 --- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -1,4 +1,4 @@ -local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'; +local relabelings = import '../addons/dropping-deprecated-metrics-relabelings.libsonnet'; local defaults = { local defaults = self, diff --git a/jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet deleted file mode 100644 index ad13373f..00000000 --- a/jsonnet/kube-prometheus/kube-prometheus-ksonnet.libsonnet +++ /dev/null @@ -1,8 +0,0 @@ -local kp = (import './kube-prometheus/kube-prometheus.libsonnet'); - -{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + -{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + -{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + -{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + -{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } diff --git a/jsonnet/kube-prometheus/lib/lib.libsonnet b/jsonnet/kube-prometheus/lib/lib.libsonnet deleted file mode 100644 index c30f976f..00000000 --- a/jsonnet/kube-prometheus/lib/lib.libsonnet +++ /dev/null @@ -1 +0,0 @@ -(import 'image.libsonnet') diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/main.libsonnet similarity index 82% rename from jsonnet/kube-prometheus/kube-prometheus.libsonnet rename to jsonnet/kube-prometheus/main.libsonnet index d5346317..15f88b7d 100644 --- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -1,13 +1,13 @@ -local alertmanager = import './alertmanager/alertmanager.libsonnet'; -local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet'; -local grafana = import './grafana/grafana.libsonnet'; -local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; -local customMixin = import './mixin/custom.libsonnet'; -local kubernetesMixin = import './mixin/kubernetes.libsonnet'; -local nodeExporter = import './node-exporter/node-exporter.libsonnet'; -local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; -local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet'; -local prometheus = import './prometheus/prometheus.libsonnet'; +local alertmanager = import './components/alertmanager.libsonnet'; +local blackboxExporter = import './components/blackbox-exporter.libsonnet'; +local grafana = import './components/grafana.libsonnet'; +local kubeStateMetrics = import './components/kube-state-metrics.libsonnet'; +local customMixin = import './components/mixin/custom.libsonnet'; +local kubernetesMixin = import './components/mixin/kubernetes.libsonnet'; +local nodeExporter = import './components/node-exporter.libsonnet'; +local prometheusAdapter = import './components/prometheus-adapter.libsonnet'; +local prometheusOperator = import './components/prometheus-operator.libsonnet'; +local prometheus = import './components/prometheus.libsonnet'; { // using `values` as this is similar to helm diff --git a/jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet b/jsonnet/kube-prometheus/platforms/aws.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-kube-aws.libsonnet rename to jsonnet/kube-prometheus/platforms/aws.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet b/jsonnet/kube-prometheus/platforms/bootkube.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-bootkube.libsonnet rename to jsonnet/kube-prometheus/platforms/bootkube.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-eks.libsonnet rename to jsonnet/kube-prometheus/platforms/eks.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet b/jsonnet/kube-prometheus/platforms/gke.libsonnet similarity index 73% rename from jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet rename to jsonnet/kube-prometheus/platforms/gke.libsonnet index 3d64c014..b8b83c28 100644 --- a/jsonnet/kube-prometheus/kube-prometheus-gke.libsonnet +++ b/jsonnet/kube-prometheus/platforms/gke.libsonnet @@ -1,4 +1,4 @@ -(import './kube-prometheus-managed-cluster.libsonnet') + { +(import '../addons/managed-cluster.libsonnet') + { _config+:: { prometheusAdapter+:: { config+: { diff --git a/jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet b/jsonnet/kube-prometheus/platforms/kops.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-kops.libsonnet rename to jsonnet/kube-prometheus/platforms/kops.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet b/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-kubeadm.libsonnet rename to jsonnet/kube-prometheus/platforms/kubeadm.libsonnet diff --git a/jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet b/jsonnet/kube-prometheus/platforms/kubespray.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/kube-prometheus-kubespray.libsonnet rename to jsonnet/kube-prometheus/platforms/kubespray.libsonnet From cbddf907db0bf3c0c5c72960556330b540483c37 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 15:23:24 +0100 Subject: [PATCH 105/388] examples: adjust tests --- examples/jsonnet-snippets/aws.jsonnet | 2 ++ examples/jsonnet-snippets/bootkube.jsonnet | 4 ++-- examples/jsonnet-snippets/kops-coredns.jsonnet | 6 +++--- examples/jsonnet-snippets/kops.jsonnet | 4 ++-- examples/jsonnet-snippets/kube-aws.jsonnet | 2 -- examples/jsonnet-snippets/kubeadm.jsonnet | 4 ++-- examples/jsonnet-snippets/kubespray.jsonnet | 4 ++-- examples/jsonnet-snippets/node-ports.jsonnet | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 examples/jsonnet-snippets/aws.jsonnet delete mode 100644 examples/jsonnet-snippets/kube-aws.jsonnet diff --git a/examples/jsonnet-snippets/aws.jsonnet b/examples/jsonnet-snippets/aws.jsonnet new file mode 100644 index 00000000..6eaca09f --- /dev/null +++ b/examples/jsonnet-snippets/aws.jsonnet @@ -0,0 +1,2 @@ +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/aws.libsonnet') diff --git a/examples/jsonnet-snippets/bootkube.jsonnet b/examples/jsonnet-snippets/bootkube.jsonnet index f7386a01..3d9f3482 100644 --- a/examples/jsonnet-snippets/bootkube.jsonnet +++ b/examples/jsonnet-snippets/bootkube.jsonnet @@ -1,2 +1,2 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-bootkube.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/bootkube.libsonnet') diff --git a/examples/jsonnet-snippets/kops-coredns.jsonnet b/examples/jsonnet-snippets/kops-coredns.jsonnet index 6ba445df..d1af478b 100644 --- a/examples/jsonnet-snippets/kops-coredns.jsonnet +++ b/examples/jsonnet-snippets/kops-coredns.jsonnet @@ -1,3 +1,3 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kops.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kops.libsonnet') + +(import 'kube-prometheus/platforms/kops-coredns.libsonnet') diff --git a/examples/jsonnet-snippets/kops.jsonnet b/examples/jsonnet-snippets/kops.jsonnet index 4ff9ceae..9271b993 100644 --- a/examples/jsonnet-snippets/kops.jsonnet +++ b/examples/jsonnet-snippets/kops.jsonnet @@ -1,2 +1,2 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kops.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kops.libsonnet') diff --git a/examples/jsonnet-snippets/kube-aws.jsonnet b/examples/jsonnet-snippets/kube-aws.jsonnet deleted file mode 100644 index b0842eb2..00000000 --- a/examples/jsonnet-snippets/kube-aws.jsonnet +++ /dev/null @@ -1,2 +0,0 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kube-aws.libsonnet') diff --git a/examples/jsonnet-snippets/kubeadm.jsonnet b/examples/jsonnet-snippets/kubeadm.jsonnet index a7837163..0750b4b3 100644 --- a/examples/jsonnet-snippets/kubeadm.jsonnet +++ b/examples/jsonnet-snippets/kubeadm.jsonnet @@ -1,2 +1,2 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kubeadm.libsonnet') diff --git a/examples/jsonnet-snippets/kubespray.jsonnet b/examples/jsonnet-snippets/kubespray.jsonnet index 1665cf72..d9bb3bd5 100644 --- a/examples/jsonnet-snippets/kubespray.jsonnet +++ b/examples/jsonnet-snippets/kubespray.jsonnet @@ -1,2 +1,2 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kubespray.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kubespray.libsonnet') diff --git a/examples/jsonnet-snippets/node-ports.jsonnet b/examples/jsonnet-snippets/node-ports.jsonnet index c02f1ae7..abc70c94 100644 --- a/examples/jsonnet-snippets/node-ports.jsonnet +++ b/examples/jsonnet-snippets/node-ports.jsonnet @@ -1,2 +1,2 @@ -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/addons/node-ports.libsonnet') From 42a3ac0606818541e66a111693d3ff98c642f7a8 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 15 Jan 2021 15:23:43 +0100 Subject: [PATCH 106/388] regenerate Signed-off-by: paulfantom --- README.md | 50 +++++++++---------- ...prometheus-rules-and-grafana-dashboards.md | 16 +++--- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index b0aab969..c6c71da0 100644 --- a/README.md +++ b/README.md @@ -207,15 +207,15 @@ Here's [example.jsonnet](example.jsonnet): [embedmd]:# (example.jsonnet) ```jsonnet local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + // Uncomment the following imports to enable its patches - // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + + // (import 'kube-prometheus/addons/anti-affinity.libsonnet') + + // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + + // (import 'kube-prometheus/addons/node-ports.libsonnet') + + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + + // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + + // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + + // (import 'kube-prometheus/addons/external-metrics.libsonnet') + { values+:: { common+: { @@ -413,24 +413,24 @@ kubeadm: [embedmd]:# (examples/jsonnet-snippets/kubeadm.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kubeadm.libsonnet') ``` bootkube: [embedmd]:# (examples/jsonnet-snippets/bootkube.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-bootkube.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/bootkube.libsonnet') ``` kops: [embedmd]:# (examples/jsonnet-snippets/kops.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kops.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kops.libsonnet') ``` kops with CoreDNS: @@ -439,25 +439,25 @@ If your kops cluster is using CoreDNS, there is an additional mixin to import. [embedmd]:# (examples/jsonnet-snippets/kops-coredns.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kops.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kops.libsonnet') + +(import 'kube-prometheus/platforms/kops-coredns.libsonnet') ``` kubespray: [embedmd]:# (examples/jsonnet-snippets/kubespray.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kubespray.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/kubespray.libsonnet') ``` -kube-aws: +aws: -[embedmd]:# (examples/jsonnet-snippets/kube-aws.jsonnet) +[embedmd]:# (examples/jsonnet-snippets/aws.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-kube-aws.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/platforms/aws.libsonnet') ``` ### Internal Registry @@ -505,8 +505,8 @@ Another mixin that may be useful for exploring the stack is to expose the UIs of [embedmd]:# (examples/jsonnet-snippets/node-ports.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') +(import 'kube-prometheus/main.libsonnet') + +(import 'kube-prometheus/addons/node-ports.libsonnet') ``` ### Prometheus Object Name diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index b6c9f978..6ea703c6 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -11,15 +11,15 @@ As a basis, all examples in this guide are based on the base example of the kube [embedmd]:# (../example.jsonnet) ```jsonnet local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + // Uncomment the following imports to enable its patches - // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-custom-metrics.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-external-metrics.libsonnet') + + // (import 'kube-prometheus/addons/anti-affinity.libsonnet') + + // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + + // (import 'kube-prometheus/addons/node-ports.libsonnet') + + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + + // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + + // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + + // (import 'kube-prometheus/addons/external-metrics.libsonnet') + { values+:: { common+: { From 828cbbbea4c74a5851aa2b071a6981215daff7d9 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Mon, 18 Jan 2021 14:32:18 +0100 Subject: [PATCH 107/388] OWNERS: This file is superseded by github team under the org --- OWNERS | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 OWNERS diff --git a/OWNERS b/OWNERS deleted file mode 100644 index ec5866b0..00000000 --- a/OWNERS +++ /dev/null @@ -1,15 +0,0 @@ -reviewers: - - brancz - - kakkoyun - - metalmatze - - mxinden - - s-urbaniak - - squat - - paulfantom -approvers: - - brancz - - metalmatze - - mxinden - - s-urbaniak - - squat - - paulfantom From 369730b701ac3161d04392c407775d89875447bd Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 18 Jan 2021 16:41:19 +0100 Subject: [PATCH 108/388] jsonnet: move ksm--autoscaler to addons --- .../{components => addons}/ksm-autoscaler.libsonnet | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename jsonnet/kube-prometheus/{components => addons}/ksm-autoscaler.libsonnet (100%) diff --git a/jsonnet/kube-prometheus/components/ksm-autoscaler.libsonnet b/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/components/ksm-autoscaler.libsonnet rename to jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet From b70eb1c49c48d40f1ec039476d69e1d1d38be404 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 18 Jan 2021 16:41:59 +0100 Subject: [PATCH 109/388] jsonnet: move kops-coredns to platforms --- .../kube-prometheus/{addons => platforms}/kops-coredns.libsonnet | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename jsonnet/kube-prometheus/{addons => platforms}/kops-coredns.libsonnet (100%) diff --git a/jsonnet/kube-prometheus/addons/kops-coredns.libsonnet b/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet similarity index 100% rename from jsonnet/kube-prometheus/addons/kops-coredns.libsonnet rename to jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet From 2913c866bbb612b10f5ce4520a38276d66b68d89 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 13:40:43 +0100 Subject: [PATCH 110/388] fix references to old variables and to other files Signed-off-by: paulfantom --- example.jsonnet | 10 +-- ...ditional-namespaces-servicemonitor.jsonnet | 10 +-- examples/additional-namespaces.jsonnet | 8 ++- examples/alertmanager-config-external.jsonnet | 2 +- examples/alertmanager-config.jsonnet | 4 +- examples/all-namespaces.jsonnet | 13 ++-- .../kube-prometheus/argocd-basic.jsonnet | 9 +-- examples/eks-cni-example.jsonnet | 30 +++++---- examples/etcd-skip-verify.jsonnet | 11 ++-- examples/etcd.jsonnet | 10 +-- ...ditional-jsonnet-dashboard-example.jsonnet | 2 +- ...ional-rendered-dashboard-example-2.jsonnet | 2 +- ...itional-rendered-dashboard-example.jsonnet | 2 +- examples/ingress.jsonnet | 16 +++-- examples/internal-registry.jsonnet | 10 +-- examples/ksonnet-example.jsonnet | 2 +- examples/minikube.jsonnet | 14 ++-- ...heus-additional-alert-rule-example.jsonnet | 40 +++++++----- ...-additional-recording-rule-example.jsonnet | 28 ++++---- ...s-additional-rendered-rule-example.jsonnet | 16 +++-- examples/prometheus-name-override.jsonnet | 2 +- examples/prometheus-pvc.jsonnet | 18 +++--- examples/strip-limits.jsonnet | 10 +-- examples/tolerations.libsonnet | 28 ++++---- examples/weave-net-example.jsonnet | 64 ++++++++++--------- .../addons/anti-affinity.libsonnet | 4 +- .../addons/config-mixins.libsonnet | 2 +- .../addons/custom-metrics.libsonnet | 12 ++-- .../addons/external-metrics.libsonnet | 12 ++-- .../kube-prometheus/addons/image.libsonnet | 21 ------ .../addons/insecure-kubelet.libsonnet | 2 +- .../addons/ksm-autoscaler.libsonnet | 18 +++--- .../addons/managed-cluster.libsonnet | 4 +- .../addons/static-etcd.libsonnet | 16 ++--- .../addons/thanos-sidecar.libsonnet | 4 +- .../kube-prometheus/platforms/eks.libsonnet | 45 +++++++------ 36 files changed, 267 insertions(+), 234 deletions(-) delete mode 100644 jsonnet/kube-prometheus/addons/image.libsonnet diff --git a/example.jsonnet b/example.jsonnet index ca5028c8..2568be96 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -25,11 +25,11 @@ local kp = { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + -{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + -{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + -{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + -{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } diff --git a/examples/additional-namespaces-servicemonitor.jsonnet b/examples/additional-namespaces-servicemonitor.jsonnet index 0f3add96..6cfe37db 100644 --- a/examples/additional-namespaces-servicemonitor.jsonnet +++ b/examples/additional-namespaces-servicemonitor.jsonnet @@ -1,11 +1,13 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, prometheus+:: { namespaces+: ['my-namespace', 'my-second-namespace'], }, }, - prometheus+:: { + prometheus+: { serviceMonitorMyNamespace: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', diff --git a/examples/additional-namespaces.jsonnet b/examples/additional-namespaces.jsonnet index 957fd912..85cae475 100644 --- a/examples/additional-namespaces.jsonnet +++ b/examples/additional-namespaces.jsonnet @@ -1,6 +1,8 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, prometheus+:: { namespaces+: ['my-namespace', 'my-second-namespace'], diff --git a/examples/alertmanager-config-external.jsonnet b/examples/alertmanager-config-external.jsonnet index c2b34cca..5d96d23d 100644 --- a/examples/alertmanager-config-external.jsonnet +++ b/examples/alertmanager-config-external.jsonnet @@ -1,4 +1,4 @@ -((import 'kube-prometheus/kube-prometheus.libsonnet') + { +((import 'kube-prometheus/main.libsonnet') + { _config+:: { alertmanager+: { config: importstr 'alertmanager-config.yaml', diff --git a/examples/alertmanager-config.jsonnet b/examples/alertmanager-config.jsonnet index f08dbe19..9702711a 100644 --- a/examples/alertmanager-config.jsonnet +++ b/examples/alertmanager-config.jsonnet @@ -1,5 +1,5 @@ -((import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { +((import 'kube-prometheus/main.libsonnet') + { + values+:: { alertmanager+: { config: ||| global: diff --git a/examples/all-namespaces.jsonnet b/examples/all-namespaces.jsonnet index 7c5d149f..52534766 100644 --- a/examples/all-namespaces.jsonnet +++ b/examples/all-namespaces.jsonnet @@ -1,9 +1,10 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-all-namespaces.libsonnet') + { - _config+:: { - namespace: 'monitoring', - - prometheus+:: { +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/all-namespaces.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, + prometheus+: { namespaces: [], }, }, diff --git a/examples/continuous-delivery/argocd/kube-prometheus/argocd-basic.jsonnet b/examples/continuous-delivery/argocd/kube-prometheus/argocd-basic.jsonnet index 8600d818..94089e0c 100644 --- a/examples/continuous-delivery/argocd/kube-prometheus/argocd-basic.jsonnet +++ b/examples/continuous-delivery/argocd/kube-prometheus/argocd-basic.jsonnet @@ -1,7 +1,8 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; diff --git a/examples/eks-cni-example.jsonnet b/examples/eks-cni-example.jsonnet index dcebf6dd..77fa5d0b 100644 --- a/examples/eks-cni-example.jsonnet +++ b/examples/eks-cni-example.jsonnet @@ -1,20 +1,26 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-eks.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/platforms/eks.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusRules+:: { - groups+: [ - { - name: 'example-group', - rules: [ + prometheus+: { + prometheusRuleEksCNI+: { + spec+: { + groups+: [ { - record: 'aws_eks_available_ip', - expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10', + name: 'example-group', + rules: [ + { + record: 'aws_eks_available_ip', + expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10', + }, + ], }, ], }, - ], + }, }, }; diff --git a/examples/etcd-skip-verify.jsonnet b/examples/etcd-skip-verify.jsonnet index 603ba710..9982fa16 100644 --- a/examples/etcd-skip-verify.jsonnet +++ b/examples/etcd-skip-verify.jsonnet @@ -1,8 +1,9 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + { - _config+:: { - namespace: 'monitoring', - +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/static-etcd.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, etcd+:: { ips: ['127.0.0.1'], clientCA: importstr 'etcd-client-ca.crt', diff --git a/examples/etcd.jsonnet b/examples/etcd.jsonnet index 03d390cd..e494b6ad 100644 --- a/examples/etcd.jsonnet +++ b/examples/etcd.jsonnet @@ -1,7 +1,9 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/static-etcd.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, // Reference info: https://github.com/coreos/kube-prometheus/blob/master/README.md#static-etcd-configuration etcd+:: { diff --git a/examples/grafana-additional-jsonnet-dashboard-example.jsonnet b/examples/grafana-additional-jsonnet-dashboard-example.jsonnet index b9b26fca..fcfdd1fb 100644 --- a/examples/grafana-additional-jsonnet-dashboard-example.jsonnet +++ b/examples/grafana-additional-jsonnet-dashboard-example.jsonnet @@ -5,7 +5,7 @@ local prometheus = grafana.prometheus; local template = grafana.template; local graphPanel = grafana.graphPanel; -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', }, diff --git a/examples/grafana-additional-rendered-dashboard-example-2.jsonnet b/examples/grafana-additional-rendered-dashboard-example-2.jsonnet index 7d0926e9..e18c6242 100644 --- a/examples/grafana-additional-rendered-dashboard-example-2.jsonnet +++ b/examples/grafana-additional-rendered-dashboard-example-2.jsonnet @@ -1,4 +1,4 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', }, diff --git a/examples/grafana-additional-rendered-dashboard-example.jsonnet b/examples/grafana-additional-rendered-dashboard-example.jsonnet index 883c6097..6c5bb048 100644 --- a/examples/grafana-additional-rendered-dashboard-example.jsonnet +++ b/examples/grafana-additional-rendered-dashboard-example.jsonnet @@ -1,4 +1,4 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', }, diff --git a/examples/ingress.jsonnet b/examples/ingress.jsonnet index 023af577..a2e26cd7 100644 --- a/examples/ingress.jsonnet +++ b/examples/ingress.jsonnet @@ -14,10 +14,12 @@ local ingress(name, namespace, rules) = { }; local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, grafana+:: { config+: { sections+: { @@ -47,7 +49,7 @@ local kp = ingress+:: { 'alertmanager-main': ingress( 'alertmanager-main', - $._config.namespace, + $.values.common.namespace, [{ host: 'alertmanager.example.com', http: { @@ -64,7 +66,7 @@ local kp = ), grafana: ingress( 'grafana', - $._config.namespace, + $.values.common.namespace, [{ host: 'grafana.example.com', http: { @@ -81,7 +83,7 @@ local kp = ), 'prometheus-k8s': ingress( 'prometheus-k8s', - $._config.namespace, + $.values.common.namespace, [{ host: 'prometheus.example.com', http: { @@ -105,7 +107,7 @@ local kp = kind: 'Secret', metadata: { name: 'basic-auth', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, data: { auth: std.base64(importstr 'auth') }, type: 'Opaque', diff --git a/examples/internal-registry.jsonnet b/examples/internal-registry.jsonnet index f1d1e8ac..fc470de6 100644 --- a/examples/internal-registry.jsonnet +++ b/examples/internal-registry.jsonnet @@ -1,7 +1,9 @@ -local mixin = import 'kube-prometheus/kube-prometheus-config-mixins.libsonnet'; -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet'; +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, } + mixin.withImageRepository('internal-registry.com/organization'); diff --git a/examples/ksonnet-example.jsonnet b/examples/ksonnet-example.jsonnet index eadd2cb7..36640ab4 100644 --- a/examples/ksonnet-example.jsonnet +++ b/examples/ksonnet-example.jsonnet @@ -1,4 +1,4 @@ -((import 'kube-prometheus/kube-prometheus.libsonnet') + { +((import 'kube-prometheus/main.libsonnet') + { nodeExporter+: { daemonset+: { metadata+: { diff --git a/examples/minikube.jsonnet b/examples/minikube.jsonnet index 3073612a..dd2f77b4 100644 --- a/examples/minikube.jsonnet +++ b/examples/minikube.jsonnet @@ -1,11 +1,13 @@ local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/platforms/kubeadm.libsonnet') + // Note that NodePort type services is likely not a good idea for your production use case, it is only used for demonstration purposes here. - (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') + + (import 'kube-prometheus/addons/node-ports.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, alertmanager+:: { config: importstr 'alertmanager-config.yaml', }, @@ -22,7 +24,7 @@ local kp = // For simplicity, each of the following values for 'externalUrl': // * assume that `minikube ip` prints "192.168.99.100" // * hard-code the NodePort for each app - prometheus+:: { + prometheus+: { prometheus+: { // Reference info: https://coreos.com/operators/prometheus/docs/latest/api.html#prometheusspec spec+: { diff --git a/examples/prometheus-additional-alert-rule-example.jsonnet b/examples/prometheus-additional-alert-rule-example.jsonnet index 6e63382e..63ec2ea7 100644 --- a/examples/prometheus-additional-alert-rule-example.jsonnet +++ b/examples/prometheus-additional-alert-rule-example.jsonnet @@ -1,25 +1,31 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusAlerts+:: { - groups+: [ - { - name: 'example-group', - rules: [ + prometheus+: { + prometheusRule+: { + spec+: { + groups+: [ { - alert: 'Watchdog', - expr: 'vector(1)', - labels: { - severity: 'none', - }, - annotations: { - description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.', - }, + name: 'example-group', + rules: [ + { + alert: 'Watchdog', + expr: 'vector(1)', + labels: { + severity: 'none', + }, + annotations: { + description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.', + }, + }, + ], }, ], }, - ], + }, }, }; diff --git a/examples/prometheus-additional-recording-rule-example.jsonnet b/examples/prometheus-additional-recording-rule-example.jsonnet index 132bd0db..c2abc4d3 100644 --- a/examples/prometheus-additional-recording-rule-example.jsonnet +++ b/examples/prometheus-additional-recording-rule-example.jsonnet @@ -1,19 +1,25 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusRules+:: { - groups+: [ - { - name: 'example-group', - rules: [ + prometheus+: { + prometheusRule+: { + spec+: { + groups+: [ { - record: 'some_recording_rule_name', - expr: 'vector(1)', + name: 'example-group', + rules: [ + { + record: 'some_recording_rule_name', + expr: 'vector(1)', + }, + ], }, ], }, - ], + }, }, }; diff --git a/examples/prometheus-additional-rendered-rule-example.jsonnet b/examples/prometheus-additional-rendered-rule-example.jsonnet index b6d39a40..29676851 100644 --- a/examples/prometheus-additional-rendered-rule-example.jsonnet +++ b/examples/prometheus-additional-rendered-rule-example.jsonnet @@ -1,9 +1,15 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusAlerts+:: { - groups+: (import 'existingrule.json').groups, + prometheus+: { + prometheusRule+: { + spec+: { + groups+: (import 'existingrule.json').groups, + }, + }, }, }; diff --git a/examples/prometheus-name-override.jsonnet b/examples/prometheus-name-override.jsonnet index 86218012..b6c39060 100644 --- a/examples/prometheus-name-override.jsonnet +++ b/examples/prometheus-name-override.jsonnet @@ -1,4 +1,4 @@ -((import 'kube-prometheus/kube-prometheus.libsonnet') + { +((import 'kube-prometheus/main.libsonnet') + { prometheus+: { prometheus+: { metadata+: { diff --git a/examples/prometheus-pvc.jsonnet b/examples/prometheus-pvc.jsonnet index e753499e..ee0f5c24 100644 --- a/examples/prometheus-pvc.jsonnet +++ b/examples/prometheus-pvc.jsonnet @@ -1,14 +1,16 @@ local kp = - (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/main.libsonnet') + // Uncomment the following imports to enable its patches - // (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-managed-cluster.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-node-ports.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + - // (import 'kube-prometheus/kube-prometheus-thanos-sidecar.libsonnet') + + // (import 'kube-prometheus/addons/anti-affinity.libsonnet') + + // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + + // (import 'kube-prometheus/addons/node-ports.libsonnet') + + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + + // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + { - _config+:: { - namespace: 'monitoring', + values+:: { + common+: { + namespace: 'monitoring', + }, }, prometheus+:: { diff --git a/examples/strip-limits.jsonnet b/examples/strip-limits.jsonnet index 69912b64..fc43e286 100644 --- a/examples/strip-limits.jsonnet +++ b/examples/strip-limits.jsonnet @@ -1,7 +1,9 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-strip-limits.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/strip-limits.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; diff --git a/examples/tolerations.libsonnet b/examples/tolerations.libsonnet index 35776f39..f244cebf 100644 --- a/examples/tolerations.libsonnet +++ b/examples/tolerations.libsonnet @@ -1,23 +1,19 @@ { - _config+:: { - tolerations+:: [ - { - key: 'key1', - operator: 'Equal', - value: 'value1', - effect: 'NoSchedule', - }, - { - key: 'key2', - operator: 'Exists', - }, - ], - }, - prometheus+: { prometheus+: { spec+: { - tolerations: [t for t in $._config.tolerations], + tolerations: [ + { + key: 'key1', + operator: 'Equal', + value: 'value1', + effect: 'NoSchedule', + }, + { + key: 'key2', + operator: 'Exists', + }, + ], }, }, }, diff --git a/examples/weave-net-example.jsonnet b/examples/weave-net-example.jsonnet index c6cc733c..9d708761 100644 --- a/examples/weave-net-example.jsonnet +++ b/examples/weave-net-example.jsonnet @@ -1,33 +1,39 @@ -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-weave-net.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/weave-net.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusAlerts+:: { - groups: std.map( - function(group) - if group.name == 'weave-net' then - group { - rules: std.map( - function(rule) - if rule.alert == 'WeaveNetFastDPFlowsLow' then - rule { - expr: 'sum(weave_flows) < 20000', - } - else if rule.alert == 'WeaveNetIPAMUnreachable' then - rule { - expr: 'weave_ipam_unreachable_percentage > 25', - } - else - rule - , - group.rules - ), - } - else - group, - super.groups - ), + prometheus+: { + prometheusRule+: { + spec+: { + groups: std.map( + function(group) + if group.name == 'weave-net' then + group { + rules: std.map( + function(rule) + if rule.alert == 'WeaveNetFastDPFlowsLow' then + rule { + expr: 'sum(weave_flows) < 20000', + } + else if rule.alert == 'WeaveNetIPAMUnreachable' then + rule { + expr: 'weave_ipam_unreachable_percentage > 25', + } + else + rule + , + group.rules + ), + } + else + group, + super.groups + ), + }, + }, }, }; diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index 63582362..014f32a9 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -25,14 +25,14 @@ alertmanager+:: { alertmanager+: { spec+: - antiaffinity('alertmanager', [$._config.alertmanager.name], $._config.namespace), + antiaffinity('alertmanager', [$.values.alertmanager.name], $.values.common.namespace), }, }, prometheus+:: { prometheus+: { spec+: - antiaffinity('prometheus', [$._config.prometheus.name], $._config.namespace), + antiaffinity('prometheus', [$.values.prometheus.name], $.values.common.namespace), }, }, } diff --git a/jsonnet/kube-prometheus/addons/config-mixins.libsonnet b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet index 5798e71d..ff8fd297 100644 --- a/jsonnet/kube-prometheus/addons/config-mixins.libsonnet +++ b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet @@ -1,4 +1,4 @@ -local l = import 'image.libsonnet'; +local l = import 'lib/lib.libsonnet'; // withImageRepository is a mixin that replaces all images prefixes by repository. eg. // quay.io/coreos/addon-resizer -> $repository/addon-resizer diff --git a/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet b/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet index d98b133f..55e03bd7 100644 --- a/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet +++ b/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet @@ -2,9 +2,9 @@ // For more details on usage visit https://github.com/DirectXMan12/k8s-prometheus-adapter#quick-links { - _config+:: { - prometheusAdapter+:: { - namespace: $._config.namespace, + values+:: { + prometheusAdapter+: { + namespace: $.values.common.namespace, // Rules for custom-metrics config+:: { rules+: [ @@ -88,7 +88,7 @@ spec: { service: { name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }, group: 'custom.metrics.k8s.io', version: 'v1beta1', @@ -106,7 +106,7 @@ spec: { service: { name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }, group: 'custom.metrics.k8s.io', version: 'v1beta2', @@ -141,7 +141,7 @@ subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }], }, customMetricsClusterRoleBindingHPA: { diff --git a/jsonnet/kube-prometheus/addons/external-metrics.libsonnet b/jsonnet/kube-prometheus/addons/external-metrics.libsonnet index abe35b0c..928d29e7 100644 --- a/jsonnet/kube-prometheus/addons/external-metrics.libsonnet +++ b/jsonnet/kube-prometheus/addons/external-metrics.libsonnet @@ -2,9 +2,9 @@ // For more details on usage visit https://github.com/DirectXMan12/k8s-prometheus-adapter#quick-links { - _config+:: { - prometheusAdapter+:: { - namespace: $._config.namespace, + values+:: { + prometheusAdapter+: { + namespace: $.values.common.namespace, // Rules for external-metrics config+:: { externalRules+: [ @@ -24,7 +24,7 @@ }, }, - prometheusAdapter+:: { + prometheusAdapter+: { externalMetricsApiService: { apiVersion: 'apiregistration.k8s.io/v1', kind: 'APIService', @@ -34,7 +34,7 @@ spec: { service: { name: $.prometheusAdapter.service.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }, group: 'external.metrics.k8s.io', version: 'v1beta1', @@ -70,7 +70,7 @@ subjects: [{ kind: 'ServiceAccount', name: $.prometheusAdapter.serviceAccount.metadata.name, - namespace: $._config.prometheusAdapter.namespace, + namespace: $.values.prometheusAdapter.namespace, }], }, externalMetricsClusterRoleBindingHPA: { diff --git a/jsonnet/kube-prometheus/addons/image.libsonnet b/jsonnet/kube-prometheus/addons/image.libsonnet deleted file mode 100644 index 723d1b38..00000000 --- a/jsonnet/kube-prometheus/addons/image.libsonnet +++ /dev/null @@ -1,21 +0,0 @@ -// imageName extracts the image name from a fully qualified image string. eg. -// quay.io/coreos/addon-resizer -> addon-resizer -// grafana/grafana -> grafana -local imageName(image) = - local parts = std.split(image, '/'); - local len = std.length(parts); - if len == 3 then - // registry.com/org/image - parts[2] - else if len == 2 then - // org/image - parts[1] - else if len == 1 then - // image, ie. busybox - parts[0] - else - error 'unknown image format: ' + image; - -{ - imageName:: imageName, -} diff --git a/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet b/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet index 73d0b9d7..ab6f2943 100644 --- a/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet +++ b/jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet @@ -1,5 +1,5 @@ { - prometheus+:: { + prometheus+: { serviceMonitorKubelet+: { spec+: { diff --git a/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet b/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet index 88154ac1..98755169 100644 --- a/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet +++ b/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet @@ -1,5 +1,5 @@ { - _config+:: { + values+:: { versions+:: { clusterVerticalAutoscaler: '0.8.1' }, imageRepos+:: { clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64' }, @@ -29,7 +29,7 @@ kind: 'ClusterRole', name: 'ksm-autoscaler', }, - subjects: [{ kind: 'ServiceAccount', name: 'ksm-autoscaler', namespace: $._config.namespace }], + subjects: [{ kind: 'ServiceAccount', name: 'ksm-autoscaler', namespace: $.values.common.namespace }], }, roleBinding: { @@ -37,7 +37,7 @@ kind: 'RoleBinding', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -52,7 +52,7 @@ kind: 'Role', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, rules: [ { @@ -75,7 +75,7 @@ kind: 'ServiceAccount', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, }, @@ -83,14 +83,14 @@ local podLabels = { app: 'ksm-autoscaler' }; local c = { name: 'ksm-autoscaler', - image: $._config.imageRepos.clusterVerticalAutoscaler + ':v' + $._config.versions.clusterVerticalAutoscaler, + image: $.values.imageRepos.clusterVerticalAutoscaler + ':v' + $.values.versions.clusterVerticalAutoscaler, args: [ '/cpvpa', '--target=deployment/kube-state-metrics', - '--namespace=' + $._config.namespace, + '--namespace=' + $.values.common.namespace, '--logtostderr=true', '--poll-period-seconds=10', - '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $._config.kubeStateMetrics.baseCPU + '","step":"' + $._config.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $._config.kubeStateMetrics.baseMemory + '","step":"' + $._config.kubeStateMetrics.stepMemory + '","nodesPerStep":1}}}}', + '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $.values.kubeStateMetrics.baseCPU + '","step":"' + $.values.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $.values.kubeStateMetrics.baseMemory + '","step":"' + $.values.kubeStateMetrics.stepMemory + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $.values.kubeStateMetrics.baseCPU + '","step":"' + $.values.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $.values.kubeStateMetrics.baseMemory + '","step":"' + $.values.kubeStateMetrics.stepMemory + '","nodesPerStep":1}}}}', ], resources: { requests: { cpu: '20m', memory: '10Mi' }, @@ -102,7 +102,7 @@ kind: 'Deployment', metadata: { name: 'ksm-autoscaler', - namespace: $._config.namespace, + namespace: $.values.common.namespace, labels: podLabels, }, spec: { diff --git a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet index 8e09330c..5b37c56e 100644 --- a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet +++ b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -2,7 +2,7 @@ // Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'main.libsonnet' defaults { - _config+:: { + values+:: { // This snippet walks the original object (super.jobs, set as temp var j) and creates a replacement jobs object // excluding any members of the set specified (eg: controller and scheduler). local j = super.jobs, @@ -13,7 +13,7 @@ }, // Skip alerting rules too - prometheus+:: { + prometheus+: { rules+:: { local g = super.groups, groups: [ diff --git a/jsonnet/kube-prometheus/addons/static-etcd.libsonnet b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet index e4c3a14d..d029d6c1 100644 --- a/jsonnet/kube-prometheus/addons/static-etcd.libsonnet +++ b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet @@ -1,5 +1,5 @@ (import 'github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet') + { - _config+:: { + values+:: { etcd: { ips: [], clientCA: null, @@ -36,7 +36,7 @@ subsets: [{ addresses: [ { ip: etcdIP } - for etcdIP in $._config.etcd.ips + for etcdIP in $.values.etcd.ips ], ports: [ { name: 'metrics', port: 2379, protocol: 'TCP' }, @@ -65,8 +65,8 @@ caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt', keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key', certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt', - [if $._config.etcd.serverName != null then 'serverName']: $._config.etcd.serverName, - [if $._config.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $._config.etcd.insecureSkipVerify, + [if $.values.etcd.serverName != null then 'serverName']: $.values.etcd.serverName, + [if $.values.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $.values.etcd.insecureSkipVerify, }, }, ], @@ -84,12 +84,12 @@ type: 'Opaque', metadata: { name: 'kube-etcd-client-certs', - namespace: $._config.namespace, + namespace: $.values.common.namespace, }, data: { - 'etcd-client-ca.crt': std.base64($._config.etcd.clientCA), - 'etcd-client.key': std.base64($._config.etcd.clientKey), - 'etcd-client.crt': std.base64($._config.etcd.clientCert), + 'etcd-client-ca.crt': std.base64($.values.etcd.clientCA), + 'etcd-client.key': std.base64($.values.etcd.clientKey), + 'etcd-client.crt': std.base64($.values.etcd.clientCert), }, }, prometheus+: { diff --git a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet index 01620d4a..9a195e9d 100644 --- a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet +++ b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet @@ -1,6 +1,6 @@ (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { - _config+:: { + values+:: { versions+:: { thanos: 'v0.14.0' }, imageRepos+:: { thanos: 'quay.io/thanos/thanos' }, thanos+:: { @@ -10,7 +10,7 @@ }, }, }, - prometheus+:: { + prometheus+: { local p = self, // Add the grpc port to the Prometheus service to be able to query it with the Thanos Querier diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index 3f6ab80d..c72e5c8b 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -1,5 +1,5 @@ { - _config+:: { + values+:: { eks: { minimumAvailableIPs: 10, minimumAvailableIPsTime: '10m', @@ -39,7 +39,7 @@ kind: 'ServiceMonitor', metadata: { name: 'awsekscni', - namespace: $._config.namespace, + namespace: $.values.common.namespace, labels: { 'app.kubernetes.io/name': 'eks-cni', }, @@ -65,25 +65,34 @@ ], }, }, - }, - prometheusRules+: { - groups+: [ - { - name: 'kube-prometheus-eks.rules', - rules: [ + prometheusRuleEksCNI: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: $.prometheus.config.commonLabels + $.prometheus.config.mixin.ruleLabels, + name: 'eks-rules', + namespace: $.prometheus.config.namespace, + }, + spec: { + groups: [ { - expr: 'sum by(instance) (awscni_ip_max) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $._config.eks.minimumAvailableIPs, - labels: { - severity: 'critical', - }, - annotations: { - message: 'Instance {{ $labels.instance }} has less than 10 IPs available.', - }, - 'for': $._config.eks.minimumAvailableIPsTime, - alert: 'EksAvailableIPs', + name: 'kube-prometheus-eks.rules', + rules: [ + { + expr: 'sum by(instance) (awscni_ip_max) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.eks.minimumAvailableIPs, + labels: { + severity: 'critical', + }, + annotations: { + message: 'Instance {{ $labels.instance }} has less than 10 IPs available.', + }, + 'for': $.values.eks.minimumAvailableIPsTime, + alert: 'EksAvailableIPs', + }, + ], }, ], }, - ], + }, }, } From 625ab137fae7a6fc641c18fb3aa9a7128a632414 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 13:56:26 +0100 Subject: [PATCH 111/388] regenerate --- README.md | 71 +++++++------ docs/EKS-cni-support.md | 30 +++--- ...prometheus-rules-and-grafana-dashboards.md | 100 +++++++++++------- docs/weave-net-support.md | 64 ++++++----- 4 files changed, 152 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index c6c71da0..49fc3077 100644 --- a/README.md +++ b/README.md @@ -233,14 +233,14 @@ local kp = { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + -{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + -{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + -{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + -{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } ``` And here's the [build.sh](build.sh) script (which uses `vendor/` to render all manifests in a json structure of `{filename: manifest-content}`): @@ -483,10 +483,12 @@ Then to generate manifests with `internal-registry.com/organization`, use the `w [embedmd]:# (examples/internal-registry.jsonnet) ```jsonnet -local mixin = import 'kube-prometheus/kube-prometheus-config-mixins.libsonnet'; -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet'; +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, } + mixin.withImageRepository('internal-registry.com/organization'); @@ -515,7 +517,7 @@ To give another customization example, the name of the `Prometheus` object provi [embedmd]:# (examples/prometheus-name-override.jsonnet) ```jsonnet -((import 'kube-prometheus/kube-prometheus.libsonnet') + { +((import 'kube-prometheus/main.libsonnet') + { prometheus+: { prometheus+: { metadata+: { @@ -532,7 +534,7 @@ Standard Kubernetes manifests are all written using [ksonnet-lib](https://github [embedmd]:# (examples/ksonnet-example.jsonnet) ```jsonnet -((import 'kube-prometheus/kube-prometheus.libsonnet') + { +((import 'kube-prometheus/main.libsonnet') + { nodeExporter+: { daemonset+: { metadata+: { @@ -549,8 +551,8 @@ The Alertmanager configuration is located in the `_config.alertmanager.config` c [embedmd]:# (examples/alertmanager-config.jsonnet) ```jsonnet -((import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { +((import 'kube-prometheus/main.libsonnet') + { + values+:: { alertmanager+: { config: ||| global: @@ -577,7 +579,7 @@ In the above example the configuration has been inlined, but can just as well be [embedmd]:# (examples/alertmanager-config-external.jsonnet) ```jsonnet -((import 'kube-prometheus/kube-prometheus.libsonnet') + { +((import 'kube-prometheus/main.libsonnet') + { _config+:: { alertmanager+: { config: importstr 'alertmanager-config.yaml', @@ -592,9 +594,11 @@ In order to monitor additional namespaces, the Prometheus server requires the ap [embedmd]:# (examples/additional-namespaces.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, prometheus+:: { namespaces+: ['my-namespace', 'my-second-namespace'], @@ -621,14 +625,16 @@ You can define ServiceMonitor resources in your `jsonnet` spec. See the snippet [embedmd]:# (examples/additional-namespaces-servicemonitor.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, prometheus+:: { namespaces+: ['my-namespace', 'my-second-namespace'], }, }, - prometheus+:: { + prometheus+: { serviceMonitorMyNamespace: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', @@ -671,12 +677,13 @@ In case you want to monitor all namespaces in a cluster, you can add the followi [embedmd]:# (examples/all-namespaces.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-all-namespaces.libsonnet') + { - _config+:: { - namespace: 'monitoring', - - prometheus+:: { +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/all-namespaces.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, + prometheus+: { namespaces: [], }, }, @@ -718,10 +725,12 @@ To do that, one can import the following mixin [embedmd]:# (examples/strip-limits.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-strip-limits.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/strip-limits.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, }; diff --git a/docs/EKS-cni-support.md b/docs/EKS-cni-support.md index fb559d78..90bef138 100644 --- a/docs/EKS-cni-support.md +++ b/docs/EKS-cni-support.md @@ -7,23 +7,29 @@ One fatal issue that can occur is that you run out of IP addresses in your eks c You can monitor the `awscni` using kube-promethus with : [embedmd]:# (../examples/eks-cni-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-eks.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/platforms/eks.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusRules+:: { - groups+: [ - { - name: 'example-group', - rules: [ + prometheus+: { + prometheusRuleEksCNI+: { + spec+: { + groups+: [ { - record: 'aws_eks_available_ip', - expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10', + name: 'example-group', + rules: [ + { + record: 'aws_eks_available_ip', + expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10', + }, + ], }, ], }, - ], + }, }, }; diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 6ea703c6..514fd03e 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -37,14 +37,14 @@ local kp = { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + -{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + -{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + -{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + -{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } ``` ## Prometheus rules @@ -59,28 +59,34 @@ The format is exactly the Prometheus format, so there should be no changes neces [embedmd]:# (../examples/prometheus-additional-alert-rule-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusAlerts+:: { - groups+: [ - { - name: 'example-group', - rules: [ + prometheus+: { + prometheusRule+: { + spec+: { + groups+: [ { - alert: 'Watchdog', - expr: 'vector(1)', - labels: { - severity: 'none', - }, - annotations: { - description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.', - }, + name: 'example-group', + rules: [ + { + alert: 'Watchdog', + expr: 'vector(1)', + labels: { + severity: 'none', + }, + annotations: { + description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.', + }, + }, + ], }, ], }, - ], + }, }, }; @@ -102,22 +108,28 @@ In order to add a recording rule, simply do the same with the `prometheusRules` [embedmd]:# (../examples/prometheus-additional-recording-rule-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusRules+:: { - groups+: [ - { - name: 'example-group', - rules: [ + prometheus+: { + prometheusRule+: { + spec+: { + groups+: [ { - record: 'some_recording_rule_name', - expr: 'vector(1)', + name: 'example-group', + rules: [ + { + record: 'some_recording_rule_name', + expr: 'vector(1)', + }, + ], }, ], }, - ], + }, }, }; @@ -149,12 +161,18 @@ Then import it in jsonnet: [embedmd]:# (../examples/prometheus-additional-rendered-rule-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusAlerts+:: { - groups+: (import 'existingrule.json').groups, + prometheus+: { + prometheusRule+: { + spec+: { + groups+: (import 'existingrule.json').groups, + }, + }, }, }; @@ -255,7 +273,7 @@ local prometheus = grafana.prometheus; local template = grafana.template; local graphPanel = grafana.graphPanel; -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', }, @@ -303,7 +321,7 @@ As jsonnet is a superset of json, the jsonnet `import` function can be used to i [embedmd]:# (../examples/grafana-additional-rendered-dashboard-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', }, @@ -329,7 +347,7 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { In case you have lots of json dashboard exported out from grafana UI the above approach is going to take lots of time to improve performance we can use `rawDashboards` field and provide it's value as json string by using `importstr` [embedmd]:# (../examples/grafana-additional-rendered-dashboard-example-2.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', }, diff --git a/docs/weave-net-support.md b/docs/weave-net-support.md index 9924434a..0ef65680 100644 --- a/docs/weave-net-support.md +++ b/docs/weave-net-support.md @@ -17,36 +17,42 @@ Using kube-prometheus and kubectl you will be able install the following for mon [embedmd]:# (../examples/weave-net-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + - (import 'kube-prometheus/kube-prometheus-weave-net.libsonnet') + { - _config+:: { - namespace: 'monitoring', +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/weave-net.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, }, - prometheusAlerts+:: { - groups: std.map( - function(group) - if group.name == 'weave-net' then - group { - rules: std.map( - function(rule) - if rule.alert == 'WeaveNetFastDPFlowsLow' then - rule { - expr: 'sum(weave_flows) < 20000', - } - else if rule.alert == 'WeaveNetIPAMUnreachable' then - rule { - expr: 'weave_ipam_unreachable_percentage > 25', - } - else - rule - , - group.rules - ), - } - else - group, - super.groups - ), + prometheus+: { + prometheusRule+: { + spec+: { + groups: std.map( + function(group) + if group.name == 'weave-net' then + group { + rules: std.map( + function(rule) + if rule.alert == 'WeaveNetFastDPFlowsLow' then + rule { + expr: 'sum(weave_flows) < 20000', + } + else if rule.alert == 'WeaveNetIPAMUnreachable' then + rule { + expr: 'weave_ipam_unreachable_percentage > 25', + } + else + rule + , + group.rules + ), + } + else + group, + super.groups + ), + }, + }, }, }; From 4f9d464087db1822af7e586f4cffdd327e811095 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 15:44:56 +0100 Subject: [PATCH 112/388] examples,jsonnet: fix weave-net --- examples/weave-net-example.jsonnet | 4 +- .../addons/weave-net.libsonnet | 196 ------------------ .../addons/weave-net/alerts.libsonnet | 134 ++++++++++++ .../grafana-weave-net-cluster.json | 0 .../{ => weave-net}/grafana-weave-net.json | 0 .../addons/weave-net/weave-net.libsonnet | 73 +++++++ 6 files changed, 209 insertions(+), 198 deletions(-) delete mode 100644 jsonnet/kube-prometheus/addons/weave-net.libsonnet create mode 100644 jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet rename jsonnet/kube-prometheus/addons/{ => weave-net}/grafana-weave-net-cluster.json (100%) rename jsonnet/kube-prometheus/addons/{ => weave-net}/grafana-weave-net.json (100%) create mode 100644 jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet diff --git a/examples/weave-net-example.jsonnet b/examples/weave-net-example.jsonnet index 9d708761..a7eca242 100644 --- a/examples/weave-net-example.jsonnet +++ b/examples/weave-net-example.jsonnet @@ -1,12 +1,12 @@ local kp = (import 'kube-prometheus/main.libsonnet') + - (import 'kube-prometheus/addons/weave-net.libsonnet') + { + (import 'kube-prometheus/addons/weave-net/weave-net.libsonnet') + { values+:: { common+: { namespace: 'monitoring', }, }, prometheus+: { - prometheusRule+: { + prometheusRuleWeaveNet+: { spec+: { groups: std.map( function(group) diff --git a/jsonnet/kube-prometheus/addons/weave-net.libsonnet b/jsonnet/kube-prometheus/addons/weave-net.libsonnet deleted file mode 100644 index 0755e60c..00000000 --- a/jsonnet/kube-prometheus/addons/weave-net.libsonnet +++ /dev/null @@ -1,196 +0,0 @@ -{ - prometheus+: { - serviceWeaveNet: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'weave-net', - namespace: 'kube-system', - labels: { 'app.kubernetes.io/name': 'weave-net' }, - }, - spec: { - ports: [ - { name: 'weave-net-metrics', targetPort: 6782, port: 6782 }, - ], - selector: { name: 'weave-net' }, - clusterIP: 'None', - }, - }, - serviceMonitorWeaveNet: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'weave-net', - labels: { - 'app.kubernetes.io/name': 'weave-net', - }, - namespace: 'monitoring', - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - endpoints: [ - { - port: 'weave-net-metrics', - path: '/metrics', - interval: '15s', - }, - ], - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - selector: { - matchLabels: { - 'app.kubernetes.io/name': 'weave-net', - }, - }, - }, - }, - }, - prometheusRules+: { - groups+: [ - { - name: 'weave-net', - rules: [ - { - alert: 'WeaveNetIPAMSplitBrain', - expr: 'max(weave_ipam_unreachable_percentage) - min(weave_ipam_unreachable_percentage) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Percentage of all IP addresses owned by unreachable peers is not same for every node.', - description: 'actionable: Weave Net network has a split brain problem. Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetIPAMUnreachable', - expr: 'weave_ipam_unreachable_percentage > 25', - 'for': '10m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Percentage of all IP addresses owned by unreachable peers is above threshold.', - description: 'actionable: Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetIPAMPendingAllocates', - expr: 'sum(weave_ipam_pending_allocates) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Number of pending allocates is above the threshold.', - description: 'actionable: Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetIPAMPendingClaims', - expr: 'sum(weave_ipam_pending_claims) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Number of pending claims is above the threshold.', - description: 'actionable: Please find the problem and fix it.', - }, - }, - { - alert: 'WeaveNetFastDPFlowsLow', - expr: 'sum(weave_flows) < 15000', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'Number of FastDP flows is below the threshold.', - description: 'actionable: Please find the reason for FastDP flows to go below the threshold and fix it.', - }, - }, - { - alert: 'WeaveNetFastDPFlowsOff', - expr: 'sum(weave_flows == bool 0) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'FastDP flows is zero.', - description: 'actionable: Please find the reason for FastDP flows to be off and fix it.', - }, - }, - { - alert: 'WeaveNetHighConnectionTerminationRate', - expr: 'rate(weave_connection_terminations_total[5m]) > 0.1', - 'for': '5m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are getting terminated.', - description: 'actionable: Please find the reason for the high connection termination rate and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsConnecting', - expr: 'sum(weave_connections{state="connecting"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in connecting state.', - description: 'actionable: Please find the reason for this and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsRetying', - expr: 'sum(weave_connections{state="retrying"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in retrying state.', - description: 'actionable: Please find the reason for this and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsPending', - expr: 'sum(weave_connections{state="pending"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in pending state.', - description: 'actionable: Please find the reason for this and fix it.', - }, - }, - { - alert: 'WeaveNetConnectionsFailed', - expr: 'sum(weave_connections{state="failed"}) > 0', - 'for': '3m', - labels: { - severity: 'critical', - }, - annotations: { - summary: 'A lot of connections are in failed state.', - description: 'actionable: Please find the reason and fix it.', - }, - }, - ], - }, - ], - }, - grafanaDashboards+:: { - 'weave-net.json': (import './grafana-weave-net.json'), - 'weave-net-cluster.json': (import './grafana-weave-net-cluster.json'), - }, -} diff --git a/jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet b/jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet new file mode 100644 index 00000000..c0ca940a --- /dev/null +++ b/jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet @@ -0,0 +1,134 @@ +[ + { + alert: 'WeaveNetIPAMSplitBrain', + expr: 'max(weave_ipam_unreachable_percentage) - min(weave_ipam_unreachable_percentage) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Percentage of all IP addresses owned by unreachable peers is not same for every node.', + description: 'actionable: Weave Net network has a split brain problem. Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetIPAMUnreachable', + expr: 'weave_ipam_unreachable_percentage > 25', + 'for': '10m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Percentage of all IP addresses owned by unreachable peers is above threshold.', + description: 'actionable: Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetIPAMPendingAllocates', + expr: 'sum(weave_ipam_pending_allocates) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Number of pending allocates is above the threshold.', + description: 'actionable: Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetIPAMPendingClaims', + expr: 'sum(weave_ipam_pending_claims) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Number of pending claims is above the threshold.', + description: 'actionable: Please find the problem and fix it.', + }, + }, + { + alert: 'WeaveNetFastDPFlowsLow', + expr: 'sum(weave_flows) < 15000', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'Number of FastDP flows is below the threshold.', + description: 'actionable: Please find the reason for FastDP flows to go below the threshold and fix it.', + }, + }, + { + alert: 'WeaveNetFastDPFlowsOff', + expr: 'sum(weave_flows == bool 0) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'FastDP flows is zero.', + description: 'actionable: Please find the reason for FastDP flows to be off and fix it.', + }, + }, + { + alert: 'WeaveNetHighConnectionTerminationRate', + expr: 'rate(weave_connection_terminations_total[5m]) > 0.1', + 'for': '5m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are getting terminated.', + description: 'actionable: Please find the reason for the high connection termination rate and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsConnecting', + expr: 'sum(weave_connections{state="connecting"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in connecting state.', + description: 'actionable: Please find the reason for this and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsRetying', + expr: 'sum(weave_connections{state="retrying"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in retrying state.', + description: 'actionable: Please find the reason for this and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsPending', + expr: 'sum(weave_connections{state="pending"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in pending state.', + description: 'actionable: Please find the reason for this and fix it.', + }, + }, + { + alert: 'WeaveNetConnectionsFailed', + expr: 'sum(weave_connections{state="failed"}) > 0', + 'for': '3m', + labels: { + severity: 'critical', + }, + annotations: { + summary: 'A lot of connections are in failed state.', + description: 'actionable: Please find the reason and fix it.', + }, + }, +] diff --git a/jsonnet/kube-prometheus/addons/grafana-weave-net-cluster.json b/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json similarity index 100% rename from jsonnet/kube-prometheus/addons/grafana-weave-net-cluster.json rename to jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json diff --git a/jsonnet/kube-prometheus/addons/grafana-weave-net.json b/jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net.json similarity index 100% rename from jsonnet/kube-prometheus/addons/grafana-weave-net.json rename to jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net.json diff --git a/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet b/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet new file mode 100644 index 00000000..71596f45 --- /dev/null +++ b/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet @@ -0,0 +1,73 @@ +{ + prometheus+: { + local p = self, + serviceWeaveNet: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'weave-net', + namespace: 'kube-system', + labels: { 'app.kubernetes.io/name': 'weave-net' }, + }, + spec: { + ports: [ + { name: 'weave-net-metrics', targetPort: 6782, port: 6782 }, + ], + selector: { name: 'weave-net' }, + clusterIP: 'None', + }, + }, + serviceMonitorWeaveNet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'weave-net', + labels: { + 'app.kubernetes.io/name': 'weave-net', + }, + namespace: 'monitoring', + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [ + { + port: 'weave-net-metrics', + path: '/metrics', + interval: '15s', + }, + ], + namespaceSelector: { + matchNames: [ + 'kube-system', + ], + }, + selector: { + matchLabels: { + 'app.kubernetes.io/name': 'weave-net', + }, + }, + }, + }, + prometheusRuleWeaveNet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: p.config.mixin.ruleLabels, + name: 'weave-net-rules', + namespace: p.config.namespace, + }, + spec: { + groups: [{ + name: 'weave-net', + rules: (import './alerts.libsonnet'), + }], + }, + }, + mixin+:: { + grafanaDashboards+:: { + 'weave-net.json': (import './grafana-weave-net.json'), + 'weave-net-cluster.json': (import './grafana-weave-net-cluster.json'), + }, + }, + }, +} From fe81e7de5640dd202c2139945064fc9b65d23d8e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 15:45:18 +0100 Subject: [PATCH 113/388] jsonnet: fix thanos example --- .../addons/thanos-sidecar.libsonnet | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet index 9a195e9d..af6474d2 100644 --- a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet +++ b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet @@ -1,9 +1,9 @@ (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { values+:: { - versions+:: { thanos: 'v0.14.0' }, - imageRepos+:: { thanos: 'quay.io/thanos/thanos' }, thanos+:: { + version: '0.14.0', + image: 'quay.io/thanos/thanos:v0.14.0', objectStorageConfig: { key: 'thanos.yaml', // How the file inside the secret is called name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config @@ -26,9 +26,9 @@ apiVersion: 'v1', kind: 'Service', metadata: { - name: 'prometheus-' + p.name + '-thanos-sidecar', - namespace: p.namespace, - labels: { prometheus: p.name, app: 'thanos-sidecar' }, + name: 'prometheus-' + p.config.name + '-thanos-sidecar', + namespace: p.config.namespace, + labels: { prometheus: p.config.name, app: 'thanos-sidecar' }, }, spec: { ports: [ @@ -42,9 +42,9 @@ prometheus+: { spec+: { thanos+: { - version: $._config.versions.thanos, - image: $._config.imageRepos.thanos + ':' + $._config.versions.thanos, - objectStorageConfig: $._config.thanos.objectStorageConfig, + version: $.values.thanos.version, + image: $.values.thanos.image, + objectStorageConfig: $.values.thanos.objectStorageConfig, }, }, }, @@ -54,7 +54,7 @@ kind: 'ServiceMonitor', metadata: { name: 'thanos-sidecar', - namespace: p.namespace, + namespace: p.config.namespace, labels: { 'app.kubernetes.io/name': 'prometheus', }, @@ -64,7 +64,7 @@ jobLabel: 'app', selector: { matchLabels: { - prometheus: p.name, + prometheus: p.config.name, app: 'thanos-sidecar', }, }, From 4132da532c35089460dfa4c3ab99ec8be32040d6 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 15:46:00 +0100 Subject: [PATCH 114/388] jsonnet/addons: fix autoscaler --- .../addons/ksm-autoscaler.libsonnet | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet b/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet index 98755169..fa2caf0e 100644 --- a/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet +++ b/jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet @@ -1,14 +1,15 @@ { values+:: { - versions+:: { clusterVerticalAutoscaler: '0.8.1' }, - imageRepos+:: { clusterVerticalAutoscaler: 'gcr.io/google_containers/cpvpa-amd64' }, - - kubeStateMetrics+:: { + clusterVerticalAutoscaler: { + version: '0.8.1', + image: 'gcr.io/google_containers/cpvpa-amd64:v0.8.1', + baseCPU: '1m', stepCPU: '1m', + baseMemory: '1Mi', stepMemory: '2Mi', }, }, - ksmAutoscaler+:: { + ksmAutoscaler+: { clusterRole: { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', @@ -83,14 +84,21 @@ local podLabels = { app: 'ksm-autoscaler' }; local c = { name: 'ksm-autoscaler', - image: $.values.imageRepos.clusterVerticalAutoscaler + ':v' + $.values.versions.clusterVerticalAutoscaler, + image: $.values.clusterVerticalAutoscaler.image, args: [ '/cpvpa', '--target=deployment/kube-state-metrics', '--namespace=' + $.values.common.namespace, '--logtostderr=true', '--poll-period-seconds=10', - '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $.values.kubeStateMetrics.baseCPU + '","step":"' + $.values.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $.values.kubeStateMetrics.baseMemory + '","step":"' + $.values.kubeStateMetrics.stepMemory + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $.values.kubeStateMetrics.baseCPU + '","step":"' + $.values.kubeStateMetrics.stepCPU + '","nodesPerStep":1},"memory":{"base":"' + $.values.kubeStateMetrics.baseMemory + '","step":"' + $.values.kubeStateMetrics.stepMemory + '","nodesPerStep":1}}}}', + '--default-config={"kube-state-metrics":{"requests":{"cpu":{"base":"' + $.values.clusterVerticalAutoscaler.baseCPU + + '","step":"' + $.values.clusterVerticalAutoscaler.stepCPU + + '","nodesPerStep":1},"memory":{"base":"' + $.values.clusterVerticalAutoscaler.baseMemory + + '","step":"' + $.values.clusterVerticalAutoscaler.stepMemory + + '","nodesPerStep":1}},"limits":{"cpu":{"base":"' + $.values.clusterVerticalAutoscaler.baseCPU + + '","step":"' + $.values.clusterVerticalAutoscaler.stepCPU + + '","nodesPerStep":1},"memory":{"base":"' + $.values.clusterVerticalAutoscaler.baseMemory + + '","step":"' + $.values.clusterVerticalAutoscaler.stepMemory + '","nodesPerStep":1}}}}', ], resources: { requests: { cpu: '20m', memory: '10Mi' }, From 0424835b048744a4580e4c93a0215d563c0fab56 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 15:46:34 +0100 Subject: [PATCH 115/388] jsonnet/addons: update removal of resource limits for certain containers --- .../addons/strip-limits.libsonnet | 37 +++++++++++++------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/strip-limits.libsonnet b/jsonnet/kube-prometheus/addons/strip-limits.libsonnet index fbd40200..83c5f77b 100644 --- a/jsonnet/kube-prometheus/addons/strip-limits.libsonnet +++ b/jsonnet/kube-prometheus/addons/strip-limits.libsonnet @@ -1,19 +1,32 @@ // Strips spec.containers[].limits for certain containers // https://github.com/prometheus-operator/kube-prometheus/issues/72 + { - _config+:: { - resources+:: { - 'addon-resizer'+: { - limits: {}, + local noLimit(c) = + //if std.objectHas(c, 'resources') && c.name != 'kube-state-metrics' + if c.name != 'kube-state-metrics' + then c { resources+: { limits: {} } } + else c, + + nodeExporter+: { + daemonset+: { + spec+: { + template+: { + spec+: { + containers: std.map(noLimit, super.containers), + }, + }, }, - 'kube-rbac-proxy'+: { - limits: {}, - }, - 'kube-state-metrics'+: { - limits: {}, - }, - 'node-exporter'+: { - limits: {}, + }, + }, + kubeStateMetrics+: { + deployment+: { + spec+: { + template+: { + spec+: { + containers: std.map(noLimit, super.containers), + }, + }, }, }, }, From e2dbc637646a8eeb676b2fe44af2de8703875a55 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 19 Jan 2021 15:46:51 +0100 Subject: [PATCH 116/388] format and regenerate --- README.md | 4 ++-- docs/EKS-cni-support.md | 2 +- ...prometheus-rules-and-grafana-dashboards.md | 2 +- docs/weave-net-support.md | 4 ++-- .../addons/config-mixins.libsonnet | 20 ++++++++++++++++--- .../addons/custom-metrics.libsonnet | 2 +- .../addons/static-etcd.libsonnet | 2 +- 7 files changed, 25 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 49fc3077..361fa7f9 100644 --- a/README.md +++ b/README.md @@ -240,7 +240,7 @@ local kp = { ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } ``` And here's the [build.sh](build.sh) script (which uses `vendor/` to render all manifests in a json structure of `{filename: manifest-content}`): @@ -596,7 +596,7 @@ In order to monitor additional namespaces, the Prometheus server requires the ap ```jsonnet local kp = (import 'kube-prometheus/main.libsonnet') + { values+:: { - common+: { + common+: { namespace: 'monitoring', }, diff --git a/docs/EKS-cni-support.md b/docs/EKS-cni-support.md index 90bef138..4cb36bc9 100644 --- a/docs/EKS-cni-support.md +++ b/docs/EKS-cni-support.md @@ -10,7 +10,7 @@ You can monitor the `awscni` using kube-promethus with : local kp = (import 'kube-prometheus/main.libsonnet') + (import 'kube-prometheus/platforms/eks.libsonnet') + { values+:: { - common+: { + common+: { namespace: 'monitoring', }, }, diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 514fd03e..31babf72 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -44,7 +44,7 @@ local kp = { ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } ``` ## Prometheus rules diff --git a/docs/weave-net-support.md b/docs/weave-net-support.md index 0ef65680..8766bfc8 100644 --- a/docs/weave-net-support.md +++ b/docs/weave-net-support.md @@ -18,14 +18,14 @@ Using kube-prometheus and kubectl you will be able install the following for mon [embedmd]:# (../examples/weave-net-example.jsonnet) ```jsonnet local kp = (import 'kube-prometheus/main.libsonnet') + - (import 'kube-prometheus/addons/weave-net.libsonnet') + { + (import 'kube-prometheus/addons/weave-net/weave-net.libsonnet') + { values+:: { common+: { namespace: 'monitoring', }, }, prometheus+: { - prometheusRule+: { + prometheusRuleWeaveNet+: { spec+: { groups: std.map( function(group) diff --git a/jsonnet/kube-prometheus/addons/config-mixins.libsonnet b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet index ff8fd297..79f25044 100644 --- a/jsonnet/kube-prometheus/addons/config-mixins.libsonnet +++ b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet @@ -1,4 +1,18 @@ -local l = import 'lib/lib.libsonnet'; +local imageName(image) = + local parts = std.split(image, '/'); + local len = std.length(parts); + if len == 3 then + // registry.com/org/image + parts[2] + else if len == 2 then + // org/image + parts[1] + else if len == 1 then + // image, ie. busybox + parts[0] + else + error 'unknown image format: ' + image; + // withImageRepository is a mixin that replaces all images prefixes by repository. eg. // quay.io/coreos/addon-resizer -> $repository/addon-resizer @@ -6,8 +20,8 @@ local l = import 'lib/lib.libsonnet'; local withImageRepository(repository) = { local oldRepos = super._config.imageRepos, local substituteRepository(image, repository) = - if repository == null then image else repository + '/' + l.imageName(image), - _config+:: { + if repository == null then image else repository + '/' + imageName(image), + values+:: { imageRepos:: { [field]: substituteRepository(oldRepos[field], repository) for field in std.objectFields(oldRepos) diff --git a/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet b/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet index 55e03bd7..06e9c5a0 100644 --- a/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet +++ b/jsonnet/kube-prometheus/addons/custom-metrics.libsonnet @@ -78,7 +78,7 @@ }, }, - prometheusAdapter+:: { + prometheusAdapter+: { customMetricsApiService: { apiVersion: 'apiregistration.k8s.io/v1', kind: 'APIService', diff --git a/jsonnet/kube-prometheus/addons/static-etcd.libsonnet b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet index d029d6c1..d49bc633 100644 --- a/jsonnet/kube-prometheus/addons/static-etcd.libsonnet +++ b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet @@ -9,7 +9,7 @@ insecureSkipVerify: null, }, }, - prometheus+:: { + prometheus+: { serviceEtcd: { apiVersion: 'v1', kind: 'Service', From 6d8e56727cbb37d3f542e440b3afee874535f956 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 21 Jan 2021 10:32:55 +0100 Subject: [PATCH 117/388] jsonnet: update dependencies --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 34 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index e9484736..578be8e9 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -80,7 +80,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "release-2.23", + "version": "release-2.24", "name": "prometheus" }, { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 7efb4031..ec3c8607 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "7176a6d54b3b19e0529ce574ab5ed427f1c721e9", - "sum": "IrxVMYJrTbDliaVMXX72jUKm8Ju2Za8cAbds7d26wuY=" + "version": "4204279da8d3d6317116ee161ac706fadbba9193", + "sum": "VUavLhri7lTnJ2V7F9lDlL+K96NwIhqqlxMtasYBs3Q=" }, { "source": { @@ -18,7 +18,7 @@ "subdir": "Documentation/etcd-mixin" } }, - "version": "ca866c02422ff3f3d1f0876898a30c33dd7bcccf", + "version": "5dcd459ae9c7948f5620002f5b0bb9cf0b8f1502", "sum": "bLqTqEr0jky9zz5MV/7ucn6H5mph2NlXas0TVnGNB1Y=" }, { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "356bd73e4792ffe107725776ca8946895969c191", - "sum": "CSMZ3dJrpJpwvffie8BqcfrIVVwiKNqdPEN+1XWRBGU=" + "version": "b0d72d6ed0e9fcab83fc2dd954b3bd57113e768c", + "sum": "g2UC37YmOShdIFThAO99Uw89UO+H3sHt+y0ionv9/sA=" }, { "source": { @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "9c3fb8096e1f80e2f3a84566566906ff187f5a8c", - "sum": "9/eJqljTTtJeq9QRjabdKWL6yD8a7VzLmGKBK3ir77k=" + "version": "2cef89cb717c8b596443ac5de0415d1ffdb42252", + "sum": "EmHrmBY8PbnV0BKXmVWvAEmax6eglRinKSyZbTmVWuc=" }, { "source": { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "ead45674dba3c8712e422d99223453177aac6bf4", - "sum": "3i0NkntlBluDS1NRF+iSc2e727Alkv3ziuVjAP12/kE=" + "version": "4a8e078147dbca51067521e6ac59c7b54d44d3bd", + "sum": "D5XwKXhd3c0e+1D5iRgUhStB0qpcT4dSCmytuGQa3+k=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "ead45674dba3c8712e422d99223453177aac6bf4", + "version": "4a8e078147dbca51067521e6ac59c7b54d44d3bd", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "7bdd62593c9273b5179cf3c9d2d819e9d997aaa4", + "version": "72d6d3106861f992b7d6ecc0a88abe9b12ad5427", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "5555f492df250168657b72bb8cb60bec071de71f", + "version": "788d4456425eaf8c1d613582995bdf7de02154b0", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -119,8 +119,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "193ebba04d1e70d971047e983a0b489112610460", - "sum": "QcftU7gjCQyj7B6M4YJeCAeaPd0kwxd4J4rolo7AnLE=", + "version": "3f46b62d75da4d68d2098388797e6a61fcc5e043", + "sum": "VP1vn/WTGLZaBgGhGMUO81qNTc/fnp5KtzVjcaxad6Q=", "name": "alertmanager" }, { @@ -130,7 +130,7 @@ "subdir": "docs/node-mixin" } }, - "version": "8b466360a35581e0301bd22918be7011cf4203c3", + "version": "cfdd9dd0c983057df5e814e067fadbf8c7781559", "sum": "rvyiD/yCB4BeYAWqYF53bP8c+aCUt2ipLHW2Ea8ELO8=" }, { @@ -140,8 +140,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "26d89b4b0776fe4cd5a3656dfa520f119a375273", - "sum": "1VRVMuxAEZ9vdGHFlndmG9iQzDD6AoIXrX80CDpGDaU=", + "version": "e4487274853c587717006eeda8804e597d120340", + "sum": "6kUzElCBWZ5U/3cxEpHNMmoKKPubG45QxpmLu8PGg08=", "name": "prometheus" }, { From 9bba0e2a2a2f245001f6c735aa8c4df77304e336 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 21 Jan 2021 10:34:21 +0100 Subject: [PATCH 118/388] manifests: regenerate --- manifests/alertmanager-prometheusRule.yaml | 22 ++- manifests/grafana-dashboardDatasources.yaml | 5 + manifests/grafana-dashboardDefinitions.yaml | 141 ++++++++++++++++++-- manifests/grafana-dashboardSources.yaml | 5 + manifests/grafana-deployment.yaml | 17 ++- manifests/grafana-service.yaml | 9 +- manifests/kubernetes-prometheusRule.yaml | 115 +++++++++------- manifests/prometheus-prometheusRule.yaml | 4 +- 8 files changed, 241 insertions(+), 77 deletions(-) diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index ea78ad11..1fa9c223 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -55,17 +55,31 @@ spec: - alert: AlertmanagerClusterFailedToSendAlerts annotations: description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. - summary: All Alertmanager instances in a cluster failed to send notifications. + summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration. expr: | - min by (namespace,service) ( - rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring"}[5m]) + min by (namespace,service, integration) ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring", integration=~`.*`}[5m]) / - rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring"}[5m]) + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring", integration=~`.*`}[5m]) ) > 0.01 for: 5m labels: severity: critical + - alert: AlertmanagerClusterFailedToSendAlerts + annotations: + description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. + summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration. + expr: | + min by (namespace,service, integration) ( + rate(alertmanager_notifications_failed_total{job="alertmanager-main",namespace="monitoring", integration!~`.*`}[5m]) + / + rate(alertmanager_notifications_total{job="alertmanager-main",namespace="monitoring", integration!~`.*`}[5m]) + ) + > 0.01 + for: 5m + labels: + severity: warning - alert: AlertmanagerConfigInconsistent annotations: description: Alertmanager instances within the {{$labels.job}} cluster have different configurations. diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 22d47488..18ee57ba 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -3,6 +3,11 @@ data: datasources.yaml: ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLm1vbml0b3Jpbmcuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9CiAgICBdCn0= kind: Secret metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index e5e62bc9..5836c3ac 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -1729,6 +1729,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -3595,6 +3600,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -4730,6 +4740,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -7296,6 +7311,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -9566,6 +9586,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -10528,6 +10553,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -12284,6 +12314,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -14302,6 +14337,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -16481,6 +16521,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -18998,6 +19043,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -20446,6 +20496,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -22166,6 +22221,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -23114,6 +23174,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -24089,6 +24154,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -25070,6 +25140,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -25262,7 +25337,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "expr": "max without(instance,node) (\n(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -25459,7 +25534,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "expr": "max without(instance,node) (\nkubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -25631,6 +25706,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -26843,6 +26923,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -26868,7 +26953,7 @@ items: "links": [ ], - "refresh": "", + "refresh": "60s", "rows": [ { "collapse": false, @@ -27119,7 +27204,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n", + "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -27704,7 +27789,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"}", + "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28009,7 +28094,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28102,7 +28187,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28195,7 +28280,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{cluster}}:{{instance}} {{remote_name}}:{{url}}", @@ -28348,7 +28433,7 @@ items: "schemaVersion": 14, "style": "dark", "tags": [ - + "prometheus-mixin" ], "templating": { "list": [ @@ -28492,11 +28577,16 @@ items: ] }, "timezone": "browser", - "title": "Prometheus Remote Write", + "title": "Prometheus / Remote Write", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -28515,7 +28605,7 @@ items: "links": [ ], - "refresh": "10s", + "refresh": "60s", "rows": [ { "collapse": false, @@ -29594,7 +29684,7 @@ items: "schemaVersion": 14, "style": "dark", "tags": [ - + "prometheus-mixin" ], "templating": { "list": [ @@ -29702,12 +29792,17 @@ items: ] }, "timezone": "utc", - "title": "Prometheus Overview", + "title": "Prometheus / Overview", "uid": "", "version": 0 } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -30923,6 +31018,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -31981,6 +32081,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -32893,6 +32998,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-statefulset namespace: monitoring - apiVersion: v1 @@ -34315,6 +34425,11 @@ items: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index fffec986..ca27f99e 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -17,5 +17,10 @@ data: } kind: ConfigMap metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index d6bb77da..0f73af5a 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -2,21 +2,28 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana namespace: monitoring spec: replicas: 1 selector: matchLabels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus template: metadata: annotations: - checksum/grafana-dashboards: b02ae450c84445cbaca8c685eefaec6c - checksum/grafana-datasources: 48faab41f579fc8efde6034391496f6a + checksum/grafana-datasources: a77789e5440a1e51e204e99e2f0f480a labels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 spec: containers: - env: [] diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 5e7e1453..32a90746 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -2,7 +2,10 @@ apiVersion: v1 kind: Service metadata: labels: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.3.5 name: grafana namespace: monitoring spec: @@ -11,5 +14,7 @@ spec: port: 3000 targetPort: http selector: - app: grafana + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus type: NodePort diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index d683cff6..d3ee9527 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -15,11 +15,11 @@ spec: rules: - alert: KubePodCrashLooping annotations: - description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 5 minutes. + description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 10 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping summary: Pod is crash looping. expr: | - rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[5m]) * 60 * 5 > 0 + rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[10m]) * 60 * 5 > 0 for: 15m labels: severity: warning @@ -499,11 +499,11 @@ spec: severity: critical - alert: AggregatedAPIErrors annotations: - description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. The number of errors have increased for it in the past five minutes. High values indicate that the availability of the service changes too often. + description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. It has appeared unavailable {{ $value | humanize }} times averaged over the past 10m. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors summary: An aggregated API has reported errors. expr: | - sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[5m])) > 2 + sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[10m])) > 4 labels: severity: warning - alert: AggregatedAPIDown @@ -526,6 +526,16 @@ spec: for: 15m labels: severity: critical + - alert: KubeAPITerminatedRequests + annotations: + description: The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapiterminatedrequests + summary: The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests. + expr: | + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 + for: 5m + labels: + severity: warning - name: kubernetes-system-kubelet rules: - alert: KubeNodeNotReady @@ -1102,77 +1112,80 @@ spec: verb: write record: apiserver_request:availability30d - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[30d])) + avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 record: code_verb:apiserver_request_total:increase30d - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[30d])) - record: code_verb:apiserver_request_total:increase30d + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: | + sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - expr: | sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) labels: diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index aa4f0ce9..d4d2ed68 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -202,9 +202,9 @@ spec: summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. expr: | min without (alertmanager) ( - rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + rate(prometheus_notifications_errors_total{job="prometheus-k8s",namespace="monitoring",alertmanager!~``}[5m]) / - rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + rate(prometheus_notifications_sent_total{job="prometheus-k8s",namespace="monitoring",alertmanager!~``}[5m]) ) * 100 > 3 From ff3e611245fc0fe05a543ade9ac5684a732a6a20 Mon Sep 17 00:00:00 2001 From: lanmarti Date: Thu, 21 Jan 2021 16:35:38 +0100 Subject: [PATCH 119/388] Changed labels for grafana service monitor selector --- jsonnet/kube-prometheus/components/grafana.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 4dfe516c..170a8169 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -73,7 +73,7 @@ function(params) { spec: { selector: { matchLabels: { - app: 'grafana', + app.kubernetes.io/name: 'grafana', }, }, endpoints: [{ From 70cfe27872620ebb9e1e8c04f76301e3fe67b486 Mon Sep 17 00:00:00 2001 From: lanmarti Date: Thu, 21 Jan 2021 16:38:32 +0100 Subject: [PATCH 120/388] Added quotes around label key --- jsonnet/kube-prometheus/components/grafana.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 170a8169..06d5bef3 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -73,7 +73,7 @@ function(params) { spec: { selector: { matchLabels: { - app.kubernetes.io/name: 'grafana', + 'app.kubernetes.io/name': 'grafana', }, }, endpoints: [{ From 5cefc105f7069f82c98d2cfe742441a12ad17702 Mon Sep 17 00:00:00 2001 From: lanmarti Date: Mon, 25 Jan 2021 13:04:49 +0100 Subject: [PATCH 121/388] Ran make generate --- manifests/grafana-serviceMonitor.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 9931c1ca..ea1359eb 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -14,4 +14,4 @@ spec: port: http selector: matchLabels: - app: grafana + app.kubernetes.io/name: grafana From d3ad5de9930c8c2220449b4784d91afdd8f52020 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 25 Jan 2021 13:59:31 +0100 Subject: [PATCH 122/388] jsonnet/kube-promethues/components: remove veth interfaces from node_exporter metrics Signed-off-by: paulfantom --- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index bd4fbfe7..73704a8c 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -172,6 +172,9 @@ function(params) { '--no-collector.wifi', '--no-collector.hwmon', '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', + '--collector.netclass.ignored-devices=^(veth.*)$', + '--collector.netdev.device-blacklist=^(veth.*)$', + // '--collector.netdev.device-exclude=^(veth.*)$', // TODO(paulfantom): change with next version of node_exporter (post 1.0.1) ], volumeMounts: [ { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, From 4220f4e8626a7d4b4fffc0b3fdcf3809d65d8678 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 25 Jan 2021 14:49:19 +0100 Subject: [PATCH 123/388] manifests: regenerate Signed-off-by: paulfantom --- manifests/node-exporter-daemonset.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index d88d8846..8c556fca 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -30,6 +30,8 @@ spec: - --no-collector.wifi - --no-collector.hwmon - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) + - --collector.netclass.ignored-devices=^(veth.*)$ + - --collector.netdev.device-blacklist=^(veth.*)$ image: quay.io/prometheus/node-exporter:v1.0.1 name: node-exporter resources: From 7afbfa35346887b0e779bb3e759f5806ada67987 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 26 Jan 2021 15:34:54 +0100 Subject: [PATCH 124/388] jsonnet: move all images and versions into values.common Signed-off-by: paulfantom --- jsonnet/kube-prometheus/main.libsonnet | 59 +++++++++++++++++--------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 15f88b7d..2a2ad271 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -18,60 +18,79 @@ local prometheus = import './components/prometheus.libsonnet'; role: 'alert-rules', prometheus: $.values.prometheus.name, }, + versions: { + alertmanager: '0.21.0', + blackboxExporter: '0.18.0', + grafana: '7.3.7', + kubeStateMetrics: '1.9.7', + nodeExporter: '1.0.1', + prometheus: '2.24.0', + prometheusAdapter: '0.8.2', + prometheusOperator: '0.45.0', + }, + images: { + alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, + blackboxExporter: 'quay.io/prometheus/blackbox-exporter:v' + $.values.common.versions.blackboxExporter, + grafana: 'grafana/grafana:v' + $.values.common.versions.grafana, + kubeStateMetrics: 'quay.io/coreos/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, + nodeExporter: 'quay.io/prometheus/node-exporter:v' + $.values.common.versions.nodeExporter, + prometheus: 'quay.io/prometheus/prometheus:v' + $.values.common.versions.prometheus, + prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, + prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, + prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, + }, }, alertmanager: { name: 'main', namespace: $.values.common.namespace, - version: '0.21.0', - image: 'quay.io/prometheus/alertmanager:v0.21.0', - mixin+: { - ruleLabels: $.values.common.ruleLabels, - }, + version: $.values.common.versions.alertmanager, + image: $.values.common.images.alertmanager, + mixin+: { ruleLabels: $.values.common.ruleLabels }, }, blackboxExporter: { namespace: $.values.common.namespace, - version: '0.18.0', - image: 'quay.io/prometheus/blackbox-exporter:v0.18.0', + version: $.values.common.versions.blackboxExporter, + image: $.values.common.images.blackboxExporter, }, grafana: { namespace: $.values.common.namespace, - version: '7.3.5', - image: 'grafana/grafana:v7.3.7', + version: $.values.common.versions.grafana, + image: $.values.common.images.grafana, prometheusName: $.values.prometheus.name, // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesMixin.mixin.grafanaDashboards, }, kubeStateMetrics: { namespace: $.values.common.namespace, - version: '1.9.7', - image: 'quay.io/coreos/kube-state-metrics:v1.9.7', + version: $.values.common.versions.kubeStateMetrics, + image: $.values.common.images.kubeStateMetrics, mixin+: { ruleLabels: $.values.common.ruleLabels }, }, nodeExporter: { namespace: $.values.common.namespace, - version: '1.0.1', - image: 'quay.io/prometheus/node-exporter:v1.0.1', + version: $.values.common.versions.nodeExporter, + image: $.values.common.images.nodeExporter, mixin+: { ruleLabels: $.values.common.ruleLabels }, }, prometheus: { namespace: $.values.common.namespace, - version: '2.24.0', - image: 'quay.io/prometheus/prometheus:v2.24.0', + version: $.values.common.versions.prometheus, + image: $.values.common.images.prometheus, name: 'k8s', alertmanagerName: $.values.alertmanager.name, mixin+: { ruleLabels: $.values.common.ruleLabels }, }, prometheusAdapter: { namespace: $.values.common.namespace, - version: '0.8.2', - image: 'directxman12/k8s-prometheus-adapter:v0.8.2', + version: $.values.common.versions.prometheusAdapter, + image: $.values.common.images.prometheusAdapter, prometheusURL: 'http://prometheus-' + $.values.prometheus.name + '.' + $.values.common.namespace + '.svc.cluster.local:9090/', }, prometheusOperator: { namespace: $.values.common.namespace, - version: '0.45.0', - image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0', - configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0', + version: $.values.common.versions.prometheusOperator, + image: $.values.common.images.prometheusOperator, + configReloaderImage: $.values.common.images.prometheusOperatorReloader, commonLabels+: { 'app.kubernetes.io/part-of': 'kube-prometheus', }, From 07a057f09d59d8f56e54e14bb9cb00584bfba65b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 26 Jan 2021 15:43:55 +0100 Subject: [PATCH 125/388] manifests: regenerate to fix grafana version label --- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 ++++++++++----------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- 6 files changed, 31 insertions(+), 31 deletions(-) diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 18ee57ba..c8b74e86 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 5836c3ac..98c46e7f 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -1733,7 +1733,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -3604,7 +3604,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -4744,7 +4744,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -7315,7 +7315,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -9590,7 +9590,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -10557,7 +10557,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -12318,7 +12318,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -14341,7 +14341,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -16525,7 +16525,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -19047,7 +19047,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -20500,7 +20500,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -22225,7 +22225,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -23178,7 +23178,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -24158,7 +24158,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -25144,7 +25144,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -25710,7 +25710,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -26927,7 +26927,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -28586,7 +28586,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -29802,7 +29802,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -31022,7 +31022,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -32085,7 +32085,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -33002,7 +33002,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-statefulset namespace: monitoring - apiVersion: v1 @@ -34429,7 +34429,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index ca27f99e..4cbedc78 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 0f73af5a..4094d70b 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: a77789e5440a1e51e204e99e2f0f480a + checksum/grafana-datasources: b559161af8b85c237ef0432d8431a19a labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 spec: containers: - env: [] - image: grafana/grafana:7.3.5 + image: grafana/grafana:7.3.7 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 32a90746..7dba3e25 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 9931c1ca..59099c4d 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.5 + app.kubernetes.io/version: 7.3.7 name: grafana namespace: monitoring spec: From 5b6f50ffb2e658f15e6107b7c07de7560c0820fe Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Wed, 27 Jan 2021 10:56:44 +0000 Subject: [PATCH 126/388] jsonnet: Upgrade configmap-reload image to v0.5.0 to fix CVE --- jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet | 2 +- manifests/blackbox-exporter-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index bbe03ed6..faec2c61 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -20,7 +20,7 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, - configmapReloaderImage: 'jimmidyson/configmap-reload:v0.4.0', + configmapReloaderImage: 'jimmidyson/configmap-reload:v0.5.0', port: 9115, internalPort: 19115, diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index 9c0ec4c0..359b2e16 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -49,7 +49,7 @@ spec: - args: - --webhook-url=http://localhost:19115/-/reload - --volume-dir=/etc/blackbox_exporter/ - image: jimmidyson/configmap-reload:v0.4.0 + image: jimmidyson/configmap-reload:v0.5.0 name: module-configmap-reloader resources: limits: From 0a79177c19cedaa735c4761d6bf49300176e80e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20W=C3=BCrbach?= Date: Tue, 26 Jan 2021 20:15:50 +0100 Subject: [PATCH 127/388] k8s-prometheus-adapter v0.8.3 --- jsonnet/kube-prometheus/main.libsonnet | 2 +- manifests/prometheus-adapter-apiService.yaml | 2 +- manifests/prometheus-adapter-clusterRole.yaml | 2 +- ...ometheus-adapter-clusterRoleAggregatedMetricsReader.yaml | 2 +- manifests/prometheus-adapter-clusterRoleBinding.yaml | 2 +- .../prometheus-adapter-clusterRoleBindingDelegator.yaml | 2 +- .../prometheus-adapter-clusterRoleServerResources.yaml | 2 +- manifests/prometheus-adapter-configMap.yaml | 2 +- manifests/prometheus-adapter-deployment.yaml | 6 +++--- manifests/prometheus-adapter-roleBindingAuthReader.yaml | 2 +- manifests/prometheus-adapter-service.yaml | 2 +- manifests/prometheus-adapter-serviceAccount.yaml | 2 +- manifests/prometheus-adapter-serviceMonitor.yaml | 2 +- 13 files changed, 15 insertions(+), 15 deletions(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 2a2ad271..c8930ebc 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -25,7 +25,7 @@ local prometheus = import './components/prometheus.libsonnet'; kubeStateMetrics: '1.9.7', nodeExporter: '1.0.1', prometheus: '2.24.0', - prometheusAdapter: '0.8.2', + prometheusAdapter: '0.8.3', prometheusOperator: '0.45.0', }, images: { diff --git a/manifests/prometheus-adapter-apiService.yaml b/manifests/prometheus-adapter-apiService.yaml index 01bf70d7..aced8989 100644 --- a/manifests/prometheus-adapter-apiService.yaml +++ b/manifests/prometheus-adapter-apiService.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io diff --git a/manifests/prometheus-adapter-clusterRole.yaml b/manifests/prometheus-adapter-clusterRole.yaml index 80ece63e..1884b593 100644 --- a/manifests/prometheus-adapter-clusterRole.yaml +++ b/manifests/prometheus-adapter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: prometheus-adapter rules: - apiGroups: diff --git a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml index 00926af2..f0e7d560 100644 --- a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml +++ b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" diff --git a/manifests/prometheus-adapter-clusterRoleBinding.yaml b/manifests/prometheus-adapter-clusterRoleBinding.yaml index 58e3787f..eb4cf6bd 100644 --- a/manifests/prometheus-adapter-clusterRoleBinding.yaml +++ b/manifests/prometheus-adapter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: prometheus-adapter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml index be0f2716..2787eefa 100644 --- a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml +++ b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: resource-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleServerResources.yaml b/manifests/prometheus-adapter-clusterRoleServerResources.yaml index 6a845383..43e2b1e8 100644 --- a/manifests/prometheus-adapter-clusterRoleServerResources.yaml +++ b/manifests/prometheus-adapter-clusterRoleServerResources.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: resource-metrics-server-resources rules: - apiGroups: diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index 8fe1b50d..b5b4e82b 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -33,6 +33,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: adapter-config namespace: monitoring diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index 1196a1fd..b04e2fd7 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: prometheus-adapter namespace: monitoring spec: @@ -25,7 +25,7 @@ spec: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 spec: containers: - args: @@ -35,7 +35,7 @@ spec: - --metrics-relist-interval=1m - --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/ - --secure-port=6443 - image: directxman12/k8s-prometheus-adapter:v0.8.2 + image: directxman12/k8s-prometheus-adapter:v0.8.3 name: prometheus-adapter ports: - containerPort: 6443 diff --git a/manifests/prometheus-adapter-roleBindingAuthReader.yaml b/manifests/prometheus-adapter-roleBindingAuthReader.yaml index 6a589f88..96a5643b 100644 --- a/manifests/prometheus-adapter-roleBindingAuthReader.yaml +++ b/manifests/prometheus-adapter-roleBindingAuthReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: resource-metrics-auth-reader namespace: kube-system roleRef: diff --git a/manifests/prometheus-adapter-service.yaml b/manifests/prometheus-adapter-service.yaml index 98e726ae..bbcd1ccd 100644 --- a/manifests/prometheus-adapter-service.yaml +++ b/manifests/prometheus-adapter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-serviceAccount.yaml b/manifests/prometheus-adapter-serviceAccount.yaml index 311e9c87..a1da8795 100644 --- a/manifests/prometheus-adapter-serviceAccount.yaml +++ b/manifests/prometheus-adapter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: prometheus-adapter namespace: monitoring diff --git a/manifests/prometheus-adapter-serviceMonitor.yaml b/manifests/prometheus-adapter-serviceMonitor.yaml index c0d5b981..2de7a36c 100644 --- a/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/manifests/prometheus-adapter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.2 + app.kubernetes.io/version: 0.8.3 name: prometheus-adapter namespace: monitoring spec: From 3670d5bf7deefda19c56209e307391577fbff1ed Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 29 Jan 2021 12:17:19 +0100 Subject: [PATCH 128/388] *: add resource validation Co-Authored-By: Yann Hamon Co-Authored-By: Kemal Akkoyun Signed-off-by: paulfantom --- .github/workflows/ci.yaml | 2 +- .gitignore | 1 + Makefile | 11 ++++++++++- scripts/generate-schemas.sh | 13 +++++++++++++ scripts/go.mod | 1 + scripts/go.sum | 11 +++++++++++ scripts/tools.go | 1 + 7 files changed, 38 insertions(+), 2 deletions(-) create mode 100755 scripts/generate-schemas.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e9edf2a6..a98a9ed9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-go@v2 with: go-version: ${{ env.golang-version }} - - run: make --always-make generate && git diff --exit-code + - run: make --always-make generate validate && git diff --exit-code lint: runs-on: ubuntu-latest name: Jsonnet linter diff --git a/.gitignore b/.gitignore index f334fb56..42cf6651 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ minikube-manifests/ vendor/ ./auth .swp +crdschemas/ diff --git a/Makefile b/Makefile index 198e1788..15707b08 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,8 @@ GOJSONTOYAML_BIN=$(BIN_DIR)/gojsontoyaml JSONNET_BIN=$(BIN_DIR)/jsonnet JSONNETLINT_BIN=$(BIN_DIR)/jsonnet-lint JSONNETFMT_BIN=$(BIN_DIR)/jsonnetfmt -TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLINT_BIN) $(JSONNETFMT_BIN) +KUBECONFORM_BIN=$(BIN_DIR)/kubeconform +TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLINT_BIN) $(JSONNETFMT_BIN) $(KUBECONFORM_BIN) JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s @@ -32,6 +33,14 @@ vendor: $(JB_BIN) jsonnetfile.json jsonnetfile.lock.json rm -rf vendor $(JB_BIN) install +crdschemas: vendor + ./scripts/generate-schemas.sh + +.PHONY: validate +validate: crdschemas manifests $(KUBECONFORM_BIN) + # Follow-up on https://github.com/instrumenta/kubernetes-json-schema/issues/26 if validations start failing + $(KUBECONFORM_BIN) -schema-location 'https://kubernetesjsonschema.dev' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/ + .PHONY: fmt fmt: $(JSONNETFMT_BIN) find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \ diff --git a/scripts/generate-schemas.sh b/scripts/generate-schemas.sh new file mode 100755 index 00000000..06b9bbe3 --- /dev/null +++ b/scripts/generate-schemas.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +DIR="crdschemas" + +# Go to git repository root +cd ./$(git rev-parse --show-cdup) + +rm -rf "$DIR" +mkdir "$DIR" + +for crd in vendor/prometheus-operator/*-crd.libsonnet; do + jq '.spec.versions[0].schema.openAPIV3Schema' < "$crd" > "$DIR/$(basename "$crd" | sed 's/-crd.libsonnet/.json/')" +done diff --git a/scripts/go.mod b/scripts/go.mod index 9c6c10c8..5f3eec9e 100644 --- a/scripts/go.mod +++ b/scripts/go.mod @@ -7,4 +7,5 @@ require ( github.com/campoy/embedmd v1.0.0 github.com/google/go-jsonnet v0.17.1-0.20210101181740-31d71aaccda6 // 7 commits after 0.17.0. Needed by jsonnet linter github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 + github.com/yannh/kubeconform v0.4.2 // indirect ) diff --git a/scripts/go.sum b/scripts/go.sum index 08d45587..d98867db 100644 --- a/scripts/go.sum +++ b/scripts/go.sum @@ -42,6 +42,14 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/yannh/kubeconform v0.4.2 h1:8ve/dz6ns9tT5efR1Qfn8569JkenPFqnWcVWGz3lqPw= +github.com/yannh/kubeconform v0.4.2/go.mod h1:Ysf3RSreh2rX8IJsVt/uT3Um/U3e3ykx6Fcz8nCdskM= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= @@ -53,5 +61,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogR gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/scripts/tools.go b/scripts/tools.go index d5b67e32..64813348 100644 --- a/scripts/tools.go +++ b/scripts/tools.go @@ -10,5 +10,6 @@ import ( _ "github.com/google/go-jsonnet/cmd/jsonnet" _ "github.com/google/go-jsonnet/cmd/jsonnet-lint" _ "github.com/google/go-jsonnet/cmd/jsonnetfmt" + _ "github.com/yannh/kubeconform/cmd/kubeconform" _ "github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb" ) From 102d4c65137dc17a33d125cb384fc17d5cbc4c6e Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Fri, 29 Jan 2021 15:57:14 +0100 Subject: [PATCH 129/388] Default alerting to Alertmanager API v2 Alertmanager API v2 is available for more than 2 years now, there's no reason to not use it by default. Signed-off-by: Simon Pasquier --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 1 + manifests/prometheus-prometheus.yaml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index e93f8537..63d6d061 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -251,6 +251,7 @@ function(params) { namespace: p.config.namespace, name: 'alertmanager-' + p.config.alertmanagerName, port: 'web', + apiVersion: 'v2', }], }, securityContext: { diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 36fd374f..f1f8ef2f 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -12,7 +12,8 @@ metadata: spec: alerting: alertmanagers: - - name: alertmanager-main + - apiVersion: v2 + name: alertmanager-main namespace: monitoring port: web image: quay.io/prometheus/prometheus:v2.24.0 From ab3dff2016842a0b79db1e50333fc3edd54f3a51 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 2 Feb 2021 10:00:08 +0100 Subject: [PATCH 130/388] examples,jsonnet: expose kubernetes-grafana API to fix grafana examples Signed-off-by: paulfantom --- ...ditional-jsonnet-dashboard-example.jsonnet | 56 ++++++++++--------- ...ional-rendered-dashboard-example-2.jsonnet | 14 +++-- ...itional-rendered-dashboard-example.jsonnet | 17 +++--- .../components/grafana.libsonnet | 7 +++ 4 files changed, 52 insertions(+), 42 deletions(-) diff --git a/examples/grafana-additional-jsonnet-dashboard-example.jsonnet b/examples/grafana-additional-jsonnet-dashboard-example.jsonnet index fcfdd1fb..8c1973ca 100644 --- a/examples/grafana-additional-jsonnet-dashboard-example.jsonnet +++ b/examples/grafana-additional-jsonnet-dashboard-example.jsonnet @@ -6,34 +6,36 @@ local template = grafana.template; local graphPanel = grafana.graphPanel; local kp = (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', - }, - grafana+:: { - dashboards+:: { - 'my-dashboard.json': - dashboard.new('My Dashboard') - .addTemplate( - { - current: { - text: 'Prometheus', - value: 'Prometheus', + values+:: { + common+:: { + namespace: 'monitoring', + }, + grafana+: { + dashboards+:: { + 'my-dashboard.json': + dashboard.new('My Dashboard') + .addTemplate( + { + current: { + text: 'Prometheus', + value: 'Prometheus', + }, + hide: 0, + label: null, + name: 'datasource', + options: [], + query: 'prometheus', + refresh: 1, + regex: '', + type: 'datasource', }, - hide: 0, - label: null, - name: 'datasource', - options: [], - query: 'prometheus', - refresh: 1, - regex: '', - type: 'datasource', - }, - ) - .addRow( - row.new() - .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource') - .addTarget(prometheus.target('vector(1)'))) - ), + ) + .addRow( + row.new() + .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource') + .addTarget(prometheus.target('vector(1)'))) + ), + }, }, }, }; diff --git a/examples/grafana-additional-rendered-dashboard-example-2.jsonnet b/examples/grafana-additional-rendered-dashboard-example-2.jsonnet index e18c6242..7b8825d7 100644 --- a/examples/grafana-additional-rendered-dashboard-example-2.jsonnet +++ b/examples/grafana-additional-rendered-dashboard-example-2.jsonnet @@ -1,10 +1,12 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', - }, - grafana+:: { - rawDashboards+:: { - 'my-dashboard.json': (importstr 'example-grafana-dashboard.json'), + values+:: { + common+:: { + namespace: 'monitoring', + }, + grafana+: { + rawDashboards+:: { + 'my-dashboard.json': (importstr 'example-grafana-dashboard.json'), + }, }, }, }; diff --git a/examples/grafana-additional-rendered-dashboard-example.jsonnet b/examples/grafana-additional-rendered-dashboard-example.jsonnet index 6c5bb048..1a8c8b9a 100644 --- a/examples/grafana-additional-rendered-dashboard-example.jsonnet +++ b/examples/grafana-additional-rendered-dashboard-example.jsonnet @@ -1,13 +1,12 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', - }, - grafanaDashboards+:: { // monitoring-mixin compatibility - 'my-dashboard.json': (import 'example-grafana-dashboard.json'), - }, - grafana+:: { - dashboards+:: { // use this method to import your dashboards to Grafana - 'my-dashboard.json': (import 'example-grafana-dashboard.json'), + values+:: { + common+:: { + namespace: 'monitoring', + }, + grafana+: { + dashboards+:: { // use this method to import your dashboards to Grafana + 'my-dashboard.json': (import 'example-grafana-dashboard.json'), + }, }, }, }; diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 06d5bef3..eb208123 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -22,6 +22,10 @@ local defaults = { }, prometheusName: error 'must provide prometheus name', dashboards: {}, + // TODO(paulfantom): expose those to have a stable API. After kubernetes-grafana refactor those could probably be removed. + rawDashboards: {}, + folderDashboards: {}, + containers: [], }; function(params) { @@ -47,6 +51,9 @@ function(params) { labels: g.config.commonLabels, dashboards: g.config.dashboards, resources: g.config.resources, + rawDashboards: g.config.rawDashboards, + folderDashboards: g.config.folderDashboards, + containers: g.config.containers, }, }, }, From 9c93c7aeee9199d616b4fa539aaa189f99619381 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 2 Feb 2021 10:24:15 +0100 Subject: [PATCH 131/388] docs: regenerate --- ...prometheus-rules-and-grafana-dashboards.md | 87 ++++++++++--------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 31babf72..59447941 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -274,34 +274,36 @@ local template = grafana.template; local graphPanel = grafana.graphPanel; local kp = (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', - }, - grafana+:: { - dashboards+:: { - 'my-dashboard.json': - dashboard.new('My Dashboard') - .addTemplate( - { - current: { - text: 'Prometheus', - value: 'Prometheus', + values+:: { + common+:: { + namespace: 'monitoring', + }, + grafana+: { + dashboards+:: { + 'my-dashboard.json': + dashboard.new('My Dashboard') + .addTemplate( + { + current: { + text: 'Prometheus', + value: 'Prometheus', + }, + hide: 0, + label: null, + name: 'datasource', + options: [], + query: 'prometheus', + refresh: 1, + regex: '', + type: 'datasource', }, - hide: 0, - label: null, - name: 'datasource', - options: [], - query: 'prometheus', - refresh: 1, - regex: '', - type: 'datasource', - }, - ) - .addRow( - row.new() - .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource') - .addTarget(prometheus.target('vector(1)'))) - ), + ) + .addRow( + row.new() + .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource') + .addTarget(prometheus.target('vector(1)'))) + ), + }, }, }, }; @@ -322,15 +324,14 @@ As jsonnet is a superset of json, the jsonnet `import` function can be used to i [embedmd]:# (../examples/grafana-additional-rendered-dashboard-example.jsonnet) ```jsonnet local kp = (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', - }, - grafanaDashboards+:: { // monitoring-mixin compatibility - 'my-dashboard.json': (import 'example-grafana-dashboard.json'), - }, - grafana+:: { - dashboards+:: { // use this method to import your dashboards to Grafana - 'my-dashboard.json': (import 'example-grafana-dashboard.json'), + values+:: { + common+:: { + namespace: 'monitoring', + }, + grafana+: { + dashboards+:: { // use this method to import your dashboards to Grafana + 'my-dashboard.json': (import 'example-grafana-dashboard.json'), + }, }, }, }; @@ -348,12 +349,14 @@ In case you have lots of json dashboard exported out from grafana UI the above a [embedmd]:# (../examples/grafana-additional-rendered-dashboard-example-2.jsonnet) ```jsonnet local kp = (import 'kube-prometheus/main.libsonnet') + { - _config+:: { - namespace: 'monitoring', - }, - grafana+:: { - rawDashboards+:: { - 'my-dashboard.json': (importstr 'example-grafana-dashboard.json'), + values+:: { + common+:: { + namespace: 'monitoring', + }, + grafana+: { + rawDashboards+:: { + 'my-dashboard.json': (importstr 'example-grafana-dashboard.json'), + }, }, }, }; From f95f0fa875beac7f2fab029a3542a65fc66d5ed6 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 2 Feb 2021 13:35:55 +0100 Subject: [PATCH 132/388] examples,jsonnet: fix thanos-sidecar addon; add test for thanos-sidecar addon --- examples/thanos-sidecar.jsonnet | 32 +++++++++++++++++++ .../addons/thanos-sidecar.libsonnet | 13 +++----- 2 files changed, 37 insertions(+), 8 deletions(-) create mode 100644 examples/thanos-sidecar.jsonnet diff --git a/examples/thanos-sidecar.jsonnet b/examples/thanos-sidecar.jsonnet new file mode 100644 index 00000000..35eca8e1 --- /dev/null +++ b/examples/thanos-sidecar.jsonnet @@ -0,0 +1,32 @@ +local kp = + (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + thanos: { + version: '0.17.2', + image: 'quay.io/thanos-io/thanos:v' + $.values.thanos.version, + objectStorageConfig: { + key: 'thanos.yaml', // How the file inside the secret is called + name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config + }, + }, + }, + }; + +{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor is separated so that it can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } diff --git a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet index af6474d2..64a1e181 100644 --- a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet +++ b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet @@ -1,13 +1,10 @@ (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { values+:: { - thanos+:: { - version: '0.14.0', - image: 'quay.io/thanos/thanos:v0.14.0', - objectStorageConfig: { - key: 'thanos.yaml', // How the file inside the secret is called - name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config - }, + thanos: { + version: error 'must provide thanos version', + image: error 'must provide thanos image', + objectStorageConfig: error 'must provide thanos object storage configuration', }, }, prometheus+: { @@ -35,7 +32,7 @@ { name: 'grpc', port: 10901, targetPort: 10901 }, { name: 'http', port: 10902, targetPort: 10902 }, ], - selector: { app: 'prometheus', prometheus: p.name }, + selector: { app: 'prometheus', prometheus: p.config.name }, clusterIP: 'None', }, }, From 90298f8f5c50b41d20b3ce0011192e85b456733c Mon Sep 17 00:00:00 2001 From: Aistis Jokubauskas Date: Wed, 3 Feb 2021 09:32:56 +0200 Subject: [PATCH 133/388] Include build.sh and example.jsonnet download I've tripped on this while trying to compile kube-prometheus manifests. Ref: https://github.com/prometheus-operator/kube-prometheus/issues/902 --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 361fa7f9..a3dad63f 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,9 @@ $ mkdir my-kube-prometheus; cd my-kube-prometheus $ jb init # Creates the initial/empty `jsonnetfile.json` # Install the kube-prometheus dependency $ jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.4 # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json` + +$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.4/example.jsonnet -O example.jsonnet +$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.4/build.sh -O build.sh ``` > `jb` can be installed with `go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb` From 6dfd6d891ca7105ff5f0b9932922f43cbcc85603 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 3 Feb 2021 16:41:58 +0100 Subject: [PATCH 134/388] jsonnet: remove superfluous quotation mark --- jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet index d1b9caf6..74cfb4f2 100644 --- a/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet @@ -7,7 +7,7 @@ { alert: 'NodeNetworkInterfaceFlapping', annotations: { - message: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}"', + message: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', }, expr: ||| changes(node_network_up{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 2 From 11aa604d398dc83eec498d15f8496178dd7ac5df Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 4 Feb 2021 10:49:03 +0100 Subject: [PATCH 135/388] manifests: regenerate --- manifests/kube-prometheus-prometheusRule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml index 26e7da58..bb2cf6df 100644 --- a/manifests/kube-prometheus-prometheusRule.yaml +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -35,7 +35,7 @@ spec: rules: - alert: NodeNetworkInterfaceFlapping annotations: - message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}" + message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 for: 2m From 0b0b9677644f8e19055c8af0160c556ced28436b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 2 Feb 2021 16:08:41 +0100 Subject: [PATCH 136/388] jsonnet: thanos sidecar as first-level addon Signed-off-by: paulfantom --- examples/thanos-sidecar.jsonnet | 15 ++-- .../addons/thanos-sidecar.libsonnet | 77 ------------------- .../components/prometheus.libsonnet | 74 +++++++++++++++++- 3 files changed, 79 insertions(+), 87 deletions(-) delete mode 100644 jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet diff --git a/examples/thanos-sidecar.jsonnet b/examples/thanos-sidecar.jsonnet index 35eca8e1..24a0d5ce 100644 --- a/examples/thanos-sidecar.jsonnet +++ b/examples/thanos-sidecar.jsonnet @@ -1,17 +1,18 @@ local kp = (import 'kube-prometheus/main.libsonnet') + - (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + { values+:: { common+: { namespace: 'monitoring', }, - thanos: { - version: '0.17.2', - image: 'quay.io/thanos-io/thanos:v' + $.values.thanos.version, - objectStorageConfig: { - key: 'thanos.yaml', // How the file inside the secret is called - name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config + prometheus+: { + thanos: { + version: '0.17.2', + image: 'quay.io/thanos-io/thanos:v0.17.2', + objectStorageConfig: { + key: 'thanos.yaml', // How the file inside the secret is called + name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config + }, }, }, }, diff --git a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet b/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet deleted file mode 100644 index 64a1e181..00000000 --- a/jsonnet/kube-prometheus/addons/thanos-sidecar.libsonnet +++ /dev/null @@ -1,77 +0,0 @@ -(import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + -{ - values+:: { - thanos: { - version: error 'must provide thanos version', - image: error 'must provide thanos image', - objectStorageConfig: error 'must provide thanos object storage configuration', - }, - }, - prometheus+: { - local p = self, - - // Add the grpc port to the Prometheus service to be able to query it with the Thanos Querier - service+: { - spec+: { - ports+: [ - { name: 'grpc', port: 10901, targetPort: 10901 }, - ], - }, - }, - // Create a new service that exposes both sidecar's HTTP metrics port and gRPC StoreAPI - serviceThanosSidecar: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'prometheus-' + p.config.name + '-thanos-sidecar', - namespace: p.config.namespace, - labels: { prometheus: p.config.name, app: 'thanos-sidecar' }, - }, - spec: { - ports: [ - { name: 'grpc', port: 10901, targetPort: 10901 }, - { name: 'http', port: 10902, targetPort: 10902 }, - ], - selector: { app: 'prometheus', prometheus: p.config.name }, - clusterIP: 'None', - }, - }, - prometheus+: { - spec+: { - thanos+: { - version: $.values.thanos.version, - image: $.values.thanos.image, - objectStorageConfig: $.values.thanos.objectStorageConfig, - }, - }, - }, - serviceMonitorThanosSidecar: - { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'thanos-sidecar', - namespace: p.config.namespace, - labels: { - 'app.kubernetes.io/name': 'prometheus', - }, - }, - spec: { - // Use the service's app label (thanos-sidecar) as the value for the job label. - jobLabel: 'app', - selector: { - matchLabels: { - prometheus: p.config.name, - app: 'thanos-sidecar', - }, - }, - endpoints: [ - { - port: 'http', - interval: '30s', - }, - ], - }, - }, - }, -} diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 63d6d061..cf048c09 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -35,8 +35,10 @@ local defaults = { _config: { prometheusSelector: 'job="prometheus-' + defaults.name + '",namespace="' + defaults.namespace + '"', prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', + thanosSelector: 'job="thanos-sidecar"', }, }, + thanos: {}, }; @@ -47,7 +49,15 @@ function(params) { assert std.isObject(p.config.resources), assert std.isObject(p.config.mixin._config), - mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') { + mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + ( + if p.config.thanos != {} then + (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { + sidecar: { + selector: p.config.mixin._config.thanosSelector, + }, + } + else {} + ) { _config+:: p.config.mixin._config, }, @@ -86,8 +96,13 @@ function(params) { }, spec: { ports: [ - { name: 'web', targetPort: 'web', port: 9090 }, - ], + { name: 'web', targetPort: 'web', port: 9090 }, + ] + + ( + if p.config.thanos != {} then + [{ name: 'grpc', port: 10901, targetPort: 10901 }] + else [] + ), selector: { app: 'prometheus' } + p.config.selectorLabels, sessionAffinity: 'ClientIP', }, @@ -259,6 +274,7 @@ function(params) { runAsNonRoot: true, fsGroup: 2000, }, + thanos: p.config.thanos, }, }, @@ -491,4 +507,56 @@ function(params) { }], }, }, + + // Include thanos sidecar Service only if thanos config was passed by user + [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceThanosSidecar']: { + apiVersion: 'v1', + kind: 'Service', + metadata+: { + name: 'prometheus-' + p.config.name + '-thanos-sidecar', + namespace: p.config.namespace, + labels+: p.config.commonLabels { + prometheus: p.config.name, + 'app.kubernetes.io/component': 'thanos-sidecar', + }, + }, + spec+: { + ports: [ + { name: 'grpc', port: 10901, targetPort: 10901 }, + { name: 'http', port: 10902, targetPort: 10902 }, + ], + selector: p.config.selectorLabels { + prometheus: p.config.name, + 'app.kubernetes.io/component': 'prometheus', + }, + clusterIP: 'None', + }, + }, + + // Include thanos sidecar ServiceMonitor only if thanos config was passed by user + [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceMonitorThanosSidecar']: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata+: { + name: 'thanos-sidecar', + namespace: p.config.namespace, + labels: p.config.commonLabels { + prometheus: p.config.name, + 'app.kubernetes.io/component': 'thanos-sidecar', + }, + }, + spec+: { + jobLabel: 'app.kubernetes.io/component', + selector: { + matchLabels: { + prometheus: p.config.name, + 'app.kubernetes.io/component': 'thanos-sidecar', + }, + }, + endpoints: [{ + port: 'http', + interval: '30s', + }], + }, + }, } From f8bae9fd96c40bf56520cbf23765ff3b2e1a427d Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 4 Feb 2021 14:43:23 +0100 Subject: [PATCH 137/388] manifests: regenerate --- manifests/prometheus-prometheus.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index f1f8ef2f..10f74df4 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -44,4 +44,5 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} + thanos: {} version: 2.24.0 From a9dd864c670d7a3d93966dab2d04f87498f2e2ec Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 2 Feb 2021 14:13:36 +0100 Subject: [PATCH 138/388] jsonnet/grafana: re-map datasources and config Signed-off-by: paulfantom --- .../components/grafana.libsonnet | 43 +++++++++++-------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index eb208123..939fbbc3 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -26,45 +26,54 @@ local defaults = { rawDashboards: {}, folderDashboards: {}, containers: [], + datasources: [], + config: {}, }; function(params) { local g = self, - config:: defaults + params, - //local g.config = defaults + params, + cfg:: defaults + params, // Safety check - assert std.isObject(g.config.resources), + assert std.isObject(g.cfg.resources), local glib = (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + { _config+:: { - namespace: g.config.namespace, + namespace: g.cfg.namespace, versions+:: { - grafana: g.config.version, + grafana: g.cfg.version, }, imageRepos+:: { - grafana: g.config.imageRepos, + grafana: g.cfg.imageRepos, }, prometheus+:: { - name: g.config.prometheusName, + name: g.cfg.prometheusName, }, grafana+:: { - labels: g.config.commonLabels, - dashboards: g.config.dashboards, - resources: g.config.resources, - rawDashboards: g.config.rawDashboards, - folderDashboards: g.config.folderDashboards, - containers: g.config.containers, - }, + labels: g.cfg.commonLabels, + dashboards: g.cfg.dashboards, + resources: g.cfg.resources, + rawDashboards: g.cfg.rawDashboards, + folderDashboards: g.cfg.folderDashboards, + containers: g.cfg.containers, + config+: g.cfg.config, + } + ( + // Conditionally overwrite default setting. + if std.length(g.cfg.datasources) > 0 then + { datasources: g.cfg.datasources } + else {} + ), }, }, + // Add object only if user passes config and config is not empty + [if std.objectHas(params, 'config') && std.length(params.config) > 0 then 'config']: glib.grafana.config, service: glib.grafana.service, serviceAccount: glib.grafana.serviceAccount, deployment: glib.grafana.deployment, dashboardDatasources: glib.grafana.dashboardDatasources, dashboardSources: glib.grafana.dashboardSources, - dashboardDefinitions: if std.length(g.config.dashboards) > 0 then { + dashboardDefinitions: if std.length(g.cfg.dashboards) > 0 then { apiVersion: 'v1', kind: 'ConfigMapList', items: glib.grafana.dashboardDefinitions, @@ -74,8 +83,8 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'grafana', - namespace: g.config.namespace, - labels: g.config.commonLabels, + namespace: g.cfg.namespace, + labels: g.cfg.commonLabels, }, spec: { selector: { From 4245ded81bb4eb62dc707caebf0f7d2e157bdfdc Mon Sep 17 00:00:00 2001 From: paulfantom Date: Sat, 6 Feb 2021 19:58:45 +0100 Subject: [PATCH 139/388] jsonnet: bump node-exporter to 1.1.0 and remove deprecated flag --- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 3 +-- jsonnet/kube-prometheus/main.libsonnet | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 73704a8c..10b89dc9 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -173,8 +173,7 @@ function(params) { '--no-collector.hwmon', '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', '--collector.netclass.ignored-devices=^(veth.*)$', - '--collector.netdev.device-blacklist=^(veth.*)$', - // '--collector.netdev.device-exclude=^(veth.*)$', // TODO(paulfantom): change with next version of node_exporter (post 1.0.1) + '--collector.netdev.device-exclude=^(veth.*)$', ], volumeMounts: [ { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index c8930ebc..bd2a60b3 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -23,7 +23,7 @@ local prometheus = import './components/prometheus.libsonnet'; blackboxExporter: '0.18.0', grafana: '7.3.7', kubeStateMetrics: '1.9.7', - nodeExporter: '1.0.1', + nodeExporter: '1.1.0', prometheus: '2.24.0', prometheusAdapter: '0.8.3', prometheusOperator: '0.45.0', From fc1a03053de09284e9377416a7d4f3d46b7b37bb Mon Sep 17 00:00:00 2001 From: paulfantom Date: Sat, 6 Feb 2021 19:58:55 +0100 Subject: [PATCH 140/388] manifests: regenerate --- manifests/node-exporter-clusterRole.yaml | 2 +- manifests/node-exporter-clusterRoleBinding.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 8 ++++---- manifests/node-exporter-prometheusRule.yaml | 2 +- manifests/node-exporter-service.yaml | 2 +- manifests/node-exporter-serviceAccount.yaml | 2 +- manifests/node-exporter-serviceMonitor.yaml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index 45383007..f974d3b5 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index 8887d631..1ed4f3c7 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 8c556fca..d8ef09ab 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 name: node-exporter namespace: monitoring spec: @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 spec: containers: - args: @@ -31,8 +31,8 @@ spec: - --no-collector.hwmon - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*)$ - - --collector.netdev.device-blacklist=^(veth.*)$ - image: quay.io/prometheus/node-exporter:v1.0.1 + - --collector.netdev.device-exclude=^(veth.*)$ + image: quay.io/prometheus/node-exporter:v1.1.0 name: node-exporter resources: limits: diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index eee95a1a..1967f788 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 prometheus: k8s role: alert-rules name: node-exporter-rules diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index e0cfb53a..528d6208 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 name: node-exporter namespace: monitoring spec: diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index 1be5af3c..6613b4ee 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 name: node-exporter namespace: monitoring diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index 7b0835c8..3fdcf4ef 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.0.1 + app.kubernetes.io/version: 1.1.0 name: node-exporter namespace: monitoring spec: From ff3e0e1ee4026535293c1e79a0ebddfe907735b5 Mon Sep 17 00:00:00 2001 From: Shreya Shah Date: Tue, 9 Feb 2021 17:52:54 +0530 Subject: [PATCH 141/388] Update kubelet label selector --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 4 ++-- manifests/prometheus-serviceMonitorKubelet.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index cf048c09..9454a272 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -332,7 +332,7 @@ function(params) { labels: { 'app.kubernetes.io/name': 'kubelet' }, }, spec: { - jobLabel: 'k8s-app', + jobLabel: 'app.kubernetes.io/name', endpoints: [ { port: 'https-metrics', @@ -387,7 +387,7 @@ function(params) { }, ], selector: { - matchLabels: { 'k8s-app': 'kubelet' }, + matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, }, namespaceSelector: { matchNames: ['kube-system'], diff --git a/manifests/prometheus-serviceMonitorKubelet.yaml b/manifests/prometheus-serviceMonitorKubelet.yaml index 72dff3fb..dc329395 100644 --- a/manifests/prometheus-serviceMonitorKubelet.yaml +++ b/manifests/prometheus-serviceMonitorKubelet.yaml @@ -81,10 +81,10 @@ spec: scheme: https tlsConfig: insecureSkipVerify: true - jobLabel: k8s-app + jobLabel: app.kubernetes.io/name namespaceSelector: matchNames: - kube-system selector: matchLabels: - k8s-app: kubelet + app.kubernetes.io/name: kubelet From 30d3d5950de550b9f246ef15c6fbce9e4ea3f996 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 10 Feb 2021 12:06:10 +0100 Subject: [PATCH 142/388] jsonnet: do not include thanos field when not needed Signed-off-by: paulfantom --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index cf048c09..aef2a851 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -274,7 +274,7 @@ function(params) { runAsNonRoot: true, fsGroup: 2000, }, - thanos: p.config.thanos, + [if std.objectHas(params, 'thanos') then 'thanos']: p.config.thanos, }, }, From e40e42cf7219d39450095be06da35fdd4647d5b9 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 10 Feb 2021 12:07:32 +0100 Subject: [PATCH 143/388] manifests: regenerate --- manifests/prometheus-prometheus.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 10f74df4..f1f8ef2f 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -44,5 +44,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - thanos: {} version: 2.24.0 From 83441715a89ac50d755a53a2959a4750dc8e162f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 11 Feb 2021 13:05:23 +0100 Subject: [PATCH 144/388] jsonnet: etcd mixin changed place Signed-off-by: paulfantom --- jsonnet/kube-prometheus/addons/static-etcd.libsonnet | 2 +- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/static-etcd.libsonnet b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet index d49bc633..4f11a076 100644 --- a/jsonnet/kube-prometheus/addons/static-etcd.libsonnet +++ b/jsonnet/kube-prometheus/addons/static-etcd.libsonnet @@ -1,4 +1,4 @@ -(import 'github.com/etcd-io/etcd/Documentation/etcd-mixin/mixin.libsonnet') + { +(import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + { values+:: { etcd: { ips: [], diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 578be8e9..1c3a3c98 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -14,7 +14,7 @@ "source": { "git": { "remote": "https://github.com/etcd-io/etcd", - "subdir": "Documentation/etcd-mixin" + "subdir": "contrib/mixin" } }, "version": "master" diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index ec3c8607..fff69108 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -15,11 +15,11 @@ "source": { "git": { "remote": "https://github.com/etcd-io/etcd.git", - "subdir": "Documentation/etcd-mixin" + "subdir": "contrib/mixin" } }, - "version": "5dcd459ae9c7948f5620002f5b0bb9cf0b8f1502", - "sum": "bLqTqEr0jky9zz5MV/7ucn6H5mph2NlXas0TVnGNB1Y=" + "version": "63cb3c97b7b1f09b09f6a62a65bb0fca821113ae", + "sum": "EgKKzxcW3ttt7gjPMX//DNTqNcn/0o2VAIaWJ/HSLEc=" }, { "source": { From cff8fec592a379df867473b42b14cf4cc7e0cbe7 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 12 Feb 2021 09:40:14 +0100 Subject: [PATCH 145/388] jsonnet: better name for prometheus PrometheusRule object --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index aef2a851..cef55f39 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -66,7 +66,7 @@ function(params) { kind: 'PrometheusRule', metadata: { labels: p.config.commonLabels + p.config.mixin.ruleLabels, - name: p.config.name + '-rules', + name: 'prometheus-' + p.config.name + '-prometheus-rules', namespace: p.config.namespace, }, spec: { From 0fbf8e03e05425cb83a182cbbf5d28168bffecc7 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 12 Feb 2021 09:40:22 +0100 Subject: [PATCH 146/388] manifests: regenerate --- manifests/prometheus-prometheusRule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index d4d2ed68..7329eab4 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/version: 2.24.0 prometheus: k8s role: alert-rules - name: k8s-rules + name: prometheus-k8s-prometheus-rules namespace: monitoring spec: groups: From 99838deb5d19285d2b118ed936f3fe1bab08bf61 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 18 Feb 2021 13:10:48 +0100 Subject: [PATCH 147/388] *: add badges to readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 361fa7f9..365ba18d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # kube-prometheus +[![Build Status](https://github.com/prometheus-operator/kube-prometheus/workflows/ci/badge.svg)](https://github.com/prometheus-operator/kube-prometheus/actions) +[![Slack](https://img.shields.io/badge/join%20slack-%23prometheus--operator-brightgreen.svg)](http://slack.k8s.io/) + > Note that everything is experimental and may change significantly at any time. This repository collects Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the Prometheus Operator. From a51f690387138912ebce0e6afe3bb8630ca21367 Mon Sep 17 00:00:00 2001 From: Phani Rithvij Date: Fri, 19 Feb 2021 01:56:08 +0530 Subject: [PATCH 148/388] jsonnet needs to be mentioned here --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 662d7c3f..dfaea106 100644 --- a/README.md +++ b/README.md @@ -204,7 +204,7 @@ $ jb update e.g. of how to compile the manifests: `./build.sh example.jsonnet` -> before compiling, install `gojsontoyaml` tool with `go get github.com/brancz/gojsontoyaml` +> before compiling, install `gojsontoyaml` tool with `go get github.com/brancz/gojsontoyaml` and `jsonnet` with `go get github.com/google/go-jsonnet/cmd/jsonnet` Here's [example.jsonnet](example.jsonnet): From 1817baccf1ad2afbcca3a6b5761b6bc2788858e4 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Sun, 7 Feb 2021 11:51:21 +0100 Subject: [PATCH 149/388] jsonnet: antiaffinity addon should also affect blackbox exporter Signed-off-by: paulfantom --- .../addons/anti-affinity.libsonnet | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index 014f32a9..3f55d268 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -22,17 +22,29 @@ }, }, - alertmanager+:: { + alertmanager+: { alertmanager+: { spec+: antiaffinity('alertmanager', [$.values.alertmanager.name], $.values.common.namespace), }, }, - prometheus+:: { + prometheus+: { prometheus+: { spec+: antiaffinity('prometheus', [$.values.prometheus.name], $.values.common.namespace), }, }, + + blackboxExporter+: { + deployment+: { + spec+: { + template+: { + spec+: + antiaffinity('app.kubernetes.io/name', ['blackbox-exporter'], $.values.common.namespace), + }, + }, + }, + }, + } From f039fc94cff7156b4476988e2befd47968e8519e Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Fri, 19 Feb 2021 15:08:35 -0800 Subject: [PATCH 150/388] Ensure Prometheus ServiceMonitor is unique --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index f3cbe07d..58b8e517 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -282,7 +282,7 @@ function(params) { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { - name: 'prometheus', + name: 'prometheus-' + p.config.name, namespace: p.config.namespace, labels: p.config.commonLabels, }, diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index a36e3941..1d91cbc2 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 2.24.0 - name: prometheus + name: prometheus-k8s namespace: monitoring spec: endpoints: From c80a82b19a402923749084dbe31be50196a3f521 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Feb 2021 16:16:43 +0100 Subject: [PATCH 151/388] jsonnet/kube-prometheus: create k8s control plane component * Extract ServiceMonitors related to k8s control plane from prometheus object into separate one * Add kubernetes-mixin to new object Signed-off-by: paulfantom --- .../components/k8s-control-plane.libsonnet | 262 ++++++++++++++++++ .../components/mixin/kubernetes.libsonnet | 49 ---- .../components/prometheus.libsonnet | 213 -------------- jsonnet/kube-prometheus/main.libsonnet | 8 +- 4 files changed, 266 insertions(+), 266 deletions(-) create mode 100644 jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet delete mode 100644 jsonnet/kube-prometheus/components/mixin/kubernetes.libsonnet diff --git a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet new file mode 100644 index 00000000..dd2282db --- /dev/null +++ b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -0,0 +1,262 @@ +local relabelings = import '../addons/dropping-deprecated-metrics-relabelings.libsonnet'; + +local defaults = { + namespace: error 'must provide namespace', + commonLabels:: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + }, + mixin: { + ruleLabels: {}, + _config: { + cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', + kubeletSelector: 'job="kubelet", metrics_path="/metrics"', + kubeStateMetricsSelector: 'job="kube-state-metrics"', + nodeExporterSelector: 'job="node-exporter"', + kubeSchedulerSelector: 'job="kube-scheduler"', + kubeControllerManagerSelector: 'job="kube-controller-manager"', + kubeApiserverSelector: 'job="apiserver"', + podLabel: 'pod', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + hostNetworkInterfaceSelector: 'device!~"veth.+"', + }, + }, +}; + +function(params) { + local k8s = self, + config:: defaults + params, + + mixin:: (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { + _config+:: k8s.config.mixin._config, + }, + + prometheusRule: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: k8s.config.commonLabels + k8s.config.mixin.ruleLabels, + name: 'kubernetes-monitoring-rules', + namespace: k8s.config.namespace, + }, + spec: { + local r = if std.objectHasAll(k8s.mixin, 'prometheusRules') then k8s.mixin.prometheusRules.groups else {}, + local a = if std.objectHasAll(k8s.mixin, 'prometheusAlerts') then k8s.mixin.prometheusAlerts.groups else {}, + groups: a + r, + }, + }, + + serviceMonitorKubeScheduler: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-scheduler', + namespace: k8s.config.namespace, + labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { insecureSkipVerify: true }, + }], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubelet: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kubelet', + namespace: k8s.config.namespace, + labels: { 'app.kubernetes.io/name': 'kubelet' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [ + { + port: 'https-metrics', + scheme: 'https', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings, + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/cadvisor', + interval: '30s', + honorLabels: true, + honorTimestamps: false, + tlsConfig: { + insecureSkipVerify: true, + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + metricRelabelings: [ + // Drop a bunch of metrics which are disabled but still sent, see + // https://github.com/google/cadvisor/issues/1925. + { + sourceLabels: ['__name__'], + regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', + action: 'drop', + }, + ], + }, + { + port: 'https-metrics', + scheme: 'https', + path: '/metrics/probes', + interval: '30s', + honorLabels: true, + tlsConfig: { insecureSkipVerify: true }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + relabelings: [{ + sourceLabels: ['__metrics_path__'], + targetLabel: 'metrics_path', + }], + }, + ], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorKubeControllerManager: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-controller-manager', + namespace: k8s.config.namespace, + labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + endpoints: [{ + port: 'https-metrics', + interval: '30s', + scheme: 'https', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + tlsConfig: { + insecureSkipVerify: true, + }, + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|request|server).*', + action: 'drop', + }, + ], + }], + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + }, + }, + + serviceMonitorApiserver: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'kube-apiserver', + namespace: k8s.config.namespace, + labels: { 'app.kubernetes.io/name': 'apiserver' }, + }, + spec: { + jobLabel: 'component', + selector: { + matchLabels: { + component: 'apiserver', + provider: 'kubernetes', + }, + }, + namespaceSelector: { + matchNames: ['default'], + }, + endpoints: [{ + port: 'https', + interval: '30s', + scheme: 'https', + tlsConfig: { + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + serverName: 'kubernetes', + }, + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + metricRelabelings: relabelings + [ + { + sourceLabels: ['__name__'], + regex: 'etcd_(debugging|disk|server).*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__'], + regex: 'apiserver_admission_step_admission_latencies_seconds_.*', + action: 'drop', + }, + { + sourceLabels: ['__name__', 'le'], + regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', + action: 'drop', + }, + ], + }], + }, + }, + + serviceMonitorCoreDNS: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'coredns', + namespace: k8s.config.namespace, + labels: { 'app.kubernetes.io/name': 'coredns' }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, + }, + namespaceSelector: { + matchNames: ['kube-system'], + }, + endpoints: [{ + port: 'metrics', + interval: '15s', + bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }], + }, + }, + + +} diff --git a/jsonnet/kube-prometheus/components/mixin/kubernetes.libsonnet b/jsonnet/kube-prometheus/components/mixin/kubernetes.libsonnet deleted file mode 100644 index f9e5791f..00000000 --- a/jsonnet/kube-prometheus/components/mixin/kubernetes.libsonnet +++ /dev/null @@ -1,49 +0,0 @@ -local defaults = { - name: 'kubernetes', - namespace: error 'must provide namespace', - commonLabels:: { - 'app.kubernetes.io/name': 'kube-prometheus', - 'app.kubernetes.io/component': 'exporter', - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, - mixin: { - ruleLabels: {}, - _config: { - cadvisorSelector: 'job="kubelet", metrics_path="/metrics/cadvisor"', - kubeletSelector: 'job="kubelet", metrics_path="/metrics"', - kubeStateMetricsSelector: 'job="kube-state-metrics"', - nodeExporterSelector: 'job="node-exporter"', - kubeSchedulerSelector: 'job="kube-scheduler"', - kubeControllerManagerSelector: 'job="kube-controller-manager"', - kubeApiserverSelector: 'job="apiserver"', - podLabel: 'pod', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', - diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - hostNetworkInterfaceSelector: 'device!~"veth.+"', - }, - }, -}; - -function(params) { - local m = self, - config:: defaults + params, - - mixin:: (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { - _config+:: m.config.mixin._config, - }, - - prometheusRule: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: m.config.commonLabels + m.config.mixin.ruleLabels, - name: m.config.name + '-rules', - namespace: m.config.namespace, - }, - spec: { - local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules.groups else {}, - local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts.groups else {}, - groups: a + r, - }, - }, -} diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 58b8e517..9bbefd47 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -1,5 +1,3 @@ -local relabelings = import '../addons/dropping-deprecated-metrics-relabelings.libsonnet'; - local defaults = { local defaults = self, namespace: error 'must provide namespace', @@ -297,217 +295,6 @@ function(params) { }, }, - serviceMonitorKubeScheduler: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-scheduler', - namespace: p.config.namespace, - labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { insecureSkipVerify: true }, - }], - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorKubelet: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kubelet', - namespace: p.config.namespace, - labels: { 'app.kubernetes.io/name': 'kubelet' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - endpoints: [ - { - port: 'https-metrics', - scheme: 'https', - interval: '30s', - honorLabels: true, - tlsConfig: { insecureSkipVerify: true }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings, - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/cadvisor', - interval: '30s', - honorLabels: true, - honorTimestamps: false, - tlsConfig: { - insecureSkipVerify: true, - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - metricRelabelings: [ - // Drop a bunch of metrics which are disabled but still sent, see - // https://github.com/google/cadvisor/issues/1925. - { - sourceLabels: ['__name__'], - regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', - action: 'drop', - }, - ], - }, - { - port: 'https-metrics', - scheme: 'https', - path: '/metrics/probes', - interval: '30s', - honorLabels: true, - tlsConfig: { insecureSkipVerify: true }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - relabelings: [{ - sourceLabels: ['__metrics_path__'], - targetLabel: 'metrics_path', - }], - }, - ], - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kubelet' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorKubeControllerManager: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-controller-manager', - namespace: p.config.namespace, - labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - endpoints: [{ - port: 'https-metrics', - interval: '30s', - scheme: 'https', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - tlsConfig: { - insecureSkipVerify: true, - }, - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|request|server).*', - action: 'drop', - }, - ], - }], - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - }, - }, - - serviceMonitorApiserver: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'kube-apiserver', - namespace: p.config.namespace, - labels: { 'app.kubernetes.io/name': 'apiserver' }, - }, - spec: { - jobLabel: 'component', - selector: { - matchLabels: { - component: 'apiserver', - provider: 'kubernetes', - }, - }, - namespaceSelector: { - matchNames: ['default'], - }, - endpoints: [{ - port: 'https', - interval: '30s', - scheme: 'https', - tlsConfig: { - caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', - serverName: 'kubernetes', - }, - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - metricRelabelings: relabelings + [ - { - sourceLabels: ['__name__'], - regex: 'etcd_(debugging|disk|server).*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_controller_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__'], - regex: 'apiserver_admission_step_admission_latencies_seconds_.*', - action: 'drop', - }, - { - sourceLabels: ['__name__', 'le'], - regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)', - action: 'drop', - }, - ], - }], - }, - }, - - serviceMonitorCoreDNS: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'coredns', - namespace: p.config.namespace, - labels: { 'app.kubernetes.io/name': 'coredns' }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, - }, - namespaceSelector: { - matchNames: ['kube-system'], - }, - endpoints: [{ - port: 'metrics', - interval: '15s', - bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', - }], - }, - }, - // Include thanos sidecar Service only if thanos config was passed by user [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceThanosSidecar']: { apiVersion: 'v1', diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index bd2a60b3..aa684c8d 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -1,9 +1,9 @@ local alertmanager = import './components/alertmanager.libsonnet'; local blackboxExporter = import './components/blackbox-exporter.libsonnet'; local grafana = import './components/grafana.libsonnet'; +local kubernetesControlPlane = import './components/k8s-control-plane.libsonnet'; local kubeStateMetrics = import './components/kube-state-metrics.libsonnet'; local customMixin = import './components/mixin/custom.libsonnet'; -local kubernetesMixin = import './components/mixin/kubernetes.libsonnet'; local nodeExporter = import './components/node-exporter.libsonnet'; local prometheusAdapter = import './components/prometheus-adapter.libsonnet'; local prometheusOperator = import './components/prometheus-operator.libsonnet'; @@ -58,7 +58,7 @@ local prometheus = import './components/prometheus.libsonnet'; image: $.values.common.images.grafana, prometheusName: $.values.prometheus.name, // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards - dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesMixin.mixin.grafanaDashboards, + dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesControlPlane.mixin.grafanaDashboards, }, kubeStateMetrics: { namespace: $.values.common.namespace, @@ -96,7 +96,7 @@ local prometheus = import './components/prometheus.libsonnet'; }, mixin+: { ruleLabels: $.values.common.ruleLabels }, }, - kubernetesMixin: { + kubernetesControlPlane: { namespace: $.values.common.namespace, mixin+: { ruleLabels: $.values.common.ruleLabels }, }, @@ -114,7 +114,7 @@ local prometheus = import './components/prometheus.libsonnet'; prometheus: prometheus($.values.prometheus), prometheusAdapter: prometheusAdapter($.values.prometheusAdapter), prometheusOperator: prometheusOperator($.values.prometheusOperator), - kubernetesMixin: kubernetesMixin($.values.kubernetesMixin), + kubernetesControlPlane: kubernetesControlPlane($.values.kubernetesControlPlane), kubePrometheus: customMixin($.values.kubePrometheus) + { namespace: { apiVersion: 'v1', From 57730b757ec526ebeb847f71866e538550a3a450 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Feb 2021 16:36:39 +0100 Subject: [PATCH 152/388] jsonnet/kube-prometheus/platforms: adapt platform addons to use new k8s-control-plane component --- jsonnet/kube-prometheus/platforms/aws.libsonnet | 2 +- jsonnet/kube-prometheus/platforms/bootkube.libsonnet | 2 +- jsonnet/kube-prometheus/platforms/eks.libsonnet | 2 +- jsonnet/kube-prometheus/platforms/gke.libsonnet | 4 ++-- jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet | 2 +- jsonnet/kube-prometheus/platforms/kops.libsonnet | 2 +- jsonnet/kube-prometheus/platforms/kubeadm.libsonnet | 2 +- jsonnet/kube-prometheus/platforms/kubespray.libsonnet | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/jsonnet/kube-prometheus/platforms/aws.libsonnet b/jsonnet/kube-prometheus/platforms/aws.libsonnet index 04d67d00..27a61c2b 100644 --- a/jsonnet/kube-prometheus/platforms/aws.libsonnet +++ b/jsonnet/kube-prometheus/platforms/aws.libsonnet @@ -14,7 +14,7 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', diff --git a/jsonnet/kube-prometheus/platforms/bootkube.libsonnet b/jsonnet/kube-prometheus/platforms/bootkube.libsonnet index 8e73509d..e4651ae9 100644 --- a/jsonnet/kube-prometheus/platforms/bootkube.libsonnet +++ b/jsonnet/kube-prometheus/platforms/bootkube.libsonnet @@ -14,7 +14,7 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+:: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index c72e5c8b..815c1234 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -5,7 +5,7 @@ minimumAvailableIPsTime: '10m', }, }, - prometheus+: { + kubernetesControlPlane+: { serviceMonitorCoreDNS+: { spec+: { endpoints: [ diff --git a/jsonnet/kube-prometheus/platforms/gke.libsonnet b/jsonnet/kube-prometheus/platforms/gke.libsonnet index b8b83c28..973eeffb 100644 --- a/jsonnet/kube-prometheus/platforms/gke.libsonnet +++ b/jsonnet/kube-prometheus/platforms/gke.libsonnet @@ -1,6 +1,6 @@ (import '../addons/managed-cluster.libsonnet') + { - _config+:: { - prometheusAdapter+:: { + values+:: { + prometheusAdapter+: { config+: { resourceRules:: null, }, diff --git a/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet b/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet index 749e937c..b9688173 100644 --- a/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet +++ b/jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet @@ -1,5 +1,5 @@ { - prometheus+:: { + kubernetesControlPlane+: { kubeDnsPrometheusDiscoveryService: { apiVersion: 'v1', kind: 'Service', diff --git a/jsonnet/kube-prometheus/platforms/kops.libsonnet b/jsonnet/kube-prometheus/platforms/kops.libsonnet index 54be338e..914ffb02 100644 --- a/jsonnet/kube-prometheus/platforms/kops.libsonnet +++ b/jsonnet/kube-prometheus/platforms/kops.libsonnet @@ -14,7 +14,7 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+:: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', diff --git a/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet b/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet index 3621c2aa..dec785d9 100644 --- a/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet +++ b/jsonnet/kube-prometheus/platforms/kubeadm.libsonnet @@ -14,7 +14,7 @@ local service(name, namespace, labels, selector, ports) = { }; { - prometheus+: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', diff --git a/jsonnet/kube-prometheus/platforms/kubespray.libsonnet b/jsonnet/kube-prometheus/platforms/kubespray.libsonnet index f34cab67..3b35e8e1 100644 --- a/jsonnet/kube-prometheus/platforms/kubespray.libsonnet +++ b/jsonnet/kube-prometheus/platforms/kubespray.libsonnet @@ -15,7 +15,7 @@ local service(name, namespace, labels, selector, ports) = { { - prometheus+: { + kubernetesControlPlane+: { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', From 5d06e286ca0e7bbe11da1a0a81388d3e6adbfb9f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Feb 2021 16:38:07 +0100 Subject: [PATCH 153/388] examples: adapt examples to use k8s-control-plane component --- example.jsonnet | 2 +- examples/eks-cni-example.jsonnet | 2 +- examples/weave-net-example.jsonnet | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/example.jsonnet b/example.jsonnet index 2568be96..00737df1 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -29,7 +29,7 @@ local kp = { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + -{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } diff --git a/examples/eks-cni-example.jsonnet b/examples/eks-cni-example.jsonnet index 77fa5d0b..c92236fe 100644 --- a/examples/eks-cni-example.jsonnet +++ b/examples/eks-cni-example.jsonnet @@ -5,7 +5,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + namespace: 'monitoring', }, }, - prometheus+: { + kubernetesControlPlane+: { prometheusRuleEksCNI+: { spec+: { groups+: [ diff --git a/examples/weave-net-example.jsonnet b/examples/weave-net-example.jsonnet index a7eca242..eeeb622d 100644 --- a/examples/weave-net-example.jsonnet +++ b/examples/weave-net-example.jsonnet @@ -5,7 +5,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + namespace: 'monitoring', }, }, - prometheus+: { + kubernetesControlPlane+: { prometheusRuleWeaveNet+: { spec+: { groups: std.map( From bf9a917cfa6974848e233fd78bfe06e164227941 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Feb 2021 16:38:19 +0100 Subject: [PATCH 154/388] examples: adapt examples to stop modifying prometheus object when it is not needed --- ...additional-namespaces-servicemonitor.jsonnet | 5 +++-- examples/additional-namespaces.jsonnet | 2 +- examples/alertmanager-config-external.jsonnet | 2 +- examples/etcd.jsonnet | 2 +- examples/kustomize.jsonnet | 2 +- examples/minikube.jsonnet | 6 +++--- ...etheus-additional-alert-rule-example.jsonnet | 17 ++++++++++++----- ...us-additional-recording-rule-example.jsonnet | 17 ++++++++++++----- ...eus-additional-rendered-rule-example.jsonnet | 17 ++++++++++++----- 9 files changed, 46 insertions(+), 24 deletions(-) diff --git a/examples/additional-namespaces-servicemonitor.jsonnet b/examples/additional-namespaces-servicemonitor.jsonnet index 6cfe37db..ec978da7 100644 --- a/examples/additional-namespaces-servicemonitor.jsonnet +++ b/examples/additional-namespaces-servicemonitor.jsonnet @@ -7,7 +7,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespaces+: ['my-namespace', 'my-second-namespace'], }, }, - prometheus+: { + exampleApplication: { serviceMonitorMyNamespace: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', @@ -39,4 +39,5 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } diff --git a/examples/additional-namespaces.jsonnet b/examples/additional-namespaces.jsonnet index 85cae475..45c606a6 100644 --- a/examples/additional-namespaces.jsonnet +++ b/examples/additional-namespaces.jsonnet @@ -4,7 +4,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, - prometheus+:: { + prometheus+: { namespaces+: ['my-namespace', 'my-second-namespace'], }, }, diff --git a/examples/alertmanager-config-external.jsonnet b/examples/alertmanager-config-external.jsonnet index 5d96d23d..49f6b558 100644 --- a/examples/alertmanager-config-external.jsonnet +++ b/examples/alertmanager-config-external.jsonnet @@ -1,5 +1,5 @@ ((import 'kube-prometheus/main.libsonnet') + { - _config+:: { + values+:: { alertmanager+: { config: importstr 'alertmanager-config.yaml', }, diff --git a/examples/etcd.jsonnet b/examples/etcd.jsonnet index e494b6ad..7126ee31 100644 --- a/examples/etcd.jsonnet +++ b/examples/etcd.jsonnet @@ -6,7 +6,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + }, // Reference info: https://github.com/coreos/kube-prometheus/blob/master/README.md#static-etcd-configuration - etcd+:: { + etcd+: { // Configure this to be the IP(s) to scrape - i.e. your etcd node(s) (use commas to separate multiple values). ips: ['127.0.0.1'], diff --git a/examples/kustomize.jsonnet b/examples/kustomize.jsonnet index ab548b05..455b38bd 100644 --- a/examples/kustomize.jsonnet +++ b/examples/kustomize.jsonnet @@ -26,7 +26,7 @@ local manifests = { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + - { ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) }; + { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }; local kustomizationResourceFile(name) = './manifests/' + name + '.yaml'; local kustomization = { diff --git a/examples/minikube.jsonnet b/examples/minikube.jsonnet index dd2f77b4..87b88d69 100644 --- a/examples/minikube.jsonnet +++ b/examples/minikube.jsonnet @@ -8,10 +8,10 @@ local kp = common+: { namespace: 'monitoring', }, - alertmanager+:: { + alertmanager+: { config: importstr 'alertmanager-config.yaml', }, - grafana+:: { + grafana+: { config: { // http://docs.grafana.org/installation/configuration/ sections: { // Do not require grafana users to login/authenticate @@ -40,7 +40,7 @@ local kp = }, }, }, - alertmanager+:: { + alertmanager+: { alertmanager+: { // Reference info: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec spec+: { diff --git a/examples/prometheus-additional-alert-rule-example.jsonnet b/examples/prometheus-additional-alert-rule-example.jsonnet index 63ec2ea7..483b9cb1 100644 --- a/examples/prometheus-additional-alert-rule-example.jsonnet +++ b/examples/prometheus-additional-alert-rule-example.jsonnet @@ -4,10 +4,16 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, }, - prometheus+: { - prometheusRule+: { - spec+: { - groups+: [ + exampleApplication: { + prometheusRuleExample: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + }, + spec: { + groups: [ { name: 'example-group', rules: [ @@ -36,4 +42,5 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } diff --git a/examples/prometheus-additional-recording-rule-example.jsonnet b/examples/prometheus-additional-recording-rule-example.jsonnet index c2abc4d3..5e67b03f 100644 --- a/examples/prometheus-additional-recording-rule-example.jsonnet +++ b/examples/prometheus-additional-recording-rule-example.jsonnet @@ -4,10 +4,16 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, }, - prometheus+: { - prometheusRule+: { - spec+: { - groups+: [ + exampleApplication: { + prometheusRuleExample: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + }, + spec: { + groups: [ { name: 'example-group', rules: [ @@ -30,4 +36,5 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } diff --git a/examples/prometheus-additional-rendered-rule-example.jsonnet b/examples/prometheus-additional-rendered-rule-example.jsonnet index 29676851..66c7937c 100644 --- a/examples/prometheus-additional-rendered-rule-example.jsonnet +++ b/examples/prometheus-additional-rendered-rule-example.jsonnet @@ -4,10 +4,16 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, }, - prometheus+: { - prometheusRule+: { - spec+: { - groups+: (import 'existingrule.json').groups, + exampleApplication: { + prometheusRuleExample: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + }, + spec: { + groups: (import 'existingrule.json').groups, }, }, }, @@ -20,4 +26,5 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } From 66e4a7ba154124aa4b1a2bdccf5ed235dd5e2c23 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Feb 2021 16:38:34 +0100 Subject: [PATCH 155/388] *: regenerate --- README.md | 11 ++-- docs/EKS-cni-support.md | 2 +- ...prometheus-rules-and-grafana-dashboards.md | 53 +++++++++++++------ docs/weave-net-support.md | 2 +- kustomization.yaml | 10 ++-- manifests/kubernetes-prometheusRule.yaml | 3 +- ...> kubernetes-serviceMonitorApiserver.yaml} | 0 ... => kubernetes-serviceMonitorCoreDNS.yaml} | 0 ...-serviceMonitorKubeControllerManager.yaml} | 0 ...bernetes-serviceMonitorKubeScheduler.yaml} | 0 ... => kubernetes-serviceMonitorKubelet.yaml} | 0 11 files changed, 51 insertions(+), 30 deletions(-) rename manifests/{prometheus-serviceMonitorApiserver.yaml => kubernetes-serviceMonitorApiserver.yaml} (100%) rename manifests/{prometheus-serviceMonitorCoreDNS.yaml => kubernetes-serviceMonitorCoreDNS.yaml} (100%) rename manifests/{prometheus-serviceMonitorKubeControllerManager.yaml => kubernetes-serviceMonitorKubeControllerManager.yaml} (100%) rename manifests/{prometheus-serviceMonitorKubeScheduler.yaml => kubernetes-serviceMonitorKubeScheduler.yaml} (100%) rename manifests/{prometheus-serviceMonitorKubelet.yaml => kubernetes-serviceMonitorKubelet.yaml} (100%) diff --git a/README.md b/README.md index dfaea106..592a0d35 100644 --- a/README.md +++ b/README.md @@ -243,7 +243,7 @@ local kp = { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + -{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } @@ -586,7 +586,7 @@ In the above example the configuration has been inlined, but can just as well be [embedmd]:# (examples/alertmanager-config-external.jsonnet) ```jsonnet ((import 'kube-prometheus/main.libsonnet') + { - _config+:: { + values+:: { alertmanager+: { config: importstr 'alertmanager-config.yaml', }, @@ -606,7 +606,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, - prometheus+:: { + prometheus+: { namespaces+: ['my-namespace', 'my-second-namespace'], }, }, @@ -640,7 +640,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespaces+: ['my-namespace', 'my-second-namespace'], }, }, - prometheus+: { + exampleApplication: { serviceMonitorMyNamespace: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', @@ -672,7 +672,8 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } ``` > NOTE: make sure your service resources have the right labels (eg. `'app': 'myapp'`) applied. Prometheus uses kubernetes labels to discover resources inside the namespaces. diff --git a/docs/EKS-cni-support.md b/docs/EKS-cni-support.md index 4cb36bc9..266d5fcb 100644 --- a/docs/EKS-cni-support.md +++ b/docs/EKS-cni-support.md @@ -14,7 +14,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + namespace: 'monitoring', }, }, - prometheus+: { + kubernetesControlPlane+: { prometheusRuleEksCNI+: { spec+: { groups+: [ diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 59447941..814ccf88 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -41,7 +41,7 @@ local kp = { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + -{ ['kubernetes-' + name]: kp.kubernetesMixin[name] for name in std.objectFields(kp.kubernetesMixin) } +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } @@ -65,10 +65,16 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, }, - prometheus+: { - prometheusRule+: { - spec+: { - groups+: [ + exampleApplication: { + prometheusRuleExample: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + }, + spec: { + groups: [ { name: 'example-group', rules: [ @@ -97,7 +103,8 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } ``` ### Recording rules @@ -114,10 +121,16 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, }, - prometheus+: { - prometheusRule+: { - spec+: { - groups+: [ + exampleApplication: { + prometheusRuleExample: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + }, + spec: { + groups: [ { name: 'example-group', rules: [ @@ -140,7 +153,8 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } ``` ### Pre-rendered rules @@ -167,10 +181,16 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { namespace: 'monitoring', }, }, - prometheus+: { - prometheusRule+: { - spec+: { - groups+: (import 'existingrule.json').groups, + exampleApplication: { + prometheusRuleExample: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + }, + spec: { + groups: (import 'existingrule.json').groups, }, }, }, @@ -183,7 +203,8 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } ``` ### Changing default rules diff --git a/docs/weave-net-support.md b/docs/weave-net-support.md index 8766bfc8..e8c2dfce 100644 --- a/docs/weave-net-support.md +++ b/docs/weave-net-support.md @@ -24,7 +24,7 @@ local kp = (import 'kube-prometheus/main.libsonnet') + namespace: 'monitoring', }, }, - prometheus+: { + kubernetesControlPlane+: { prometheusRuleWeaveNet+: { spec+: { groups: std.map( diff --git a/kustomization.yaml b/kustomization.yaml index 2ebd021b..8cc44572 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -30,6 +30,11 @@ resources: - ./manifests/kube-state-metrics-serviceAccount.yaml - ./manifests/kube-state-metrics-serviceMonitor.yaml - ./manifests/kubernetes-prometheusRule.yaml +- ./manifests/kubernetes-serviceMonitorApiserver.yaml +- ./manifests/kubernetes-serviceMonitorCoreDNS.yaml +- ./manifests/kubernetes-serviceMonitorKubeControllerManager.yaml +- ./manifests/kubernetes-serviceMonitorKubeScheduler.yaml +- ./manifests/kubernetes-serviceMonitorKubelet.yaml - ./manifests/node-exporter-clusterRole.yaml - ./manifests/node-exporter-clusterRoleBinding.yaml - ./manifests/node-exporter-daemonset.yaml @@ -62,11 +67,6 @@ resources: - ./manifests/prometheus-service.yaml - ./manifests/prometheus-serviceAccount.yaml - ./manifests/prometheus-serviceMonitor.yaml -- ./manifests/prometheus-serviceMonitorApiserver.yaml -- ./manifests/prometheus-serviceMonitorCoreDNS.yaml -- ./manifests/prometheus-serviceMonitorKubeControllerManager.yaml -- ./manifests/prometheus-serviceMonitorKubeScheduler.yaml -- ./manifests/prometheus-serviceMonitorKubelet.yaml - ./manifests/setup/0namespace-namespace.yaml - ./manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml - ./manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index d3ee9527..4dc01f2f 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -2,12 +2,11 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: labels: - app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-prometheus app.kubernetes.io/part-of: kube-prometheus prometheus: k8s role: alert-rules - name: kubernetes-rules + name: kubernetes-monitoring-rules namespace: monitoring spec: groups: diff --git a/manifests/prometheus-serviceMonitorApiserver.yaml b/manifests/kubernetes-serviceMonitorApiserver.yaml similarity index 100% rename from manifests/prometheus-serviceMonitorApiserver.yaml rename to manifests/kubernetes-serviceMonitorApiserver.yaml diff --git a/manifests/prometheus-serviceMonitorCoreDNS.yaml b/manifests/kubernetes-serviceMonitorCoreDNS.yaml similarity index 100% rename from manifests/prometheus-serviceMonitorCoreDNS.yaml rename to manifests/kubernetes-serviceMonitorCoreDNS.yaml diff --git a/manifests/prometheus-serviceMonitorKubeControllerManager.yaml b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml similarity index 100% rename from manifests/prometheus-serviceMonitorKubeControllerManager.yaml rename to manifests/kubernetes-serviceMonitorKubeControllerManager.yaml diff --git a/manifests/prometheus-serviceMonitorKubeScheduler.yaml b/manifests/kubernetes-serviceMonitorKubeScheduler.yaml similarity index 100% rename from manifests/prometheus-serviceMonitorKubeScheduler.yaml rename to manifests/kubernetes-serviceMonitorKubeScheduler.yaml diff --git a/manifests/prometheus-serviceMonitorKubelet.yaml b/manifests/kubernetes-serviceMonitorKubelet.yaml similarity index 100% rename from manifests/prometheus-serviceMonitorKubelet.yaml rename to manifests/kubernetes-serviceMonitorKubelet.yaml From 32bfeea94f231c071afbe4f42ef3ed3a421e8dea Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Mon, 22 Feb 2021 16:23:02 -0800 Subject: [PATCH 156/388] addons/anti-affinity: Support soft/hard podAntiAffinity and topologyKey --- .../addons/anti-affinity.libsonnet | 81 ++++++++++++++----- 1 file changed, 59 insertions(+), 22 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index 3f55d268..56ea5303 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -1,38 +1,69 @@ { - local antiaffinity(key, values, namespace) = { - affinity: { - podAntiAffinity: { - preferredDuringSchedulingIgnoredDuringExecution: [ - { - weight: 100, - podAffinityTerm: { - namespaces: [namespace], - topologyKey: 'kubernetes.io/hostname', - labelSelector: { - matchExpressions: [{ - key: key, - operator: 'In', - values: values, - }], - }, - }, - }, - ], + values+:: { + alertmanager+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + prometheus+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + blackboxExporter+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, + }, + + local antiaffinity(key, values, namespace, type, topologyKey) = { + local podAffinityTerm = { + namespaces: [namespace], + topologyKey: topologyKey, + labelSelector: { + matchExpressions: [{ + key: key, + operator: 'In', + values: values, + }], }, }, + + affinity: { + podAntiAffinity: if type == 'soft' then { + preferredDuringSchedulingIgnoredDuringExecution: [{ + weight: 100, + podAffinityTerm: podAffinityTerm, + }], + } else if type == 'hard' then { + requiredDuringSchedulingIgnoredDuringExecution: [ + podAffinityTerm, + ], + } else error 'podAntiAffinity must be either "soft" or "hard"', + }, }, alertmanager+: { alertmanager+: { spec+: - antiaffinity('alertmanager', [$.values.alertmanager.name], $.values.common.namespace), + antiaffinity( + 'alertmanager', + [$.values.alertmanager.name], + $.values.common.namespace, + $.values.alertmanager.podAntiAffinity, + $.values.alertmanager.podAntiAffinityTopologyKey, + ), }, }, prometheus+: { prometheus+: { spec+: - antiaffinity('prometheus', [$.values.prometheus.name], $.values.common.namespace), + antiaffinity( + 'prometheus', + [$.values.prometheus.name], + $.values.common.namespace, + $.values.prometheus.podAntiAffinity, + $.values.prometheus.podAntiAffinityTopologyKey, + ), }, }, @@ -41,7 +72,13 @@ spec+: { template+: { spec+: - antiaffinity('app.kubernetes.io/name', ['blackbox-exporter'], $.values.common.namespace), + antiaffinity( + 'app.kubernetes.io/name', + ['blackbox-exporter'], + $.values.common.namespace, + $.values.blackboxExporter.podAntiAffinity, + $.values.blackboxExporter.podAntiAffinityTopologyKey, + ), }, }, }, From 7c95f88a2b1fd7f7f2be4807a4fa34a1339be690 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 12 Feb 2021 15:08:58 +0100 Subject: [PATCH 157/388] jsonnet: increase default CPU values for main krp sidecar in ksm Signed-off-by: paulfantom --- .../kube-prometheus/components/kube-state-metrics.libsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index fa1bfd59..5fc37c0f 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -89,6 +89,10 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- ports: [ { name: 'https-main', containerPort: 8443 }, ], + resources+: { + limits+: { cpu: '40m' }, + requests+: { cpu: '20m' }, + }, }), local kubeRbacProxySelf = krp({ From 390f2d72dbc3588b21f0a1c07a4fe03765f45554 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 23 Feb 2021 09:36:35 +0100 Subject: [PATCH 158/388] manifests: regenerate --- manifests/kube-state-metrics-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 8c36bc62..98ee556c 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -50,10 +50,10 @@ spec: name: https-main resources: limits: - cpu: 20m + cpu: 40m memory: 40Mi requests: - cpu: 10m + cpu: 20m memory: 20Mi securityContext: runAsGroup: 65532 From c0a136a4c7679675536b001814291bac7d82361f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 23 Feb 2021 12:05:33 +0100 Subject: [PATCH 159/388] jsonnet: bump KSM to 1.9.8 and use multi-arch images --- jsonnet/kube-prometheus/main.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index aa684c8d..70775716 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -22,7 +22,7 @@ local prometheus = import './components/prometheus.libsonnet'; alertmanager: '0.21.0', blackboxExporter: '0.18.0', grafana: '7.3.7', - kubeStateMetrics: '1.9.7', + kubeStateMetrics: '1.9.8', nodeExporter: '1.1.0', prometheus: '2.24.0', prometheusAdapter: '0.8.3', @@ -32,7 +32,7 @@ local prometheus = import './components/prometheus.libsonnet'; alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, blackboxExporter: 'quay.io/prometheus/blackbox-exporter:v' + $.values.common.versions.blackboxExporter, grafana: 'grafana/grafana:v' + $.values.common.versions.grafana, - kubeStateMetrics: 'quay.io/coreos/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, + kubeStateMetrics: 'k8s.gcr.io/kube-state-metrics/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, nodeExporter: 'quay.io/prometheus/node-exporter:v' + $.values.common.versions.nodeExporter, prometheus: 'quay.io/prometheus/prometheus:v' + $.values.common.versions.prometheus, prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, From c229d9d34c135afbd309cf73ebf1d8cc28c8b923 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 23 Feb 2021 12:09:07 +0100 Subject: [PATCH 160/388] manifests: regenerate --- manifests/kube-state-metrics-clusterRole.yaml | 2 +- manifests/kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 6 +++--- manifests/kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- manifests/kube-state-metrics-serviceAccount.yaml | 2 +- manifests/kube-state-metrics-serviceMonitor.yaml | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index 0f0502d2..0de2af47 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 name: kube-state-metrics rules: - apiGroups: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index f8e8ad8e..cd4f9652 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 98ee556c..d87af742 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 name: kube-state-metrics namespace: monitoring spec: @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 spec: containers: - args: @@ -29,7 +29,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: quay.io/coreos/kube-state-metrics:v1.9.7 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v1.9.8 name: kube-state-metrics resources: limits: diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 28c9ec05..549eb6cf 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index 28abe2b6..0183585e 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index b1ffdc70..a9887f00 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index 85b30116..804dea6e 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.7 + app.kubernetes.io/version: 1.9.8 name: kube-state-metrics namespace: monitoring spec: From c88d18c9d2344f556d56973580a18be02b24f22d Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 23 Feb 2021 14:01:18 +0100 Subject: [PATCH 161/388] *: allow automatic updates of installed components Signed-off-by: paulfantom --- .github/workflows/versions.yml | 15 +++++++++++++++ jsonnet/kube-prometheus/main.libsonnet | 19 ++++++++++--------- jsonnet/kube-prometheus/versions.json | 9 +++++++++ scripts/generate-versions.sh | 25 +++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/versions.yml create mode 100644 jsonnet/kube-prometheus/versions.json create mode 100755 scripts/generate-versions.sh diff --git a/.github/workflows/versions.yml b/.github/workflows/versions.yml new file mode 100644 index 00000000..57dbdb3f --- /dev/null +++ b/.github/workflows/versions.yml @@ -0,0 +1,15 @@ +name: Pull request labeler +on: + schedule: + - cron: '18 8 * * *' +jobs: + labeler: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + - uses: romoh/dependencies-autoupdate@v1.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + update-command: './scripts/generate-versions.sh > jsonnet/kube-prometheus/versions.json' + on-changes-command: 'make --always-make generate' diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 70775716..f288159d 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -18,16 +18,17 @@ local prometheus = import './components/prometheus.libsonnet'; role: 'alert-rules', prometheus: $.values.prometheus.name, }, + // to allow automatic upgrades of components, we store versions in autogenerated `versions.json` file and import it here versions: { - alertmanager: '0.21.0', - blackboxExporter: '0.18.0', - grafana: '7.3.7', - kubeStateMetrics: '1.9.8', - nodeExporter: '1.1.0', - prometheus: '2.24.0', - prometheusAdapter: '0.8.3', - prometheusOperator: '0.45.0', - }, + alertmanager: error 'must provide version', + blackboxExporter: error 'must provide version', + grafana: error 'must provide version', + kubeStateMetrics: '1.9.8', // FIXME(paulfantom): needs https://github.com/kubernetes/kube-state-metrics/issues/1392 + nodeExporter: error 'must provide version', + prometheus: error 'must provide version', + prometheusAdapter: error 'must provide version', + prometheusOperator: error 'must provide version', + } + (import 'versions.json'), images: { alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, blackboxExporter: 'quay.io/prometheus/blackbox-exporter:v' + $.values.common.versions.blackboxExporter, diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json new file mode 100644 index 00000000..cbfa4254 --- /dev/null +++ b/jsonnet/kube-prometheus/versions.json @@ -0,0 +1,9 @@ +{ + "alertmanager": "0.21.0", + "blackboxExporter": "0.18.0", + "grafana": "7.3.7", + "nodeExporter": "1.1.0", + "prometheus": "2.24.0", + "prometheusAdapter": "0.8.3", + "prometheusOperator": "0.45.0" +} diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh new file mode 100755 index 00000000..8505f6d8 --- /dev/null +++ b/scripts/generate-versions.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +get_latest_version() { + curl --retry 5 --silent -H "Authorization: token $token" "https://api.github.com/repos/${1}/releases/latest" | jq '.tag_name' | tr -d '"v' +} + +# token can be passed as `GITHUB_TOKEN` or `token` variable +token=${token:-${GITHUB_TOKEN}} + +if [ -z "$token" ]; then + echo "GITHUB_TOKEN not set. Exiting" + exit 1 +fi + +cat <<-EOF +{ + "alertmanager": "$(get_latest_version "prometheus/alertmanager")" + "blackboxExporter": "$(get_latest_version "prometheus/blackbox_exporter")", + "grafana": "$(get_latest_version "grafana/grafana")", + "nodeExporter": "$(get_latest_version "prometheus/node_exporter")", + "prometheus": "$(get_latest_version "prometheus/prometheus")", + "prometheusAdapter": "$(get_latest_version "kubernetes-sigs/prometheus-adapter")", + "prometheusOperator": "$(get_latest_version "prometheus-operator/prometheus-operator")" +} +EOF From 6acc4f65694936a33ae68c165b1c062486c86d89 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 24 Feb 2021 08:56:06 +0100 Subject: [PATCH 162/388] docs: migration guide Signed-off-by: paulfantom --- .../workflows/{versions.yml => versions.yaml} | 3 +- README.md | 6 +- docs/migration-guide.md | 82 +++++++++++++++++++ 3 files changed, 87 insertions(+), 4 deletions(-) rename .github/workflows/{versions.yml => versions.yaml} (93%) create mode 100644 docs/migration-guide.md diff --git a/.github/workflows/versions.yml b/.github/workflows/versions.yaml similarity index 93% rename from .github/workflows/versions.yml rename to .github/workflows/versions.yaml index 57dbdb3f..fa0def96 100644 --- a/.github/workflows/versions.yml +++ b/.github/workflows/versions.yaml @@ -1,4 +1,5 @@ -name: Pull request labeler +name: Sync component versions + on: schedule: - cron: '18 8 * * *' diff --git a/README.md b/README.md index 592a0d35..04175604 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ This stack is meant for cluster monitoring, so it is pre-configured to collect m ## Warning -`master` branch is under heavy refactoring work. Please use `release-0.7` branch until code refactoring is complete and this information is removed. +If you are migrating from `release-0.7` branch or earlier please read [what changed and how to migrate in our guide](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/migration-guide.md). ## Table of contents @@ -825,7 +825,7 @@ resources. One driver for more resource needs, is a high number of namespaces. There may be others. kube-state-metrics resource allocation is managed by -[addon-resizer](https://github.com/kubernetes/autoscaler/tree/master/addon-resizer/nanny) +[addon-resizer](https://github.com/kubernetes/autoscaler/tree/main/addon-resizer/nanny) You can control it's parameters by setting variables in the config. They default to: @@ -853,4 +853,4 @@ the following process: ## License -Apache License 2.0, see [LICENSE](https://github.com/prometheus-operator/kube-prometheus/blob/master/LICENSE). +Apache License 2.0, see [LICENSE](https://github.com/prometheus-operator/kube-prometheus/blob/main/LICENSE). diff --git a/docs/migration-guide.md b/docs/migration-guide.md new file mode 100644 index 00000000..c12d4108 --- /dev/null +++ b/docs/migration-guide.md @@ -0,0 +1,82 @@ +# Migration guide from release-0.7 and earlier + +## Why? + +Thanks to our community we identified a lot of short-commings of previous design, varying from issues with global state to UX problems. Hoping to fix at least part of those issues we decided to do a complete refactor of the codebase. + +## Overview + +### Breaking Changes + +- global `_config` object is removed and the new `values` object is a partial replacement +- `imageRepos` field was removed and the project no longer tries to compose image strings. Use `$.values.common.images` to override default images. +- prometheus alerting and recording rules are split into multiple `PrometheusRule` objects +- kubernetes control plane ServiceMonitors and Services are now part of the new `kubernetesControlPlane` top-level object instead of `prometheus` object +- `jsonnet/kube-prometheus/kube-prometheus.libsonnet` file was renamed to `jsonnet/kube-prometheus/main.libsonnet` and slimmed down to bare minimum +- `jsonnet/kube-prometheus/kube-prometheus*-.libsonnet` files were move either to `jsonnet/kube-prometheus/addons/` or `jsonnet/kube-prometheus/platforms/` depending on the feature they provided +- all component libraries are now function- and not object-based +- monitoring-mixins are included inside each component and not globally. `prometheusRules`, `prometheusAlerts`, and `grafanaDashboards` are accessible only per component via `mixin` object (ex. `$.alertmanager.mixin.prometheusAlerts`) +- default repository branch changed from `master` to `main` + +### New Features + +- concept of `addons`, `components`, and `platforms` was introduced +- all main `components` are now represented internally by a function with default values and required parameters (see #Component-configuration for more information) +- `$.values` holds main configuration parameters and should be used to set basic stack configuration. +- common parameters across all `components` are stored now in `$.values.common` +- removed dependency on deprecated ksonnet library + +## Details + +### Components, Addons, Platforms + +Those concepts were already present in the repository but it wasn't clear which file is holding what. After refactoring we categorized jsonnet code into 3 buckets and put them into separate directories: +- `components` - main building blocks for kube-prometheus, written as functions responsible for creating multiple objects representing kubernetes manifests. For example all objects for node_exporter deployment are bundled in `components/node_exporter.libsonnet` library +- `addons` - everything that can enhance kube-prometheus deployment. Those are small snippets of code adding a small feature, for example adding anti-affinity to pods via [`addons/anti-affinity.libsonnet`][antiaffinity]. Addons are meant to be used in object-oriented way like `local kp = (import 'kube-prometheus/main.libsonnet') + (import 'kube-prometheus/addons/all-namespaces.libsonnet')` +- `platforms` - currently those are `addons` specialized to allow deploying kube-prometheus project on a specific platform. + +### Component configuration + +Refactoring main components to use functions allowed us to define APIs for said components. Each function has a default set of parameters that can be overridden or that are required to be set by a user. Those default parameters are represented in each component by `defaults` map at the top of each library file, for example in [`node_exporter.libsonnet`][node_exporter_defaults_example]. + +This API is meant to ease the use of kube-prometheus as parameters can be passed from a JSON file and don't need to be in jsonnet format. However, if you need to modify particular parts of the stack, jsonnet allows you to do this and we are also not restricting such access in any way. An example of such modifications can be seen in any of our `addons`, like the [`addons/anti-affinity.libsonnet`][antiaffinity] one. + +### Mixin integration + +Previously kube-prometheus project joined all mixins on a global level. However with a wider adoption of monitoring mixins this turned out to be a problem, especially apparent when two mixins started to use the same configuration field for different purposes. To fix this we moved all mixins into their own respective components: +- alertmanager mixin -> `alertmanager.libsonnet` +- kubernetes mixin -> `k8s-control-plane.libsonnet` +- kube-state-metrics mixin -> `kube-state-metrics.libsonnet` +- node_exporter mixin -> `node_exporter.libsonnet` +- prometheus and thanos sidecar mixins -> `prometheus.libsonnet` +- prometheus-operator mixin -> `prometheus-operator.libsonnet` +- kube-prometheus alerts and rules -> `components/mixin/custom.libsonnet` + +> etcd mixin is a special case as we add it inside an `addon` in `addons/static-etcd.libsonnet` + +This results in creating multiple `PrometheusRule` objects instead of having one giant object as before. It also means each mixin is configured separately and accessing mixin objects is done via `$..mixin`. + +## Examples + +All examples from `examples/` directory were adapted to the new codebase. [Please take a look at them for guideance](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples) + +## Advanced usage examples + +For more advanced usage examples you can take a look at those two, open to public, implementations: +- [thaum-xyz/ankhmorpork][thaum] - extending kube-prometheus to adapt to a required environment +- [openshift/cluster-monitoring-operator][openshift] - using kube-prometheus components as standalone libraries to build a custom solution + +## Final note + +Refactoring was a huge undertaking and possibly this document didn't describe in enough detail how to help you with migration to the new stack. If that is the case, please reach out to us by using [GitHub discussions][discussions] feature or directly on [#prometheus-operator kubernetes slack channel][slack]. + + +[antiaffinity]: https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet + +[node_exporter_defaults_example]: https://github.com/prometheus-operator/kube-prometheus/blob/1d2a0e275af97948667777739a18b24464480dc8/jsonnet/kube-prometheus/components/node-exporter.libsonnet#L3-L34 + +[openshift]: https://github.com/openshift/cluster-monitoring-operator/pull/1044 +[thaum]: https://github.com/thaum-xyz/ankhmorpork/blob/master/apps/monitoring/jsonnet + +[discussions]: https://github.com/prometheus-operator/kube-prometheus/discussions +[slack]: http://slack.k8s.io/ From ebef4e02ef7ccbbf0ce26e64f462ca4f5aedaa54 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 25 Feb 2021 15:41:56 +0100 Subject: [PATCH 163/388] fix version updating CI job --- .github/workflows/versions.yaml | 7 ++++--- scripts/generate-versions.sh | 15 +++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index fa0def96..4c001371 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -3,8 +3,9 @@ name: Sync component versions on: schedule: - cron: '18 8 * * *' + jobs: - labeler: + versions: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -12,5 +13,5 @@ jobs: - uses: romoh/dependencies-autoupdate@v1.1 with: token: ${{ secrets.GITHUB_TOKEN }} - update-command: './scripts/generate-versions.sh > jsonnet/kube-prometheus/versions.json' - on-changes-command: 'make --always-make generate' + update-command: "'scripts/generate-versions.sh $token > jsonnet/kube-prometheus/versions.json'" + on-changes-command: "'make --always-make generate'" diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh index 8505f6d8..4db472a1 100755 --- a/scripts/generate-versions.sh +++ b/scripts/generate-versions.sh @@ -1,20 +1,23 @@ #!/bin/bash +set -euo pipefail + get_latest_version() { - curl --retry 5 --silent -H "Authorization: token $token" "https://api.github.com/repos/${1}/releases/latest" | jq '.tag_name' | tr -d '"v' + echo >&2 "Checking release version for ${1}" + curl --retry 5 --silent --fail -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/${1}/releases/latest" | jq '.tag_name' | tr -d '"v' } -# token can be passed as `GITHUB_TOKEN` or `token` variable -token=${token:-${GITHUB_TOKEN}} +# token can be passed as `GITHUB_TOKEN` variable or passed as first argument +GITHUB_TOKEN=${GITHUB_TOKEN:-${1}} -if [ -z "$token" ]; then - echo "GITHUB_TOKEN not set. Exiting" +if [ -z "$GITHUB_TOKEN" ]; then + echo >&2 "GITHUB_TOKEN not set. Exiting" exit 1 fi cat <<-EOF { - "alertmanager": "$(get_latest_version "prometheus/alertmanager")" + "alertmanager": "$(get_latest_version "prometheus/alertmanager")", "blackboxExporter": "$(get_latest_version "prometheus/blackbox_exporter")", "grafana": "$(get_latest_version "grafana/grafana")", "nodeExporter": "$(get_latest_version "prometheus/node_exporter")", From 23c8d865f59c907e06b6ad28659674dda006cb6b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 25 Feb 2021 18:50:09 +0100 Subject: [PATCH 164/388] jsonnet/alertmanager: add default alertmanager resource requirements Co-authored-by: Latch M --- jsonnet/kube-prometheus/components/alertmanager.libsonnet | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 5e992176..64f670e2 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -3,7 +3,10 @@ local defaults = { namespace: error 'must provide namespace', image: error 'must provide image', version: error 'must provide version', - resources: {}, + resources: { + limits: { cpu: '100m', memory: '100Mi' }, + requests: { cpu: '4m', memory: '100Mi' }, + }, commonLabels:: { 'app.kubernetes.io/name': 'alertmanager', 'app.kubernetes.io/version': defaults.version, From d7531691761d4eae77a62233084110f3946990e1 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 25 Feb 2021 18:52:31 +0100 Subject: [PATCH 165/388] manifests: regenerate --- manifests/alertmanager-alertmanager.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml index 351b7a0c..f4c02a74 100644 --- a/manifests/alertmanager-alertmanager.yaml +++ b/manifests/alertmanager-alertmanager.yaml @@ -20,7 +20,13 @@ spec: app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 0.21.0 replicas: 3 - resources: {} + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 4m + memory: 100Mi securityContext: fsGroup: 2000 runAsNonRoot: true From d9ac51aed0b500089eb6788ae6b5010a6d135ac1 Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Tue, 2 Feb 2021 12:14:05 -0800 Subject: [PATCH 166/388] Windows addon Signed-off-by: James Sturtevant --- docs/windows.md | 21 +++++++ examples/windows.jsonnet | 33 +++++++++++ .../kube-prometheus/addons/windows.libsonnet | 58 +++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 docs/windows.md create mode 100644 examples/windows.jsonnet create mode 100644 jsonnet/kube-prometheus/addons/windows.libsonnet diff --git a/docs/windows.md b/docs/windows.md new file mode 100644 index 00000000..b0ca2277 --- /dev/null +++ b/docs/windows.md @@ -0,0 +1,21 @@ +# Windows + +The [Windows addon](../examples/windows.jsonnet) adds the dashboards and rules from [kubernetes-monitoring/kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin#dashboards-for-windows-nodes). + +Currently, Windows does not support running with [windows_exporter](https://github.com/prometheus-community/windows_exporter) in a pod so this add on uses [additional scrap configuration](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/additional-scrape-config.md) to set up a static configs to scrape the node ports where windows_exporter is configured. + +The addon requires you to specify the node ips and ports where it can find the windows_exporter. See the [full example](../examples/windows.jsonnet) for setup. + +``` +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/windows.libsonnet') + + { + values+:: { + windowsScrapeConfig+:: { + static_configs: { + targets: ["10.240.0.65:5000", "10.240.0.63:5000"], + }, + }, + }, + }; +``` diff --git a/examples/windows.jsonnet b/examples/windows.jsonnet new file mode 100644 index 00000000..0c9ff36f --- /dev/null +++ b/examples/windows.jsonnet @@ -0,0 +1,33 @@ +local kp = + (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/windows.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + windowsScrapeConfig+:: { + static_configs: { + targets: ['10.240.0.65:5000', '10.240.0.63:5000'], + }, + }, + }, + }; + +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } diff --git a/jsonnet/kube-prometheus/addons/windows.libsonnet b/jsonnet/kube-prometheus/addons/windows.libsonnet new file mode 100644 index 00000000..04d2f6f4 --- /dev/null +++ b/jsonnet/kube-prometheus/addons/windows.libsonnet @@ -0,0 +1,58 @@ +local windowsdashboards = import 'kubernetes-mixin/dashboards/windows.libsonnet'; +local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; + +{ + values+:: { + windowsScrapeConfig+:: { + job_name: 'windows-exporter', + static_configs: [ + { + targets: [error 'must provide targets array'], + }, + ], + }, + + grafana+:: { + dashboards+:: windowsdashboards { + _config: $.kubernetesControlPlane.mixin._config { + wmiExporterSelector: 'job="' + $.values.windowsScrapeConfig.job_name + '"', + }, + }.grafanaDashboards, + }, + }, + kubernetesControlPlane+: { + mixin+:: { + prometheusRules+:: { + groups+: windowsrules { + _config: $.kubernetesControlPlane.mixin._config { + wmiExporterSelector: 'job="' + $.values.windowsScrapeConfig.job_name + '"', + }, + }.prometheusRules.groups, + }, + }, + }, + prometheus+: { + local p = self, + local sc = [$.values.windowsScrapeConfig], + prometheus+: { + spec+: { + additionalScrapeConfigs: { + name: 'prometheus-' + p.config.name + '-additional-scrape-config', + key: 'prometheus-additional.yaml', + }, + }, + + }, + windowsConfig: { + apiVersion: 'v1', + kind: 'Secret', + metadata: { + name: 'prometheus-' + p.config.name + '-additional-scrape-config', + namespace: p.config.namespace, + }, + stringData: { + 'prometheus-additional.yaml': std.manifestYamlDoc(sc), + }, + }, + }, +} From 9c38152dbbccfa4702ef67558f2ea471e3ec93eb Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 1 Mar 2021 11:20:21 +0100 Subject: [PATCH 167/388] .github/workflows: do not persist credentials --- .github/workflows/versions.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 4c001371..d3fd816b 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -9,6 +9,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - uses: actions/setup-go@v2 - uses: romoh/dependencies-autoupdate@v1.1 with: From f7f817a79e9e32b2033f78c1d40cdf1d4b83b5a4 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 1 Mar 2021 13:26:46 +0100 Subject: [PATCH 168/388] jsonnet/alertmanager: better name for prometheus-rule object --- jsonnet/kube-prometheus/components/alertmanager.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 5e992176..27f4ff1b 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -82,7 +82,7 @@ function(params) { kind: 'PrometheusRule', metadata: { labels: am.config.commonLabels + am.config.mixin.ruleLabels, - name: am.config.name + '-rules', + name: 'alertmanager-' + am.config.name + '-rules', namespace: am.config.namespace, }, spec: { From e13ec2e44845906dc56744f9ea7f1458fcce1632 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 1 Mar 2021 13:27:17 +0100 Subject: [PATCH 169/388] manifests: regenerate --- manifests/alertmanager-prometheusRule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index 1fa9c223..52799d3c 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/version: 0.21.0 prometheus: k8s role: alert-rules - name: main-rules + name: alertmanager-main-rules namespace: monitoring spec: groups: From f8c92f042891a734e9da230f49152af73408fbc6 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 2 Mar 2021 13:57:37 +0100 Subject: [PATCH 170/388] .github: do not persist credentials on checkout --- .github/workflows/ci.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a98a9ed9..8f95eb96 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,6 +16,8 @@ jobs: name: Generate steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - uses: actions/setup-go@v2 with: go-version: ${{ env.golang-version }} @@ -25,18 +27,24 @@ jobs: name: Jsonnet linter steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - run: make --always-make lint fmt: runs-on: ubuntu-latest name: Jsonnet formatter steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - run: make --always-make fmt && git diff --exit-code unit-tests: runs-on: ubuntu-latest name: Unit tests steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - run: make --always-make test e2e-tests: name: E2E tests @@ -48,6 +56,8 @@ jobs: - 'kindest/node:v1.20.0' steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - name: Start KinD uses: engineerd/setup-kind@v0.5.0 with: From 654283a0483dc7ee876b0f89a9960474a1d18bd1 Mon Sep 17 00:00:00 2001 From: s-urbaniak Date: Wed, 3 Mar 2021 08:38:39 +0000 Subject: [PATCH 171/388] Auto-updated dependencies --- jsonnet/kube-prometheus/versions.json | 8 ++-- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 +++++++++---------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- manifests/node-exporter-clusterRole.yaml | 2 +- .../node-exporter-clusterRoleBinding.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 6 +-- manifests/node-exporter-prometheusRule.yaml | 2 +- manifests/node-exporter-service.yaml | 2 +- manifests/node-exporter-serviceAccount.yaml | 2 +- manifests/node-exporter-serviceMonitor.yaml | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- .../prometheus-operator-prometheusRule.yaml | 2 +- .../prometheus-operator-serviceMonitor.yaml | 4 +- manifests/prometheus-prometheus.yaml | 8 ++-- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- ...metheus-roleBindingSpecificNamespaces.yaml | 6 +-- manifests/prometheus-roleConfig.yaml | 2 +- .../prometheus-roleSpecificNamespaces.yaml | 6 +-- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 8 ++-- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 32 files changed, 73 insertions(+), 73 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index cbfa4254..71b77d08 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,9 +1,9 @@ { "alertmanager": "0.21.0", "blackboxExporter": "0.18.0", - "grafana": "7.3.7", - "nodeExporter": "1.1.0", - "prometheus": "2.24.0", + "grafana": "7.4.3", + "nodeExporter": "1.1.1", + "prometheus": "2.25.0", "prometheusAdapter": "0.8.3", - "prometheusOperator": "0.45.0" + "prometheusOperator": "0.46.0" } diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index c8b74e86..9cc89841 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 98c46e7f..56e92f0b 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -1733,7 +1733,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -3604,7 +3604,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -4744,7 +4744,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -7315,7 +7315,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -9590,7 +9590,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -10557,7 +10557,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -12318,7 +12318,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -14341,7 +14341,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -16525,7 +16525,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -19047,7 +19047,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -20500,7 +20500,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -22225,7 +22225,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -23178,7 +23178,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -24158,7 +24158,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -25144,7 +25144,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -25710,7 +25710,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -26927,7 +26927,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -28586,7 +28586,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -29802,7 +29802,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -31022,7 +31022,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -32085,7 +32085,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -33002,7 +33002,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-statefulset namespace: monitoring - apiVersion: v1 @@ -34429,7 +34429,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 4cbedc78..9c5ce06b 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 4094d70b..7443ed5e 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: b559161af8b85c237ef0432d8431a19a + checksum/grafana-datasources: 42a69d2dee9d1a6d6331226efedb56a6 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 spec: containers: - env: [] - image: grafana/grafana:7.3.7 + image: grafana/grafana:7.4.3 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 7dba3e25..003cdad9 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index e34ee23b..090ff4f8 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.3.7 + app.kubernetes.io/version: 7.4.3 name: grafana namespace: monitoring spec: diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index f974d3b5..38fa0770 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index 1ed4f3c7..26754d62 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index d8ef09ab..146cb487 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 name: node-exporter namespace: monitoring spec: @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 spec: containers: - args: @@ -32,7 +32,7 @@ spec: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*)$ - --collector.netdev.device-exclude=^(veth.*)$ - image: quay.io/prometheus/node-exporter:v1.1.0 + image: quay.io/prometheus/node-exporter:v1.1.1 name: node-exporter resources: limits: diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 1967f788..142dc9a6 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 prometheus: k8s role: alert-rules name: node-exporter-rules diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index 528d6208..15634261 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 name: node-exporter namespace: monitoring spec: diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index 6613b4ee..446bf8b5 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 name: node-exporter namespace: monitoring diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index 3fdcf4ef..c5096105 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.0 + app.kubernetes.io/version: 1.1.1 name: node-exporter namespace: monitoring spec: diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index 3ba90def..d11d4344 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index edb32698..92b449a5 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index c1f85086..24a877d2 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 prometheus: k8s role: alert-rules name: prometheus-operator-rules diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 8cf19eec..3ad1e304 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index f1f8ef2f..6d9449da 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 prometheus: k8s name: k8s namespace: monitoring @@ -16,7 +16,7 @@ spec: name: alertmanager-main namespace: monitoring port: web - image: quay.io/prometheus/prometheus:v2.24.0 + image: quay.io/prometheus/prometheus:v2.25.0 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -24,7 +24,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -44,4 +44,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.24.0 + version: 2.25.0 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 7329eab4..5e66c3a4 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index f0a88d7d..719538b9 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index d4d922cb..78b387f5 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index 2a749463..e1bd1715 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index a11ce701..1bc40041 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: default rules: @@ -36,7 +36,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: kube-system rules: @@ -65,7 +65,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 7ae91474..799ac53f 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index 283b0821..d82e617f 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index 1d91cbc2..3440a5c9 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.24.0 + app.kubernetes.io/version: 2.25.0 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index 2821c35d..ef18e645 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 9c5b8dfa..821e55b1 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index c423a57a..41c02268 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 name: prometheus-operator namespace: monitoring spec: @@ -21,13 +21,13 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0 - image: quay.io/prometheus-operator/prometheus-operator:v0.45.0 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.46.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.46.0 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index 0a667c83..792cc6e5 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 7b8cd289..ecb7cce9 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.45.0 + app.kubernetes.io/version: 0.46.0 name: prometheus-operator namespace: monitoring From 6961da9b903630de9bdc8d5160de6746ebf7c4e5 Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Wed, 3 Mar 2021 08:13:36 -0800 Subject: [PATCH 172/388] Update docs/windows.md Co-authored-by: Andrew Purdin <44270026+andrewpurdin@users.noreply.github.com> --- docs/windows.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/windows.md b/docs/windows.md index b0ca2277..dcdc2be9 100644 --- a/docs/windows.md +++ b/docs/windows.md @@ -2,7 +2,8 @@ The [Windows addon](../examples/windows.jsonnet) adds the dashboards and rules from [kubernetes-monitoring/kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin#dashboards-for-windows-nodes). -Currently, Windows does not support running with [windows_exporter](https://github.com/prometheus-community/windows_exporter) in a pod so this add on uses [additional scrap configuration](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/additional-scrape-config.md) to set up a static configs to scrape the node ports where windows_exporter is configured. +Currently, Windows does not support running with [windows_exporter](https://github.com/prometheus-community/windows_exporter) in a pod so this add on uses [additional scrape configuration](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/additional-scrape-config.md) to set up a static config to scrape the node ports where windows_exporter is configured. + The addon requires you to specify the node ips and ports where it can find the windows_exporter. See the [full example](../examples/windows.jsonnet) for setup. From 16c05d16e25723b8c741bf34fd997ae872377702 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 5 Mar 2021 10:36:58 +0100 Subject: [PATCH 173/388] jsonnet,scripts: better version updater --- jsonnet/kube-prometheus/versions.json | 1 + scripts/generate-versions.sh | 42 ++++++++++++++++++++++----- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 71b77d08..db5f2a94 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -2,6 +2,7 @@ "alertmanager": "0.21.0", "blackboxExporter": "0.18.0", "grafana": "7.4.3", + "kubeStateMetrics": "1.9.8", "nodeExporter": "1.1.1", "prometheus": "2.25.0", "prometheusAdapter": "0.8.3", diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh index 4db472a1..3eb01bae 100755 --- a/scripts/generate-versions.sh +++ b/scripts/generate-versions.sh @@ -2,11 +2,38 @@ set -euo pipefail +# Get component version from GitHub API get_latest_version() { echo >&2 "Checking release version for ${1}" curl --retry 5 --silent --fail -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/${1}/releases/latest" | jq '.tag_name' | tr -d '"v' } +# Get component version from version file +get_current_version() { + echo >&2 "Reading currently used version of ${1}" + jq -r ".${1}" "$VERSION_FILE" +} + +# Get version from online source and filter out unstable releases. In case of unstable release use what is set in version file +get_version() { + component="${1}" + v="$(get_latest_version "${component}")" + + # Advanced AI heurestics to filter out common patterns suggesting new version is not stable /s + if [[ "$v" == *"alpha"* ]] || [[ "$v" == *"beta"* ]] || [[ "$v" == *"rc"* ]] || [[ "$v" == *"helm"* ]]; then + component="$(convert_to_camel_case "$(echo "${component}" | sed 's/^.*\///')")" + v="$(get_current_version "${component}")" + fi + echo "$v" +} + +convert_to_camel_case() { + echo "${1}" | sed -E 's/[ _-]([a-z])/\U\1/gi;s/^([A-Z])/\l\1/' +} + +# File is used to read current versions +VERSION_FILE="jsonnet/kube-prometheus/versions.json" + # token can be passed as `GITHUB_TOKEN` variable or passed as first argument GITHUB_TOKEN=${GITHUB_TOKEN:-${1}} @@ -17,12 +44,13 @@ fi cat <<-EOF { - "alertmanager": "$(get_latest_version "prometheus/alertmanager")", - "blackboxExporter": "$(get_latest_version "prometheus/blackbox_exporter")", - "grafana": "$(get_latest_version "grafana/grafana")", - "nodeExporter": "$(get_latest_version "prometheus/node_exporter")", - "prometheus": "$(get_latest_version "prometheus/prometheus")", - "prometheusAdapter": "$(get_latest_version "kubernetes-sigs/prometheus-adapter")", - "prometheusOperator": "$(get_latest_version "prometheus-operator/prometheus-operator")" + "alertmanager": "$(get_version "prometheus/alertmanager")", + "blackboxExporter": "$(get_version "prometheus/blackbox_exporter")", + "grafana": "$(get_version "grafana/grafana")", + "kubeStateMetrics": "$(get_version "kubernetes/kube-state-metrics")", + "nodeExporter": "$(get_version "prometheus/node_exporter")", + "prometheus": "$(get_version "prometheus/prometheus")", + "prometheusAdapter": "$(get_version "kubernetes-sigs/prometheus-adapter")", + "prometheusOperator": "$(get_version "prometheus-operator/prometheus-operator")" } EOF From e586afb280d4bf4d6207d37072cc7b88e10d5ae9 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 5 Mar 2021 12:54:03 +0000 Subject: [PATCH 174/388] Add runbook_url annotation to all alerts Signed-off-by: ArthurSens --- .../components/alertmanager.libsonnet | 8 +++++--- .../components/kube-state-metrics.libsonnet | 8 +++++--- .../components/node-exporter.libsonnet | 8 +++++--- .../components/prometheus-operator.libsonnet | 8 +++++--- .../components/prometheus.libsonnet | 4 +++- manifests/alertmanager-prometheusRule.yaml | 8 ++++++++ manifests/kube-state-metrics-prometheusRule.yaml | 2 ++ manifests/node-exporter-prometheusRule.yaml | 16 ++++++++++++++++ .../prometheus-operator-prometheusRule.yaml | 7 +++++++ manifests/prometheus-prometheusRule.yaml | 16 ++++++++++++++++ 10 files changed, 72 insertions(+), 13 deletions(-) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 27f4ff1b..95b79800 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -61,6 +61,7 @@ local defaults = { alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', alertmanagerClusterLabels: 'namespace,service', alertmanagerSelector: 'job="alertmanager-' + defaults.name + '",namespace="' + defaults.namespace + '"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', }, }, }; @@ -73,9 +74,10 @@ function(params) { assert std.isObject(am.config.resources), assert std.isObject(am.config.mixin._config), - mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') { - _config+:: am.config.mixin._config, - }, + mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: am.config.mixin._config, + }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 5fc37c0f..b4520a0c 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -28,6 +28,7 @@ local defaults = { ruleLabels: {}, _config: { kubeStateMetricsSelector: 'job="' + defaults.name + '"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', }, }, }; @@ -46,9 +47,10 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- commonLabels:: ksm.config.commonLabels, podLabels:: ksm.config.selectorLabels, - mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') { - _config+:: ksm.config.mixin._config, - }, + mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: ksm.config.mixin._config, + }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 10b89dc9..c5c8b971 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -29,6 +29,7 @@ local defaults = { nodeExporterSelector: 'job="' + defaults.name + '"', fsSpaceFillingUpCriticalThreshold: 15, diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', }, }, }; @@ -41,9 +42,10 @@ function(params) { assert std.isObject(ne.config.resources), assert std.isObject(ne.config.mixin._config), - mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') { - _config+:: ne.config.mixin._config, - }, + mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: ne.config.mixin._config, + }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index 96f263d9..75bed255 100644 --- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -30,6 +30,7 @@ local defaults = { }, _config: { prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + defaults.namespace + '"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', }, }, }; @@ -41,9 +42,10 @@ function(params) prometheusOperator(config) { local po = self, - mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') { - _config+:: config.mixin._config, - }, + mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: config.mixin._config, + }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 9bbefd47..097243a0 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -34,6 +34,7 @@ local defaults = { prometheusSelector: 'job="prometheus-' + defaults.name + '",namespace="' + defaults.namespace + '"', prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', thanosSelector: 'job="thanos-sidecar"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', }, }, thanos: {}, @@ -47,7 +48,8 @@ function(params) { assert std.isObject(p.config.resources), assert std.isObject(p.config.mixin._config), - mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + ( + mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') + ( if p.config.thanos != {} then (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { sidecar: { diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index 52799d3c..ac8855a4 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -17,6 +17,7 @@ spec: - alert: AlertmanagerFailedReload annotations: description: Configuration has failed to load for {{ $labels.namespace }}/{{ $labels.pod}}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedreload summary: Reloading an Alertmanager configuration has failed. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -28,6 +29,7 @@ spec: - alert: AlertmanagerMembersInconsistent annotations: description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only found {{ $value }} members of the {{$labels.job}} cluster. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagermembersinconsistent summary: A member of an Alertmanager cluster has not found all other cluster members. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -41,6 +43,7 @@ spec: - alert: AlertmanagerFailedToSendAlerts annotations: description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedtosendalerts summary: An Alertmanager instance failed to send notifications. expr: | ( @@ -55,6 +58,7 @@ spec: - alert: AlertmanagerClusterFailedToSendAlerts annotations: description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration. expr: | min by (namespace,service, integration) ( @@ -69,6 +73,7 @@ spec: - alert: AlertmanagerClusterFailedToSendAlerts annotations: description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration. expr: | min by (namespace,service, integration) ( @@ -83,6 +88,7 @@ spec: - alert: AlertmanagerConfigInconsistent annotations: description: Alertmanager instances within the {{$labels.job}} cluster have different configurations. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerconfiginconsistent summary: Alertmanager instances within the same cluster have different configurations. expr: | count by (namespace,service) ( @@ -95,6 +101,7 @@ spec: - alert: AlertmanagerClusterDown annotations: description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have been up for less than half of the last 5m.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterdown summary: Half or more of the Alertmanager instances within the same cluster are down. expr: | ( @@ -113,6 +120,7 @@ spec: - alert: AlertmanagerClusterCrashlooping annotations: description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have restarted at least 5 times in the last 10m.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclustercrashlooping summary: Half or more of the Alertmanager instances within the same cluster are crashlooping. expr: | ( diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 549eb6cf..0f887466 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -17,6 +17,7 @@ spec: - alert: KubeStateMetricsListErrors annotations: description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors summary: kube-state-metrics is experiencing errors in list operations. expr: | (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) @@ -29,6 +30,7 @@ spec: - alert: KubeStateMetricsWatchErrors annotations: description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors summary: kube-state-metrics is experiencing errors in watch operations. expr: | (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 142dc9a6..0b5e60b8 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -17,6 +17,7 @@ spec: - alert: NodeFilesystemSpaceFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 24 hours. expr: | ( @@ -32,6 +33,7 @@ spec: - alert: NodeFilesystemSpaceFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 4 hours. expr: | ( @@ -47,6 +49,7 @@ spec: - alert: NodeFilesystemAlmostOutOfSpace annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 5% space left. expr: | ( @@ -60,6 +63,7 @@ spec: - alert: NodeFilesystemAlmostOutOfSpace annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace summary: Filesystem has less than 3% space left. expr: | ( @@ -73,6 +77,7 @@ spec: - alert: NodeFilesystemFilesFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 24 hours. expr: | ( @@ -88,6 +93,7 @@ spec: - alert: NodeFilesystemFilesFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 4 hours. expr: | ( @@ -103,6 +109,7 @@ spec: - alert: NodeFilesystemAlmostOutOfFiles annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 5% inodes left. expr: | ( @@ -116,6 +123,7 @@ spec: - alert: NodeFilesystemAlmostOutOfFiles annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles summary: Filesystem has less than 3% inodes left. expr: | ( @@ -129,6 +137,7 @@ spec: - alert: NodeNetworkReceiveErrs annotations: description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs summary: Network interface is reporting many receive errors. expr: | rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 @@ -138,6 +147,7 @@ spec: - alert: NodeNetworkTransmitErrs annotations: description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs summary: Network interface is reporting many transmit errors. expr: | rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 @@ -147,6 +157,7 @@ spec: - alert: NodeHighNumberConntrackEntriesUsed annotations: description: '{{ $value | humanizePercentage }} of conntrack entries are used.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodehighnumberconntrackentriesused summary: Number of conntrack are getting close to the limit. expr: | (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 @@ -155,6 +166,7 @@ spec: - alert: NodeTextFileCollectorScrapeError annotations: description: Node Exporter text file collector failed to scrape. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodetextfilecollectorscrapeerror summary: Node Exporter text file collector failed to scrape. expr: | node_textfile_scrape_error{job="node-exporter"} == 1 @@ -163,6 +175,7 @@ spec: - alert: NodeClockSkewDetected annotations: message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected summary: Clock skew detected. expr: | ( @@ -182,6 +195,7 @@ spec: - alert: NodeClockNotSynchronising annotations: message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising summary: Clock not synchronising. expr: | min_over_time(node_timex_sync_status[5m]) == 0 @@ -193,6 +207,7 @@ spec: - alert: NodeRAIDDegraded annotations: description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded summary: RAID Array is degraded expr: | node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 @@ -202,6 +217,7 @@ spec: - alert: NodeRAIDDiskFailure annotations: description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure summary: Failed device in RAID array expr: | node_md_disks{state="fail"} > 0 diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index 24a877d2..1db20307 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -17,6 +17,7 @@ spec: - alert: PrometheusOperatorListErrors annotations: description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors summary: Errors while performing list operations in controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 @@ -26,6 +27,7 @@ spec: - alert: PrometheusOperatorWatchErrors annotations: description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors summary: Errors while performing watch operations in controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 @@ -35,6 +37,7 @@ spec: - alert: PrometheusOperatorSyncFailed annotations: description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed summary: Last controller reconciliation failed expr: | min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 @@ -44,6 +47,7 @@ spec: - alert: PrometheusOperatorReconcileErrors annotations: description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors summary: Errors while reconciling controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="monitoring"}[5m]))) > 0.1 @@ -53,6 +57,7 @@ spec: - alert: PrometheusOperatorNodeLookupErrors annotations: description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors summary: Errors while reconciling Prometheus. expr: | rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]) > 0.1 @@ -62,6 +67,7 @@ spec: - alert: PrometheusOperatorNotReady annotations: description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready summary: Prometheus operator not ready expr: | min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="monitoring"}[5m]) == 0) @@ -71,6 +77,7 @@ spec: - alert: PrometheusOperatorRejectedResources annotations: description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources summary: Resources rejected by Prometheus operator expr: | min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 5e66c3a4..b668863f 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -17,6 +17,7 @@ spec: - alert: PrometheusBadConfig annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to reload its configuration. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusbadconfig summary: Failed Prometheus configuration reload. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -28,6 +29,7 @@ spec: - alert: PrometheusNotificationQueueRunningFull annotations: description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotificationqueuerunningfull summary: Prometheus alert notification queue predicted to run full in less than 30m. expr: | # Without min_over_time, failed scrapes could create false negatives, see @@ -43,6 +45,7 @@ spec: - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers annotations: description: '{{ printf "%.1f" $value }}% errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuserrorsendingalertstosomealertmanagers summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. expr: | ( @@ -58,6 +61,7 @@ spec: - alert: PrometheusNotConnectedToAlertmanagers annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotconnectedtoalertmanagers summary: Prometheus is not connected to any Alertmanagers. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -69,6 +73,7 @@ spec: - alert: PrometheusTSDBReloadsFailing annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} reload failures over the last 3h. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustsdbreloadsfailing summary: Prometheus has issues reloading blocks from disk. expr: | increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -78,6 +83,7 @@ spec: - alert: PrometheusTSDBCompactionsFailing annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} compaction failures over the last 3h. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustsdbcompactionsfailing summary: Prometheus has issues compacting blocks. expr: | increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -87,6 +93,7 @@ spec: - alert: PrometheusNotIngestingSamples annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotingestingsamples summary: Prometheus is not ingesting samples. expr: | ( @@ -104,6 +111,7 @@ spec: - alert: PrometheusDuplicateTimestamps annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with different values but duplicated timestamp. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusduplicatetimestamps summary: Prometheus is dropping samples with duplicate timestamps. expr: | rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -113,6 +121,7 @@ spec: - alert: PrometheusOutOfOrderTimestamps annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoutofordertimestamps summary: Prometheus drops samples with out-of-order timestamps. expr: | rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -122,6 +131,7 @@ spec: - alert: PrometheusRemoteStorageFailures annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ $labels.url }} + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotestoragefailures summary: Prometheus fails to send samples to remote storage. expr: | ( @@ -141,6 +151,7 @@ spec: - alert: PrometheusRemoteWriteBehind annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotewritebehind summary: Prometheus remote write is behind. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -157,6 +168,7 @@ spec: - alert: PrometheusRemoteWriteDesiredShards annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write desired shards calculation wants to run {{ $value }} shards for queue {{ $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` $labels.instance | query | first | value }}. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotewritedesiredshards summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -172,6 +184,7 @@ spec: - alert: PrometheusRuleFailures annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to evaluate {{ printf "%.0f" $value }} rules in the last 5m. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusrulefailures summary: Prometheus is failing rule evaluations. expr: | increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -181,6 +194,7 @@ spec: - alert: PrometheusMissingRuleEvaluations annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ printf "%.0f" $value }} rule group evaluations in the last 5m. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusmissingruleevaluations summary: Prometheus is missing rule evaluations due to slow rule group evaluation. expr: | increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -190,6 +204,7 @@ spec: - alert: PrometheusTargetLimitHit annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because the number of targets exceeded the configured target_limit. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustargetlimithit summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. expr: | increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -199,6 +214,7 @@ spec: - alert: PrometheusErrorSendingAlertsToAnyAlertmanager annotations: description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuserrorsendingalertstoanyalertmanager summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. expr: | min without (alertmanager) ( From bb2971e87467200e7f490290984e1436bb098131 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 5 Mar 2021 14:07:01 +0000 Subject: [PATCH 175/388] Add runbook_url annotation for custom mixins Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/components/mixin/custom.libsonnet | 8 +++++--- manifests/kube-prometheus-prometheusRule.yaml | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet index 13c36332..d4f3d9d2 100644 --- a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet @@ -11,6 +11,7 @@ local defaults = { _config: { nodeExporterSelector: 'job="node-exporter"', hostNetworkInterfaceSelector: 'device!~"veth.+"', + runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', }, }, }; @@ -21,9 +22,10 @@ function(params) { local alertsandrules = (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet'), - mixin:: alertsandrules { - _config+:: m.config.mixin._config, - }, + mixin:: alertsandrules + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + _config+:: m.config.mixin._config, + }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml index bb2cf6df..530dc0cd 100644 --- a/manifests/kube-prometheus-prometheusRule.yaml +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -16,6 +16,7 @@ spec: - alert: TargetDown annotations: message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/targetdown expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 for: 10m labels: @@ -28,6 +29,7 @@ spec: and always fire against a receiver. There are integrations with various notification mechanisms that send a notification when this alert is not firing. For example the "DeadMansSnitch" integration in PagerDuty. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/watchdog expr: vector(1) labels: severity: none @@ -36,6 +38,7 @@ spec: - alert: NodeNetworkInterfaceFlapping annotations: message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkinterfaceflapping expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 for: 2m From e3db1c174e8f383d5e6884c9183faa4eca6ce19f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 10 Mar 2021 10:49:16 +0100 Subject: [PATCH 176/388] scripts: fail if version generator cannot retrieve currently used version --- scripts/generate-versions.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh index 3eb01bae..5ae8d30b 100755 --- a/scripts/generate-versions.sh +++ b/scripts/generate-versions.sh @@ -11,7 +11,12 @@ get_latest_version() { # Get component version from version file get_current_version() { echo >&2 "Reading currently used version of ${1}" - jq -r ".${1}" "$VERSION_FILE" + v=$(jq -r ".${1}" "$VERSION_FILE") + if [ "${v}" == "" ]; then + echo >&2 "Couldn't read version of ${1} from $VERSION_FILE" + exit 1 + fi + echo "$v" } # Get version from online source and filter out unstable releases. In case of unstable release use what is set in version file From 8834c2d5e0119e584388ce53218fd059a889a71a Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 10 Mar 2021 10:58:52 +0100 Subject: [PATCH 177/388] .github: disable version updater Signed-off-by: paulfantom --- .github/workflows/versions.yaml | 19 ------------------- scripts/generate-versions.sh | 2 +- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 .github/workflows/versions.yaml diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml deleted file mode 100644 index d3fd816b..00000000 --- a/.github/workflows/versions.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: Sync component versions - -on: - schedule: - - cron: '18 8 * * *' - -jobs: - versions: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-go@v2 - - uses: romoh/dependencies-autoupdate@v1.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - update-command: "'scripts/generate-versions.sh $token > jsonnet/kube-prometheus/versions.json'" - on-changes-command: "'make --always-make generate'" diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh index 5ae8d30b..2daa38bb 100755 --- a/scripts/generate-versions.sh +++ b/scripts/generate-versions.sh @@ -37,7 +37,7 @@ convert_to_camel_case() { } # File is used to read current versions -VERSION_FILE="jsonnet/kube-prometheus/versions.json" +VERSION_FILE="$(pwd)/jsonnet/kube-prometheus/versions.json" # token can be passed as `GITHUB_TOKEN` variable or passed as first argument GITHUB_TOKEN=${GITHUB_TOKEN:-${1}} From 816c73acc6c5176ec3f5a0792b470b40f071373b Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 10 Mar 2021 10:59:59 +0100 Subject: [PATCH 178/388] examples: cleanup thanos-sidecar addon imports Signed-off-by: Damien Grisonnet --- README.md | 1 - docs/developing-prometheus-rules-and-grafana-dashboards.md | 1 - example.jsonnet | 1 - examples/prometheus-pvc.jsonnet | 1 - 4 files changed, 4 deletions(-) diff --git a/README.md b/README.md index 04175604..e82137ce 100644 --- a/README.md +++ b/README.md @@ -219,7 +219,6 @@ local kp = // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + // (import 'kube-prometheus/addons/node-ports.libsonnet') + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + - // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + // (import 'kube-prometheus/addons/external-metrics.libsonnet') + { diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 814ccf88..4b300115 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -17,7 +17,6 @@ local kp = // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + // (import 'kube-prometheus/addons/node-ports.libsonnet') + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + - // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + // (import 'kube-prometheus/addons/external-metrics.libsonnet') + { diff --git a/example.jsonnet b/example.jsonnet index 00737df1..b181d647 100644 --- a/example.jsonnet +++ b/example.jsonnet @@ -5,7 +5,6 @@ local kp = // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + // (import 'kube-prometheus/addons/node-ports.libsonnet') + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + - // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + // (import 'kube-prometheus/addons/external-metrics.libsonnet') + { diff --git a/examples/prometheus-pvc.jsonnet b/examples/prometheus-pvc.jsonnet index ee0f5c24..5beffd84 100644 --- a/examples/prometheus-pvc.jsonnet +++ b/examples/prometheus-pvc.jsonnet @@ -5,7 +5,6 @@ local kp = // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + // (import 'kube-prometheus/addons/node-ports.libsonnet') + // (import 'kube-prometheus/addons/static-etcd.libsonnet') + - // (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') + { values+:: { common+: { From 9f6c7d7654bdb2bed63daf923b5ae9f7dc457081 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 10 Mar 2021 11:47:57 +0100 Subject: [PATCH 179/388] examples/thanos-sidecar: fix image url Signed-off-by: Damien Grisonnet --- examples/thanos-sidecar.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/thanos-sidecar.jsonnet b/examples/thanos-sidecar.jsonnet index 24a0d5ce..8949a1b1 100644 --- a/examples/thanos-sidecar.jsonnet +++ b/examples/thanos-sidecar.jsonnet @@ -8,7 +8,7 @@ local kp = prometheus+: { thanos: { version: '0.17.2', - image: 'quay.io/thanos-io/thanos:v0.17.2', + image: 'quay.io/thanos/thanos:v0.17.2', objectStorageConfig: { key: 'thanos.yaml', // How the file inside the secret is called name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config From b40fe984b3282eba35111ffe6d6fd932ff216db0 Mon Sep 17 00:00:00 2001 From: Lennart Jern Date: Fri, 12 Mar 2021 07:53:45 +0200 Subject: [PATCH 180/388] Update README defaults and config --- README.md | 121 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 74 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 04175604..984a028d 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ Though for a quickstart a compiled version of the Kubernetes [manifests](manifes * Create the monitoring stack using the config in the `manifests` directory: ```shell -# Create the namespace and CRDs, and then wait for them to be availble before creating the remaining resources +# Create the namespace and CRDs, and then wait for them to be available before creating the remaining resources kubectl create -f manifests/setup until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done kubectl create -f manifests/ @@ -287,7 +287,7 @@ The previous steps (compilation) has created a bunch of manifest files in the ma Now simply use `kubectl` to install Prometheus and Grafana as per your configuration: ```shell -# Update the namespace and CRDs, and then wait for them to be availble before creating the remaining resources +# Update the namespace and CRDs, and then wait for them to be available before creating the remaining resources $ kubectl apply -f manifests/setup $ kubectl apply -f manifests/ ``` @@ -332,71 +332,98 @@ Jsonnet has the concept of hidden fields. These are fields, that are not going t These are the available fields with their respective default values: ``` { - _config+:: { - namespace: "default", - - versions+:: { - alertmanager: "v0.17.0", - nodeExporter: "v0.18.1", - kubeStateMetrics: "v1.5.0", - kubeRbacProxy: "v0.4.1", - prometheusOperator: "v0.30.0", - prometheus: "v2.10.0", + values:: { + common: { + namespace: 'default', + ruleLabels: { + role: 'alert-rules', + prometheus: $.values.prometheus.name, + }, + // to allow automatic upgrades of components, we store versions in autogenerated `versions.json` file and import it here + versions: { + alertmanager: error 'must provide version', + blackboxExporter: error 'must provide version', + grafana: error 'must provide version', + kubeStateMetrics: '1.9.8', + nodeExporter: error 'must provide version', + prometheus: error 'must provide version', + prometheusAdapter: error 'must provide version', + prometheusOperator: error 'must provide version', + } + (import 'versions.json'), + images: { + alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, + blackboxExporter: 'quay.io/prometheus/blackbox-exporter:v' + $.values.common.versions.blackboxExporter, + grafana: 'grafana/grafana:v' + $.values.common.versions.grafana, + kubeStateMetrics: 'k8s.gcr.io/kube-state-metrics/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, + nodeExporter: 'quay.io/prometheus/node-exporter:v' + $.values.common.versions.nodeExporter, + prometheus: 'quay.io/prometheus/prometheus:v' + $.values.common.versions.prometheus, + prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, + prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, + prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, + }, }, - - imageRepos+:: { - prometheus: "quay.io/prometheus/prometheus", - alertmanager: "quay.io/prometheus/alertmanager", - kubeStateMetrics: "quay.io/coreos/kube-state-metrics", - kubeRbacProxy: "quay.io/brancz/kube-rbac-proxy", - nodeExporter: "quay.io/prometheus/node-exporter", - prometheusOperator: "quay.io/prometheus-operator/prometheus-operator", - }, - - prometheus+:: { - names: 'k8s', - replicas: 2, - rules: {}, - }, - - alertmanager+:: { + alertmanager: { name: 'main', config: ||| global: resolve_timeout: 5m + inhibit_rules: + - source_match: + severity: critical + target_match_re: + severity: warning|info + equal: ['namespace', 'alertname'] + - source_match: + severity: warning + target_match_re: + severity: info + equal: ['namespace', 'alertname'] route: - group_by: ['job'] + group_by: ['namespace'] group_wait: 30s group_interval: 5m repeat_interval: 12h - receiver: 'null' + receiver: 'Default' routes: - match: alertname: Watchdog - receiver: 'null' + receiver: Watchdog + - match: + severity: critical + receiver: Critical receivers: - - name: 'null' + - name: Default + - name: Watchdog + - name: Critical |||, - replicas: 3, + replicas: 3 }, - - kubeStateMetrics+:: { - collectors: '', // empty string gets a default set + kubeStateMetrics: { + resources: { + requests: { cpu: '10m', memory: '190Mi' }, + limits: { cpu: '100m', memory: '250Mi' }, + }, scrapeInterval: '30s', scrapeTimeout: '30s', - - baseCPU: '100m', - baseMemory: '150Mi', }, - - nodeExporter+:: { + nodeExporter: { + listenAddress: '127.0.0.1', port: 9100, + resources: { + requests: { cpu: '102m', memory: '180Mi' }, + limits: { cpu: '250m', memory: '180Mi' }, + }, }, - }, + prometheus: { + name: 'k8s', + replicas: 2, + resources: { memory: '400Mi' } + }, + } } ``` -The grafana definition is located in a different project (https://github.com/brancz/kubernetes-grafana), but needed configuration can be customized from the same top level `_config` field. For example to allow anonymous access to grafana, add the following `_config` section: +The grafana definition is located in a different project (https://github.com/brancz/kubernetes-grafana), but needed configuration can be customized from the same top level `values` field. For example to allow anonymous access to grafana, add the following `values` section: ``` grafana+:: { config: { // http://docs.grafana.org/installation/configuration/ @@ -553,7 +580,7 @@ Standard Kubernetes manifests are all written using [ksonnet-lib](https://github ### Alertmanager configuration -The Alertmanager configuration is located in the `_config.alertmanager.config` configuration field. In order to set a custom Alertmanager configuration simply set this field. +The Alertmanager configuration is located in the `values.alertmanager.config` configuration field. In order to set a custom Alertmanager configuration simply set this field. [embedmd]:# (examples/alertmanager-config.jsonnet) ```jsonnet @@ -596,7 +623,7 @@ In the above example the configuration has been inlined, but can just as well be ### Adding additional namespaces to monitor -In order to monitor additional namespaces, the Prometheus server requires the appropriate `Role` and `RoleBinding` to be able to discover targets from that namespace. By default the Prometheus server is limited to the three namespaces it requires: default, kube-system and the namespace you configure the stack to run in via `$._config.namespace`. This is specified in `$._config.prometheus.namespaces`, to add new namespaces to monitor, simply append the additional namespaces: +In order to monitor additional namespaces, the Prometheus server requires the appropriate `Role` and `RoleBinding` to be able to discover targets from that namespace. By default the Prometheus server is limited to the three namespaces it requires: default, kube-system and the namespace you configure the stack to run in via `$.values.namespace`. This is specified in `$.values.prometheus.namespaces`, to add new namespaces to monitor, simply append the additional namespaces: [embedmd]:# (examples/additional-namespaces.jsonnet) ```jsonnet @@ -764,7 +791,7 @@ See [exposing Prometheus/Alertmanager/Grafana](docs/exposing-prometheus-alertman local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + // ... all necessary mixins ... { - _config+:: { + values+:: { // ... configuration for other features ... blackboxExporter+:: { modules+:: { From f5ed97771c6c600b2508e18b1663ed25fb7c2b0a Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Fri, 12 Mar 2021 15:25:03 +0100 Subject: [PATCH 181/388] docs/migration-guide.md: Add label changes warning --- docs/migration-guide.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/migration-guide.md b/docs/migration-guide.md index c12d4108..f01434cf 100644 --- a/docs/migration-guide.md +++ b/docs/migration-guide.md @@ -17,6 +17,7 @@ Thanks to our community we identified a lot of short-commings of previous design - all component libraries are now function- and not object-based - monitoring-mixins are included inside each component and not globally. `prometheusRules`, `prometheusAlerts`, and `grafanaDashboards` are accessible only per component via `mixin` object (ex. `$.alertmanager.mixin.prometheusAlerts`) - default repository branch changed from `master` to `main` +- labels on resources have changes, `kubectl apply` will not work correctly due to those field being immutable. Deleting the resource first before applying is a workaround if you are using the kubectl CLI. (This only applies to `Deployments` and `DaemonSets`.) ### New Features From 5f06f0da5e06e70784d8cdbaca59ee9b28b3cce6 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 12 Mar 2021 17:55:40 +0000 Subject: [PATCH 182/388] managed-cluster addon to not fully override prometheus object, only what's necessary Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/addons/managed-cluster.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet index 5b37c56e..f9032abd 100644 --- a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet +++ b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -27,7 +27,7 @@ // Same as above but for ServiceMonitor's local p = super.prometheus, - prometheus: { + prometheus+: { [q]: p[q] for q in std.objectFields(p) if !std.setMember(q, ['serviceMonitorKubeControllerManager', 'serviceMonitorKubeScheduler']) From 24d9633998e79b5521c47def190315f65bd4bdf1 Mon Sep 17 00:00:00 2001 From: Adin Hodovic Date: Mon, 15 Mar 2021 14:23:38 +0100 Subject: [PATCH 183/388] Fix managed Cluster addon --- .../addons/managed-cluster.libsonnet | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet index f9032abd..14d008d9 100644 --- a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet +++ b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -11,10 +11,17 @@ for k in std.objectFields(j) if !std.setMember(k, ['KubeControllerManager', 'KubeScheduler']) }, + }, - // Skip alerting rules too - prometheus+: { - rules+:: { + local k = super.kubernetesControlPlane, + + kubernetesControlPlane+: { + [q]: null + for q in std.objectFields(k) + if std.setMember(q, ['serviceMonitorKubeControllerManager', 'serviceMonitorKubeScheduler']) + } + { + prometheusRule+: { + spec+: { local g = super.groups, groups: [ h @@ -24,12 +31,4 @@ }, }, }, - - // Same as above but for ServiceMonitor's - local p = super.prometheus, - prometheus+: { - [q]: p[q] - for q in std.objectFields(p) - if !std.setMember(q, ['serviceMonitorKubeControllerManager', 'serviceMonitorKubeScheduler']) - }, } From 10f710bb5868de1e9f8113c07e6268bad6e4fe54 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 15 Mar 2021 14:38:48 +0100 Subject: [PATCH 184/388] jsonnet: pick kube-state-metrics version from versions.json file --- jsonnet/kube-prometheus/main.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index f288159d..462f9aef 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -23,7 +23,7 @@ local prometheus = import './components/prometheus.libsonnet'; alertmanager: error 'must provide version', blackboxExporter: error 'must provide version', grafana: error 'must provide version', - kubeStateMetrics: '1.9.8', // FIXME(paulfantom): needs https://github.com/kubernetes/kube-state-metrics/issues/1392 + kubeStateMetrics: error 'must provide version', nodeExporter: error 'must provide version', prometheus: error 'must provide version', prometheusAdapter: error 'must provide version', From db2f6f1acc39fdcadb71c4c305651d7b9983be35 Mon Sep 17 00:00:00 2001 From: Adin Hodovic Date: Mon, 15 Mar 2021 15:05:03 +0100 Subject: [PATCH 185/388] jsonnet/addons: Cleanup managed cluster addon --- .../kube-prometheus/addons/managed-cluster.libsonnet | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet index 14d008d9..f936375c 100644 --- a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet +++ b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -2,17 +2,6 @@ // Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'main.libsonnet' defaults { - values+:: { - // This snippet walks the original object (super.jobs, set as temp var j) and creates a replacement jobs object - // excluding any members of the set specified (eg: controller and scheduler). - local j = super.jobs, - jobs: { - [k]: j[k] - for k in std.objectFields(j) - if !std.setMember(k, ['KubeControllerManager', 'KubeScheduler']) - }, - }, - local k = super.kubernetesControlPlane, kubernetesControlPlane+: { From 9d327cb328a2b676c97aad12f46e8a3221af01d8 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 15 Mar 2021 16:33:18 +0100 Subject: [PATCH 186/388] jsonnet: add PDB to alertmanager and prometheus pods --- .../components/alertmanager.libsonnet | 18 ++++++++++++++++++ .../components/prometheus.libsonnet | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 8dd14ba4..aca1a866 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -165,6 +165,24 @@ function(params) { }, }, + podDisruptionBudget: { + apiVersion: 'policy/v1beta1', + kind: 'PodDisruptionBudget', + metadata: { + name: 'alertmanager-' + am.config.name, + namespace: am.config.namespace, + labels: am.config.commonLabels, + }, + spec: { + maxUnavailable: 1, + selector: { + matchLabels: { + alertmanager: am.config.name, + } + am.config.selectorLabels, + }, + }, + }, + alertmanager: { apiVersion: 'monitoring.coreos.com/v1', kind: 'Alertmanager', diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 097243a0..1a82b3e6 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -236,6 +236,24 @@ function(params) { items: [newSpecificRole(x) for x in p.config.namespaces], }, + podDisruptionBudget: { + apiVersion: 'policy/v1beta1', + kind: 'PodDisruptionBudget', + metadata: { + name: 'prometheus-' + p.config.name, + namespace: p.config.namespace, + labels: p.config.commonLabels, + }, + spec: { + minAvailable: 1, + selector: { + matchLabels: { + prometheus: p.config.name, + } + p.config.selectorLabels, + }, + }, + }, + prometheus: { apiVersion: 'monitoring.coreos.com/v1', kind: 'Prometheus', From 9268851d8b7f207e7cd4c56bed01776850cd0883 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 15 Mar 2021 16:34:29 +0100 Subject: [PATCH 187/388] *: regenerate --- kustomization.yaml | 2 ++ .../alertmanager-podDisruptionBudget.yaml | 18 ++++++++++++++++++ manifests/prometheus-podDisruptionBudget.yaml | 18 ++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 manifests/alertmanager-podDisruptionBudget.yaml create mode 100644 manifests/prometheus-podDisruptionBudget.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 8cc44572..e23e2e6a 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./manifests/alertmanager-alertmanager.yaml +- ./manifests/alertmanager-podDisruptionBudget.yaml - ./manifests/alertmanager-prometheusRule.yaml - ./manifests/alertmanager-secret.yaml - ./manifests/alertmanager-service.yaml @@ -58,6 +59,7 @@ resources: - ./manifests/prometheus-clusterRoleBinding.yaml - ./manifests/prometheus-operator-prometheusRule.yaml - ./manifests/prometheus-operator-serviceMonitor.yaml +- ./manifests/prometheus-podDisruptionBudget.yaml - ./manifests/prometheus-prometheus.yaml - ./manifests/prometheus-prometheusRule.yaml - ./manifests/prometheus-roleBindingConfig.yaml diff --git a/manifests/alertmanager-podDisruptionBudget.yaml b/manifests/alertmanager-podDisruptionBudget.yaml new file mode 100644 index 00000000..2dd13244 --- /dev/null +++ b/manifests/alertmanager-podDisruptionBudget.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.21.0 + name: alertmanager-main + namespace: monitoring +spec: + maxUnavailable: 1 + selector: + matchLabels: + alertmanager: main + app.kubernetes.io/component: alert-router + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml new file mode 100644 index 00000000..4bc1a8d0 --- /dev/null +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -0,0 +1,18 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 2.25.0 + name: prometheus-k8s + namespace: monitoring +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: prometheus + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus + prometheus: k8s From 30a41d18d8522fdc93af622e483fcf09e95ca35f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 15 Mar 2021 23:39:24 +0100 Subject: [PATCH 188/388] jsonnet: conditionally add PDB --- jsonnet/kube-prometheus/components/alertmanager.libsonnet | 2 +- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index aca1a866..569ee82b 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -165,7 +165,7 @@ function(params) { }, }, - podDisruptionBudget: { + [if (defaults + params).replicas > 1 then 'podDisruptionBudget']: { apiVersion: 'policy/v1beta1', kind: 'PodDisruptionBudget', metadata: { diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 1a82b3e6..0c6d359f 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -236,7 +236,7 @@ function(params) { items: [newSpecificRole(x) for x in p.config.namespaces], }, - podDisruptionBudget: { + [if (defaults + params).replicas > 1 then 'podDisruptionBudget']: { apiVersion: 'policy/v1beta1', kind: 'PodDisruptionBudget', metadata: { From 9a6289a04573334fbe8fbb2a54b135a255f485f2 Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Tue, 9 Mar 2021 01:02:12 +0100 Subject: [PATCH 189/388] Add content header for hugo website --- docs/blackbox-exporter.md | 15 ++++++++++++ docs/deploy-kind.md | 19 +++++++++++++++ ...prometheus-rules-and-grafana-dashboards.md | 14 ++++++++++- ...prometheus-alertmanager-grafana-ingress.md | 20 ++++++++++++---- docs/kube-prometheus-on-kubeadm.md | 23 ++++++++++++------- docs/monitoring-external-etcd.md | 17 ++++++++++++-- docs/monitoring-other-namespaces.md | 15 +++++++++++- 7 files changed, 107 insertions(+), 16 deletions(-) create mode 100644 docs/deploy-kind.md diff --git a/docs/blackbox-exporter.md b/docs/blackbox-exporter.md index 624b9483..e6a52725 100644 --- a/docs/blackbox-exporter.md +++ b/docs/blackbox-exporter.md @@ -1,3 +1,18 @@ +--- +title: "Blackbox Exporter" +description: "Generated API docs for the Prometheus Operator" +lead: "This Document documents the types introduced by the Prometheus Operator to be consumed by users." +date: 2021-03-08T08:49:31+00:00 +lastmod: 2021-03-08T08:49:31+00:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 630 +toc: true +--- + # Setting up a blackbox exporter The `prometheus-operator` defines a `Probe` resource type that can be used to describe blackbox checks. To execute these, a separate component called [`blackbox_exporter`](https://github.com/prometheus/blackbox_exporter) has to be deployed, which can be scraped to retrieve the results of these checks. You can use `kube-prometheus` to set up such a blackbox exporter within your Kubernetes cluster. diff --git a/docs/deploy-kind.md b/docs/deploy-kind.md new file mode 100644 index 00000000..f586b7cf --- /dev/null +++ b/docs/deploy-kind.md @@ -0,0 +1,19 @@ +--- +title: "Deploy to kind" +description: "Deploy kube-prometheus to Kubernets kind." +lead: "Deploy kube-prometheus to Kubernets kind." +date: 2021-03-08T23:04:32+01:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 500 +toc: true +--- + +--- + +Time to explain why! + +Your chance of **contributing**! diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 814ccf88..b438c88b 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -1,4 +1,16 @@ -# Developing Prometheus Rules and Grafana Dashboards +--- +title: "Prometheus Rules and Grafana Dashboards" +description: "Create Prometheus Rules and Grafana Dashboards on top of kube-prometheus" +lead: "Create Prometheus Rules and Grafana Dashboards on top of kube-prometheus" +date: 2021-03-08T23:04:32+01:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 650 +toc: true +--- `kube-prometheus` ships with a set of default [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) and [Grafana](http://grafana.com/) dashboards. At some point one might like to extend them, the purpose of this document is to explain how to do this. diff --git a/docs/exposing-prometheus-alertmanager-grafana-ingress.md b/docs/exposing-prometheus-alertmanager-grafana-ingress.md index f05ab4ce..be1ba130 100644 --- a/docs/exposing-prometheus-alertmanager-grafana-ingress.md +++ b/docs/exposing-prometheus-alertmanager-grafana-ingress.md @@ -1,12 +1,24 @@ -# Exposing Prometheus, Alertmanager and Grafana UIs via Ingress +--- +title: "Expose via Ingress" +description: "How to setup a Kubernetes Ingress to expose the Prometheus, Alertmanager and Grafana." +lead: "How to setup a Kubernetes Ingress to expose the Prometheus, Alertmanager and Grafana." +date: 2021-03-08T23:04:32+01:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 500 +toc: true +--- -In order to access the web interfaces via the Internet [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a popular option. This guide explains, how Kubernetes Ingress can be setup, in order to expose the Prometheus, Alertmanager and Grafana UIs, that are included in the [kube-prometheus](https://github.com/coreos/kube-prometheus) project. +In order to access the web interfaces via the Internet [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a popular option. This guide explains, how Kubernetes Ingress can be setup, in order to expose the Prometheus, Alertmanager and Grafana UIs, that are included in the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project. -Note: before continuing, it is recommended to first get familiar with the [kube-prometheus](https://github.com/coreos/kube-prometheus) stack by itself. +Note: before continuing, it is recommended to first get familiar with the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) stack by itself. ## Prerequisites -Apart from a running Kubernetes cluster with a running [kube-prometheus](https://github.com/coreos/kube-prometheus) stack, a Kubernetes Ingress controller must be installed and functional. This guide was tested with the [nginx-ingress-controller](https://github.com/kubernetes/ingress-nginx). If you wish to reproduce the exact result in as depicted in this guide we recommend using the nginx-ingress-controller. +Apart from a running Kubernetes cluster with a running [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) stack, a Kubernetes Ingress controller must be installed and functional. This guide was tested with the [nginx-ingress-controller](https://github.com/kubernetes/ingress-nginx). If you wish to reproduce the exact result in as depicted in this guide we recommend using the nginx-ingress-controller. ## Setting up Ingress diff --git a/docs/kube-prometheus-on-kubeadm.md b/docs/kube-prometheus-on-kubeadm.md index db15c431..37610593 100644 --- a/docs/kube-prometheus-on-kubeadm.md +++ b/docs/kube-prometheus-on-kubeadm.md @@ -1,15 +1,22 @@ -
- +--- +title: "Deploy to kubeadm" +description: "Deploy kube-prometheus to Kubernets kubeadm." +lead: "Deploy kube-prometheus to Kubernets kubeadm." +date: 2021-03-08T23:04:32+01:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 500 +toc: true +--- -# Kube Prometheus on Kubeadm - -The [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) tool is linked by Kubernetes as the offical way to deploy and manage self-hosted clusters. Kubeadm does a lot of heavy lifting by automatically configuring your Kubernetes cluster with some common options. This guide is intended to show you how to deploy Prometheus, Prometheus Operator and Kube Prometheus to get you started monitoring your cluster that was deployed with Kubeadm. +The [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) tool is linked by Kubernetes as the offical way to deploy and manage self-hosted clusters. kubeadm does a lot of heavy lifting by automatically configuring your Kubernetes cluster with some common options. This guide is intended to show you how to deploy Prometheus, Prometheus Operator and Kube Prometheus to get you started monitoring your cluster that was deployed with kubeadm. This guide assumes you have a basic understanding of how to use the functionality the Prometheus Operator implements. If you haven't yet, we recommend reading through the [getting started guide](https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md) as well as the [alerting guide](https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/alerting.md). -## Kubeadm Pre-requisites +## kubeadm Pre-requisites This guide assumes you have some familiarity with `kubeadm` or at least have deployed a cluster using `kubeadm`. By default, `kubeadm` does not expose two of the services that we will be monitoring. Therefore, in order to get the most out of the `kube-prometheus` package, we need to make some quick tweaks to the Kubernetes cluster. Since we will be monitoring the `kube-controller-manager` and `kube-scheduler`, we must expose them to the cluster. diff --git a/docs/monitoring-external-etcd.md b/docs/monitoring-external-etcd.md index f7071851..6ddecb18 100644 --- a/docs/monitoring-external-etcd.md +++ b/docs/monitoring-external-etcd.md @@ -1,5 +1,18 @@ -# Monitoring external etcd -This guide will help you monitor an external etcd cluster. When the etcd cluster is not hosted inside Kubernetes. +--- +title: "Monitoring external etcd" +description: "This guide will help you monitor an external etcd cluster." +lead: "This guide will help you monitor an external etcd cluster." +date: 2021-03-08T23:04:32+01:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 640 +toc: true +--- + +When the etcd cluster is not hosted inside Kubernetes. This is often the case with Kubernetes setups. This approach has been tested with kube-aws but the same principals apply to other tools. Note that [etcd.jsonnet](../examples/etcd.jsonnet) & [kube-prometheus-static-etcd.libsonnet](../jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet) (which are described by a section of the [Readme](../README.md#static-etcd-configuration)) do the following: diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md index 51f21201..2e4ede9f 100644 --- a/docs/monitoring-other-namespaces.md +++ b/docs/monitoring-other-namespaces.md @@ -1,4 +1,17 @@ -# Monitoring other Kubernetes Namespaces +--- +title: "Monitoring other Namespaces" +description: "This guide will help you monitor applications in other Namespaces." +lead: "This guide will help you monitor applications in other Namespaces." +date: 2021-03-08T23:04:32+01:00 +draft: false +images: [] +menu: + docs: + parent: "kube" +weight: 640 +toc: true +--- + This guide will help you monitor applications in other Namespaces. By default the RBAC rules are only enabled for the `Default` and `kube-system` Namespace during Install. # Setup From 0d2e0875d9cd23fb2ffc8dd773298881587c256a Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 16 Mar 2021 15:17:22 +0100 Subject: [PATCH 190/388] jsonnet/prometheus-adapter: include pause container in resource calculations --- .../kube-prometheus/components/prometheus-adapter.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 4b2ac39f..e2be622c 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -26,7 +26,7 @@ local defaults = { config: { resourceRules: { cpu: { - containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}[5m])) by (<<.GroupBy>>)', + containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[5m])) by (<<.GroupBy>>)', nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', resources: { overrides: { @@ -38,7 +38,7 @@ local defaults = { containerLabel: 'container', }, memory: { - containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)', + containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)', nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', resources: { overrides: { From 8b30b2b669c8c0000bad82837723f18aed2a078c Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 16 Mar 2021 15:19:18 +0100 Subject: [PATCH 191/388] manifests: regenerate --- manifests/prometheus-adapter-configMap.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index b5b4e82b..62d1ee5f 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -4,7 +4,7 @@ data: "resourceRules": "cpu": "containerLabel": "container" - "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)" + "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)" "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)" "resources": "overrides": @@ -16,7 +16,7 @@ data: "resource": "pod" "memory": "containerLabel": "container" - "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)" + "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)" "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)" "resources": "overrides": From d1a3ebbe9066ce938a5a9b5a46208ce3115007e7 Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Tue, 16 Mar 2021 18:21:02 +0100 Subject: [PATCH 192/388] Update docs/deploy-kind.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Paweł Krupa --- docs/deploy-kind.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy-kind.md b/docs/deploy-kind.md index f586b7cf..c02c825c 100644 --- a/docs/deploy-kind.md +++ b/docs/deploy-kind.md @@ -16,4 +16,4 @@ toc: true Time to explain why! -Your chance of **contributing**! +Your chance of [**contributing**](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/deploy-kind.md)! From 558574b086002fdbc6df7c5391863e98568e2e24 Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Tue, 16 Mar 2021 18:21:17 +0100 Subject: [PATCH 193/388] Update docs/deploy-kind.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Paweł Krupa --- docs/deploy-kind.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deploy-kind.md b/docs/deploy-kind.md index c02c825c..ea66c59a 100644 --- a/docs/deploy-kind.md +++ b/docs/deploy-kind.md @@ -14,6 +14,6 @@ toc: true --- -Time to explain why! +Time to explain how! Your chance of [**contributing**](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/deploy-kind.md)! From 70a63d15410a3559b40a7915f67909c87502c2da Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 16 Mar 2021 18:48:48 +0100 Subject: [PATCH 194/388] jsonnet: lock prom-op to 0.46 branch --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 1c3a3c98..3c499567 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.45" + "version": "release-0.46" }, { "source": { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index fff69108..3d578a52 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "788d4456425eaf8c1d613582995bdf7de02154b0", + "version": "7f94a06b86d41c20176f0d5b53aa0100fdc361e6", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "5555f492df250168657b72bb8cb60bec071de71f", - "sum": "quzK9/gITldAfVGBkFUsLjQ3Y2F4NOJ2GQUjPSD8HHQ=" + "version": "7f94a06b86d41c20176f0d5b53aa0100fdc361e6", + "sum": "2CCa4pHH08Pnyf+0c+ZhVjM5h6TfoCbhHypPigpB9AM=" }, { "source": { From 8b877c17530e8eba4f7d671d98b2a18358461aca Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 16 Mar 2021 18:48:58 +0100 Subject: [PATCH 195/388] manifests: regenerate --- ...managerConfigCustomResourceDefinition.yaml | 2 ++ ...0alertmanagerCustomResourceDefinition.yaml | 2 ++ ...r-0podmonitorCustomResourceDefinition.yaml | 2 ++ ...erator-0probeCustomResourceDefinition.yaml | 33 +++++++++++++++++++ ...r-0prometheusCustomResourceDefinition.yaml | 7 ++++ ...ervicemonitorCustomResourceDefinition.yaml | 2 ++ ...-0thanosrulerCustomResourceDefinition.yaml | 2 ++ 7 files changed, 50 insertions(+) diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index faa6e92e..5edca274 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: AlertmanagerConfig listKind: AlertmanagerConfigList plural: alertmanagerconfigs diff --git a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index 22775503..d69502aa 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: Alertmanager listKind: AlertmanagerList plural: alertmanagers diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 6e3dbf7f..5cb8d021 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: PodMonitor listKind: PodMonitorList plural: podmonitors diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 56b4dd84..273616af 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: Probe listKind: ProbeList plural: probes @@ -145,6 +147,37 @@ spec: type: string description: Labels assigned to all metrics scraped from the targets. type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array static: description: Targets is a list of URLs to probe using the configured prober. items: diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 694f6bfd..3f0eb867 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: Prometheus listKind: PrometheusList plural: prometheuses @@ -2636,6 +2638,11 @@ spec: bearerTokenFile: description: File to read bearer token for remote write. type: string + headers: + additionalProperties: + type: string + description: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer. + type: object name: description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. type: string diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 51bd50a4..82d6ba34 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: ServiceMonitor listKind: ServiceMonitorList plural: servicemonitors diff --git a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml index 58a7b1b1..a48e0f77 100644 --- a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: ThanosRuler listKind: ThanosRulerList plural: thanosrulers From 24afd652abe26048357ee5be5aae7485dbafc8e5 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 17 Mar 2021 16:06:28 +0100 Subject: [PATCH 196/388] *: remove statement about release-0.6 compatibility with k8s 1.18 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e82137ce..d8e1f67f 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ The following versions are supported and work as we test against these versions |-----------------------|-----------------|-----------------|-----------------|-----------------|-----------------| | `release-0.4` | ✔ (v1.16.5+) | ✔ | ✗ | ✗ | ✗ | | `release-0.5` | ✗ | ✗ | ✔ | ✗ | ✗ | -| `release-0.6` | ✗ | ✗ | ✔ | ✔ | ✗ | +| `release-0.6` | ✗ | ✗ | ✗ | ✔ | ✗ | | `release-0.7` | ✗ | ✗ | ✗ | ✔ | ✔ | | `HEAD` | ✗ | ✗ | ✗ | ✔ | ✔ | From 6ece9ca0bc74e2b2fd5c0860a4bbd5df3e1e30fa Mon Sep 17 00:00:00 2001 From: Lennart Jern Date: Thu, 18 Mar 2021 09:21:35 +0200 Subject: [PATCH 197/388] squash! Update README defaults and config --- README.md | 97 ++++++------------------------------------------------- 1 file changed, 9 insertions(+), 88 deletions(-) diff --git a/README.md b/README.md index 984a028d..4e455dc8 100644 --- a/README.md +++ b/README.md @@ -329,98 +329,19 @@ Once updated, just follow the instructions under "Compiling" and "Apply the kube Jsonnet has the concept of hidden fields. These are fields, that are not going to be rendered in a result. This is used to configure the kube-prometheus components in jsonnet. In the example jsonnet code of the above [Customizing Kube-Prometheus section](#customizing-kube-prometheus), you can see an example of this, where the `namespace` is being configured to be `monitoring`. In order to not override the whole object, use the `+::` construct of jsonnet, to merge objects, this way you can override individual settings, but retain all other settings and defaults. -These are the available fields with their respective default values: +The available fields and their default values can be seen in [main.libsonnet](jsonnet/kube-prometheus/main.libsonnet). Note that many of the fields get their default values from variables, and for example the version numbers are imported from [versions.json](jsonnet/kube-prometheus/versions.json). + +Configuration is mainly done in the `values` map. You can see this being used in the `example.jsonnet` to set the namespace to `monitoring`. This is done in the `common` field, which all other components take their default value from. See for example how Alertmanager is configured in `main.libsonnet`: + ``` -{ - values:: { - common: { - namespace: 'default', - ruleLabels: { - role: 'alert-rules', - prometheus: $.values.prometheus.name, - }, - // to allow automatic upgrades of components, we store versions in autogenerated `versions.json` file and import it here - versions: { - alertmanager: error 'must provide version', - blackboxExporter: error 'must provide version', - grafana: error 'must provide version', - kubeStateMetrics: '1.9.8', - nodeExporter: error 'must provide version', - prometheus: error 'must provide version', - prometheusAdapter: error 'must provide version', - prometheusOperator: error 'must provide version', - } + (import 'versions.json'), - images: { - alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, - blackboxExporter: 'quay.io/prometheus/blackbox-exporter:v' + $.values.common.versions.blackboxExporter, - grafana: 'grafana/grafana:v' + $.values.common.versions.grafana, - kubeStateMetrics: 'k8s.gcr.io/kube-state-metrics/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, - nodeExporter: 'quay.io/prometheus/node-exporter:v' + $.values.common.versions.nodeExporter, - prometheus: 'quay.io/prometheus/prometheus:v' + $.values.common.versions.prometheus, - prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, - prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, - prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, - }, - }, alertmanager: { name: 'main', - config: ||| - global: - resolve_timeout: 5m - inhibit_rules: - - source_match: - severity: critical - target_match_re: - severity: warning|info - equal: ['namespace', 'alertname'] - - source_match: - severity: warning - target_match_re: - severity: info - equal: ['namespace', 'alertname'] - route: - group_by: ['namespace'] - group_wait: 30s - group_interval: 5m - repeat_interval: 12h - receiver: 'Default' - routes: - - match: - alertname: Watchdog - receiver: Watchdog - - match: - severity: critical - receiver: Critical - receivers: - - name: Default - - name: Watchdog - - name: Critical - |||, - replicas: 3 + // Use the namespace specified under values.common by default. + namespace: $.values.common.namespace, + version: $.values.common.versions.alertmanager, + image: $.values.common.images.alertmanager, + mixin+: { ruleLabels: $.values.common.ruleLabels }, }, - kubeStateMetrics: { - resources: { - requests: { cpu: '10m', memory: '190Mi' }, - limits: { cpu: '100m', memory: '250Mi' }, - }, - scrapeInterval: '30s', - scrapeTimeout: '30s', - }, - nodeExporter: { - listenAddress: '127.0.0.1', - port: 9100, - resources: { - requests: { cpu: '102m', memory: '180Mi' }, - limits: { cpu: '250m', memory: '180Mi' }, - }, - }, - prometheus: { - name: 'k8s', - replicas: 2, - resources: { memory: '400Mi' } - }, - } -} ``` The grafana definition is located in a different project (https://github.com/brancz/kubernetes-grafana), but needed configuration can be customized from the same top level `values` field. For example to allow anonymous access to grafana, add the following `values` section: From b473929b36cee4a565deccac477ce4c4e4d7e37b Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Thu, 18 Mar 2021 09:17:49 +0100 Subject: [PATCH 198/388] jsonnet/kube-prometheus/: Bump kube-state-metrics to v2.0.0-rc --- jsonnet/kube-prometheus/jsonnetfile.json | 4 ++-- jsonnet/kube-prometheus/versions.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 1c3a3c98..dc536603 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -53,7 +53,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "release-1.9" + "version": "release-2.0" }, { "source": { @@ -62,7 +62,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "master" + "version": "release-2.0" }, { "source": { diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index db5f2a94..1d55d2ea 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -2,7 +2,7 @@ "alertmanager": "0.21.0", "blackboxExporter": "0.18.0", "grafana": "7.4.3", - "kubeStateMetrics": "1.9.8", + "kubeStateMetrics": "2.0.0-rc.0", "nodeExporter": "1.1.1", "prometheus": "2.25.0", "prometheusAdapter": "0.8.3", From 4bba284d9b30c9802dd48bb7f573d08515863dc4 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Thu, 18 Mar 2021 09:21:07 +0100 Subject: [PATCH 199/388] jsonnetfile.lock.json: jb update kube-state-metrics only --- jsonnetfile.lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index fff69108..9130db6b 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -79,8 +79,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "89aaf6c524ee891140c4c8f2a05b1b16f5847309", - "sum": "zD/pbQLnQq+5hegEelaheHS8mn1h09GTktFO74iwlBI=" + "version": "8fb9b23f7376be9014f110b83a83fe930e027726", + "sum": "aE6e4P6NiMf5eQMv0w4hy+oSeLBzwCrjUSkP+DSgrro=" }, { "source": { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "72d6d3106861f992b7d6ecc0a88abe9b12ad5427", + "version": "8fb9b23f7376be9014f110b83a83fe930e027726", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { From 09b30e124f2e4791c0564fbbbf8119506a1271f6 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Thu, 18 Mar 2021 09:29:53 +0100 Subject: [PATCH 200/388] manifests: Regenerate --- manifests/kube-state-metrics-clusterRole.yaml | 11 +++++++++-- manifests/kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 8 +++++--- manifests/kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- manifests/kube-state-metrics-serviceAccount.yaml | 2 +- manifests/kube-state-metrics-serviceMonitor.yaml | 2 +- 7 files changed, 19 insertions(+), 10 deletions(-) diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index 0de2af47..c1cd228b 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 name: kube-state-metrics rules: - apiGroups: @@ -32,7 +32,6 @@ rules: - daemonsets - deployments - replicasets - - ingresses verbs: - list - watch @@ -107,6 +106,14 @@ rules: - networking.k8s.io resources: - networkpolicies + - ingresses + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases verbs: - list - watch diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index cd4f9652..4f524dd0 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index d87af742..2438d408 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 name: kube-state-metrics namespace: monitoring spec: @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 spec: containers: - args: @@ -29,7 +29,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v1.9.8 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0-rc.0 name: kube-state-metrics resources: limits: @@ -38,6 +38,8 @@ spec: requests: cpu: 10m memory: 190Mi + securityContext: + runAsUser: 65534 - args: - --logtostderr - --secure-listen-address=:8443 diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 0f887466..4739e168 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index 0183585e..6b1537d5 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index a9887f00..99f34128 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index 804dea6e..6739bfdf 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.9.8 + app.kubernetes.io/version: 2.0.0-rc.0 name: kube-state-metrics namespace: monitoring spec: From 2fa7ef162fdd085679afa52dc068b7ad2c86ff3e Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Thu, 18 Mar 2021 18:36:10 +0000 Subject: [PATCH 201/388] Add externalLabels on Prometheus defaults Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 ++ manifests/prometheus-prometheus.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 0c6d359f..7d0d0729 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -11,6 +11,7 @@ local defaults = { alertmanagerName: error 'must provide alertmanagerName', namespaces: ['default', 'kube-system', defaults.namespace], replicas: 2, + externalLabels: {}, commonLabels:: { 'app.kubernetes.io/name': 'prometheus', 'app.kubernetes.io/version': defaults.version, @@ -269,6 +270,7 @@ function(params) { podMetadata: { labels: p.config.commonLabels, }, + externalLabels: p.config.externalLabels, serviceAccountName: 'prometheus-' + p.config.name, serviceMonitorSelector: {}, podMonitorSelector: {}, diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 6d9449da..3febbfee 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -16,6 +16,7 @@ spec: name: alertmanager-main namespace: monitoring port: web + externalLabels: {} image: quay.io/prometheus/prometheus:v2.25.0 nodeSelector: kubernetes.io/os: linux From 1237843e62bb46395ae7b4eca760a87f2d172dc4 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 5 Mar 2021 20:14:19 +0000 Subject: [PATCH 202/388] Adds an addon for podSecurityPolicies Signed-off-by: ArthurSens --- examples/pod-security-policies.jsonnet | 23 ++ .../addons/podsecuritypolicies.libsonnet | 242 ++++++++++++++++++ 2 files changed, 265 insertions(+) create mode 100644 examples/pod-security-policies.jsonnet create mode 100644 jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet diff --git a/examples/pod-security-policies.jsonnet b/examples/pod-security-policies.jsonnet new file mode 100644 index 00000000..3274c937 --- /dev/null +++ b/examples/pod-security-policies.jsonnet @@ -0,0 +1,23 @@ +local kp = + (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet'); + +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + +// Add the restricted psp to setup +{ 'setup/0podsecuritypolicy-restricted': kp.restrictedPodSecurityPolicy } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet new file mode 100644 index 00000000..32ef6176 --- /dev/null +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -0,0 +1,242 @@ +local restrictedPodSecurityPolicy = { + apiVersion: 'policy/v1beta1', + kind: 'PodSecurityPolicy', + metadata: { + name: 'restricted', + }, + spec: { + privileged: false, + // Required to prevent escalations to root. + allowPrivilegeEscalation: false, + // This is redundant with non-root + disallow privilege escalation, + // but we can provide it for defense in depth. + requiredDropCapabilities: ['ALL'], + // Allow core volume types. + volumes: [ + 'configMap', + 'emptyDir', + 'secret', + // Assume that persistentVolumes set up by the cluster admin are safe to use. + 'persistentVolumeClaim', + ], + hostNetwork: false, + hostIPC: false, + hostPID: false, + runAsUser: { + // Require the container to run without root privileges. + rule: 'MustRunAsNonRoot', + }, + seLinux: { + // This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny', + }, + supplementalGroups: { + rule: 'MustRunAs', + ranges: [{ + // Forbid adding the root group. + min: 1, + max: 65535, + }], + }, + fsGroup: { + rule: 'MustRunAs', + ranges: [{ + // Forbid adding the root group. + min: 1, + max: 65535, + }], + }, + readOnlyRootFilesystem: false, + }, +}; + +{ + restrictedPodSecurityPolicy: restrictedPodSecurityPolicy, + + alertmanager+: { + role: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'alertmanager-' + $.values.alertmanager.name, + }, + rules: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + + roleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'alertmanager-' + $.values.alertmanager.name, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'alertmanager-' + $.values.alertmanager.name, + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'alertmanager-' + $.values.alertmanager.name, + namespace: $.values.alertmanager.namespace, + }], + }, + }, + + blackboxExporter+: { + clusterRole+: { + rules+: [ + { + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: ['blackbox-exporter-psp'], + }, + ], + }, + + podSecurityPolicy: + local blackboxExporterPspPrivileged = + if $.blackboxExporter.config.privileged then + { + metadata+: { + name: 'blackbox-exporter-psp', + }, + spec+: { + privileged: true, + allowedCapabilities: ['NET_RAW'], + runAsUser: { + rule: 'RunAsAny', + }, + }, + } + else + {}; + + restrictedPodSecurityPolicy + blackboxExporterPspPrivileged, + }, + + grafana+: { + role: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'grafana', + }, + rules: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + + roleBinding: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'grafana', + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + kind: 'Role', + name: 'grafana', + }, + subjects: [{ + kind: 'ServiceAccount', + name: $.grafana.serviceAccount.metadata.name, + namespace: $.grafana.serviceAccount.metadata.namespace, + }], + }, + }, + + kubeStateMetrics+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, + + nodeExporter+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: ['node-exporter-psp'], + }], + }, + + podSecurityPolicy: restrictedPodSecurityPolicy { + metadata+: { + name: 'node-exporter-psp', + }, + spec+: { + allowedHostPaths+: [ + { + pathPrefix: '/proc', + readOnly: true, + }, + { + pathPrefix: '/sys', + readOnly: true, + }, + { + pathPrefix: '/', + readOnly: true, + }, + ], + hostNetwork: true, + hostPID: true, + hostPorts: [ + { + max: 9100, + min: 9100, + }, + ], + readOnlyRootFilesystem: true, + }, + }, + }, + + prometheusAdapter+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, + + prometheusOperator+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, + + prometheus+: { + clusterRole+: { + rules+: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'], + resourceNames: [restrictedPodSecurityPolicy.metadata.name], + }], + }, + }, +} From 98559a0f42dde38980f6493dca974524034da110 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 12 Mar 2021 20:41:00 +0000 Subject: [PATCH 203/388] Allow kube-state-metrics to run as any user Signed-off-by: ArthurSens --- .../addons/podsecuritypolicies.libsonnet | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 32ef6176..38dc736c 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -160,9 +160,20 @@ local restrictedPodSecurityPolicy = { apiGroups: ['policy'], resources: ['podsecuritypolicies'], verbs: ['use'], - resourceNames: [restrictedPodSecurityPolicy.metadata.name], + resourceNames: ['kube-state-metrics-psp'], }], }, + + podSecurityPolicy: restrictedPodSecurityPolicy { + metadata+: { + name: 'kube-state-metrics-psp', + }, + spec+: { + runAsUser: { + rule: 'RunAsAny', + }, + }, + }, }, nodeExporter+: { From e8abcd3dc9d022ffb2030bea660607176dcdb8de Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 12 Mar 2021 20:51:15 +0000 Subject: [PATCH 204/388] Allow node-exporter to use hostPath volumes Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 38dc736c..46493c55 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -214,6 +214,9 @@ local restrictedPodSecurityPolicy = { }, ], readOnlyRootFilesystem: true, + volumes+: [ + 'hostPath', + ], }, }, }, From 478a18a6a7353bdad6c0b24f2eb0ee9e51efa778 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 12 Mar 2021 21:14:39 +0000 Subject: [PATCH 205/388] Turn alertmanager's and grafana's roles into clusterRoles Signed-off-by: ArthurSens --- .../addons/podsecuritypolicies.libsonnet | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 46493c55..888d553e 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -54,9 +54,9 @@ local restrictedPodSecurityPolicy = { restrictedPodSecurityPolicy: restrictedPodSecurityPolicy, alertmanager+: { - role: { + clusterRole: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', + kind: 'ClusterRole', metadata: { name: 'alertmanager-' + $.values.alertmanager.name, }, @@ -68,15 +68,15 @@ local restrictedPodSecurityPolicy = { }], }, - roleBinding: { + clusterRoleBinding: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', + kind: 'ClusterRoleBinding', metadata: { name: 'alertmanager-' + $.values.alertmanager.name, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', + kind: 'ClusterRole', name: 'alertmanager-' + $.values.alertmanager.name, }, subjects: [{ @@ -121,9 +121,9 @@ local restrictedPodSecurityPolicy = { }, grafana+: { - role: { + clusterRole: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'Role', + kind: 'ClusterRole', metadata: { name: 'grafana', }, @@ -135,15 +135,15 @@ local restrictedPodSecurityPolicy = { }], }, - roleBinding: { + clusterRoleBinding: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'RoleBinding', + kind: 'ClusterRoleBinding', metadata: { name: 'grafana', }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', - kind: 'Role', + kind: 'ClusterRole', name: 'grafana', }, subjects: [{ From b7d7ba02710ac56df23a0de1894ab192a781d8f1 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Thu, 18 Mar 2021 20:56:47 +0000 Subject: [PATCH 206/388] Use node-exporter defaults.port on psp Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 888d553e..65908f8c 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -209,8 +209,8 @@ local restrictedPodSecurityPolicy = { hostPID: true, hostPorts: [ { - max: 9100, - min: 9100, + max: $.nodeExporter.config.port, + min: $.nodeExporter.config.port, }, ], readOnlyRootFilesystem: true, From 094cdb34e8890ba638464849c862c9fcb1db06ce Mon Sep 17 00:00:00 2001 From: Petr Enkov Date: Mon, 22 Mar 2021 11:57:11 +0400 Subject: [PATCH 207/388] allow install grafana plugins --- jsonnet/kube-prometheus/components/grafana.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 939fbbc3..faf90258 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -28,6 +28,7 @@ local defaults = { containers: [], datasources: [], config: {}, + plugins: [], }; function(params) { @@ -56,6 +57,7 @@ function(params) { folderDashboards: g.cfg.folderDashboards, containers: g.cfg.containers, config+: g.cfg.config, + plugins+: g.cfg.plugins, } + ( // Conditionally overwrite default setting. if std.length(g.cfg.datasources) > 0 then From 0bf34a24f85710591a0a043412d8b920fa4dd5d5 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 16 Mar 2021 19:14:55 +0100 Subject: [PATCH 208/388] jsonnet: unify internal configuration field name Signed-off-by: paulfantom --- .../addons/podsecuritypolicies.libsonnet | 6 +- .../addons/weave-net/weave-net.libsonnet | 4 +- .../components/alertmanager.libsonnet | 80 +++++----- .../components/blackbox-exporter.libsonnet | 62 ++++---- .../components/grafana.libsonnet | 38 ++--- .../components/k8s-control-plane.libsonnet | 18 +-- .../components/kube-rbac-proxy.libsonnet | 18 +-- .../components/kube-state-metrics.libsonnet | 40 ++--- .../components/mixin/custom.libsonnet | 10 +- .../components/node-exporter.libsonnet | 78 ++++----- .../components/prometheus-adapter.libsonnet | 74 ++++----- .../components/prometheus-operator.libsonnet | 10 +- .../components/prometheus.libsonnet | 150 +++++++++--------- .../kube-prometheus/platforms/eks.libsonnet | 4 +- 14 files changed, 297 insertions(+), 295 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 65908f8c..80da1b3e 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -101,7 +101,7 @@ local restrictedPodSecurityPolicy = { podSecurityPolicy: local blackboxExporterPspPrivileged = - if $.blackboxExporter.config.privileged then + if $.blackboxExporter._config.privileged then { metadata+: { name: 'blackbox-exporter-psp', @@ -209,8 +209,8 @@ local restrictedPodSecurityPolicy = { hostPID: true, hostPorts: [ { - max: $.nodeExporter.config.port, - min: $.nodeExporter.config.port, + max: $.nodeExporter._config.port, + min: $.nodeExporter._config.port, }, ], readOnlyRootFilesystem: true, diff --git a/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet b/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet index 71596f45..d5cc9ead 100644 --- a/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet +++ b/jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet @@ -52,9 +52,9 @@ apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: p.config.mixin.ruleLabels, + labels: p._config.mixin.ruleLabels, name: 'weave-net-rules', - namespace: p.config.namespace, + namespace: p._config.namespace, }, spec: { groups: [{ diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 569ee82b..60385669 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -72,23 +72,23 @@ local defaults = { function(params) { local am = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(am.config.resources), - assert std.isObject(am.config.mixin._config), + assert std.isObject(am._config.resources), + assert std.isObject(am._config.mixin._config), mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { - _config+:: am.config.mixin._config, + _config+:: am._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: am.config.commonLabels + am.config.mixin.ruleLabels, - name: 'alertmanager-' + am.config.name + '-rules', - namespace: am.config.namespace, + labels: am._config.commonLabels + am._config.mixin.ruleLabels, + name: 'alertmanager-' + am._config.name + '-rules', + namespace: am._config.namespace, }, spec: { local r = if std.objectHasAll(am.mixin, 'prometheusRules') then am.mixin.prometheusRules.groups else [], @@ -102,16 +102,16 @@ function(params) { kind: 'Secret', type: 'Opaque', metadata: { - name: 'alertmanager-' + am.config.name, - namespace: am.config.namespace, - labels: { alertmanager: am.config.name } + am.config.commonLabels, + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: { alertmanager: am._config.name } + am._config.commonLabels, }, stringData: { - 'alertmanager.yaml': if std.type(am.config.config) == 'object' + 'alertmanager.yaml': if std.type(am._config.config) == 'object' then - std.manifestYamlDoc(am.config.config) + std.manifestYamlDoc(am._config.config) else - am.config.config, + am._config.config, }, }, @@ -119,9 +119,9 @@ function(params) { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { - name: 'alertmanager-' + am.config.name, - namespace: am.config.namespace, - labels: { alertmanager: am.config.name } + am.config.commonLabels, + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: { alertmanager: am._config.name } + am._config.commonLabels, }, }, @@ -129,9 +129,9 @@ function(params) { apiVersion: 'v1', kind: 'Service', metadata: { - name: 'alertmanager-' + am.config.name, - namespace: am.config.namespace, - labels: { alertmanager: am.config.name } + am.config.commonLabels, + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: { alertmanager: am._config.name } + am._config.commonLabels, }, spec: { ports: [ @@ -139,8 +139,8 @@ function(params) { ], selector: { app: 'alertmanager', - alertmanager: am.config.name, - } + am.config.selectorLabels, + alertmanager: am._config.name, + } + am._config.selectorLabels, sessionAffinity: 'ClientIP', }, }, @@ -150,14 +150,14 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'alertmanager', - namespace: am.config.namespace, - labels: am.config.commonLabels, + namespace: am._config.namespace, + labels: am._config.commonLabels, }, spec: { selector: { matchLabels: { - alertmanager: am.config.name, - } + am.config.selectorLabels, + alertmanager: am._config.name, + } + am._config.selectorLabels, }, endpoints: [ { port: 'web', interval: '30s' }, @@ -169,16 +169,16 @@ function(params) { apiVersion: 'policy/v1beta1', kind: 'PodDisruptionBudget', metadata: { - name: 'alertmanager-' + am.config.name, - namespace: am.config.namespace, - labels: am.config.commonLabels, + name: 'alertmanager-' + am._config.name, + namespace: am._config.namespace, + labels: am._config.commonLabels, }, spec: { maxUnavailable: 1, selector: { matchLabels: { - alertmanager: am.config.name, - } + am.config.selectorLabels, + alertmanager: am._config.name, + } + am._config.selectorLabels, }, }, }, @@ -187,22 +187,22 @@ function(params) { apiVersion: 'monitoring.coreos.com/v1', kind: 'Alertmanager', metadata: { - name: am.config.name, - namespace: am.config.namespace, + name: am._config.name, + namespace: am._config.namespace, labels: { - alertmanager: am.config.name, - } + am.config.commonLabels, + alertmanager: am._config.name, + } + am._config.commonLabels, }, spec: { - replicas: am.config.replicas, - version: am.config.version, - image: am.config.image, + replicas: am._config.replicas, + version: am._config.version, + image: am._config.image, podMetadata: { - labels: am.config.commonLabels, + labels: am._config.commonLabels, }, - resources: am.config.resources, + resources: am._config.resources, nodeSelector: { 'kubernetes.io/os': 'linux' }, - serviceAccountName: 'alertmanager-' + am.config.name, + serviceAccountName: 'alertmanager-' + am._config.name, securityContext: { runAsUser: 1000, runAsNonRoot: true, diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index faec2c61..2bec003b 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -88,20 +88,20 @@ local defaults = { function(params) { local bb = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(bb.config.resources), + assert std.isObject(bb._config.resources), configuration: { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'blackbox-exporter-configuration', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, + namespace: bb._config.namespace, + labels: bb._config.commonLabels, }, data: { - 'config.yml': std.manifestYamlDoc({ modules: bb.config.modules }), + 'config.yml': std.manifestYamlDoc({ modules: bb._config.modules }), }, }, @@ -110,7 +110,7 @@ function(params) { kind: 'ServiceAccount', metadata: { name: 'blackbox-exporter', - namespace: bb.config.namespace, + namespace: bb._config.namespace, }, }, @@ -148,24 +148,24 @@ function(params) { subjects: [{ kind: 'ServiceAccount', name: 'blackbox-exporter', - namespace: bb.config.namespace, + namespace: bb._config.namespace, }], }, deployment: local blackboxExporter = { name: 'blackbox-exporter', - image: bb.config.image, + image: bb._config.image, args: [ '--config.file=/etc/blackbox_exporter/config.yml', - '--web.listen-address=:%d' % bb.config.internalPort, + '--web.listen-address=:%d' % bb._config.internalPort, ], ports: [{ name: 'http', - containerPort: bb.config.internalPort, + containerPort: bb._config.internalPort, }], - resources: bb.config.resources, - securityContext: if bb.config.privileged then { + resources: bb._config.resources, + securityContext: if bb._config.privileged then { runAsNonRoot: false, capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, } else { @@ -181,12 +181,12 @@ function(params) { local reloader = { name: 'module-configmap-reloader', - image: bb.config.configmapReloaderImage, + image: bb._config.configmapReloaderImage, args: [ - '--webhook-url=http://localhost:%d/-/reload' % bb.config.internalPort, + '--webhook-url=http://localhost:%d/-/reload' % bb._config.internalPort, '--volume-dir=/etc/blackbox_exporter/', ], - resources: bb.config.resources, + resources: bb._config.resources, securityContext: { runAsNonRoot: true, runAsUser: 65534 }, terminationMessagePath: '/dev/termination-log', terminationMessagePolicy: 'FallbackToLogsOnError', @@ -199,10 +199,10 @@ function(params) { local kubeRbacProxy = krp({ name: 'kube-rbac-proxy', - upstream: 'http://127.0.0.1:' + bb.config.internalPort + '/', - secureListenAddress: ':' + bb.config.port, + upstream: 'http://127.0.0.1:' + bb._config.internalPort + '/', + secureListenAddress: ':' + bb._config.port, ports: [ - { name: 'https', containerPort: bb.config.port }, + { name: 'https', containerPort: bb._config.port }, ], }); @@ -211,14 +211,14 @@ function(params) { kind: 'Deployment', metadata: { name: 'blackbox-exporter', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, + namespace: bb._config.namespace, + labels: bb._config.commonLabels, }, spec: { - replicas: bb.config.replicas, - selector: { matchLabels: bb.config.selectorLabels }, + replicas: bb._config.replicas, + selector: { matchLabels: bb._config.selectorLabels }, template: { - metadata: { labels: bb.config.commonLabels }, + metadata: { labels: bb._config.commonLabels }, spec: { containers: [blackboxExporter, reloader, kubeRbacProxy], nodeSelector: { 'kubernetes.io/os': 'linux' }, @@ -237,20 +237,20 @@ function(params) { kind: 'Service', metadata: { name: 'blackbox-exporter', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, + namespace: bb._config.namespace, + labels: bb._config.commonLabels, }, spec: { ports: [{ name: 'https', - port: bb.config.port, + port: bb._config.port, targetPort: 'https', }, { name: 'probe', - port: bb.config.internalPort, + port: bb._config.internalPort, targetPort: 'http', }], - selector: bb.config.selectorLabels, + selector: bb._config.selectorLabels, }, }, @@ -260,8 +260,8 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'blackbox-exporter', - namespace: bb.config.namespace, - labels: bb.config.commonLabels, + namespace: bb._config.namespace, + labels: bb._config.commonLabels, }, spec: { endpoints: [{ @@ -275,7 +275,7 @@ function(params) { }, }], selector: { - matchLabels: bb.config.selectorLabels, + matchLabels: bb._config.selectorLabels, }, }, }, diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index faf90258..5d2eeb5b 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -33,35 +33,35 @@ local defaults = { function(params) { local g = self, - cfg:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(g.cfg.resources), + assert std.isObject(g._config.resources), local glib = (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + { _config+:: { - namespace: g.cfg.namespace, + namespace: g._config.namespace, versions+:: { - grafana: g.cfg.version, + grafana: g._config.version, }, imageRepos+:: { - grafana: g.cfg.imageRepos, + grafana: g._config.imageRepos, }, prometheus+:: { - name: g.cfg.prometheusName, + name: g._config.prometheusName, }, grafana+:: { - labels: g.cfg.commonLabels, - dashboards: g.cfg.dashboards, - resources: g.cfg.resources, - rawDashboards: g.cfg.rawDashboards, - folderDashboards: g.cfg.folderDashboards, - containers: g.cfg.containers, - config+: g.cfg.config, - plugins+: g.cfg.plugins, + labels: g._config.commonLabels, + dashboards: g._config.dashboards, + resources: g._config.resources, + rawDashboards: g._config.rawDashboards, + folderDashboards: g._config.folderDashboards, + containers: g._config.containers, + config+: g._config.config, + plugins+: g._config.plugins, } + ( // Conditionally overwrite default setting. - if std.length(g.cfg.datasources) > 0 then - { datasources: g.cfg.datasources } + if std.length(g._config.datasources) > 0 then + { datasources: g._config.datasources } else {} ), }, @@ -75,7 +75,7 @@ function(params) { dashboardDatasources: glib.grafana.dashboardDatasources, dashboardSources: glib.grafana.dashboardSources, - dashboardDefinitions: if std.length(g.cfg.dashboards) > 0 then { + dashboardDefinitions: if std.length(g._config.dashboards) > 0 then { apiVersion: 'v1', kind: 'ConfigMapList', items: glib.grafana.dashboardDefinitions, @@ -85,8 +85,8 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'grafana', - namespace: g.cfg.namespace, - labels: g.cfg.commonLabels, + namespace: g._config.namespace, + labels: g._config.commonLabels, }, spec: { selector: { diff --git a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet index dd2282db..fdc6e49a 100644 --- a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet +++ b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -26,19 +26,19 @@ local defaults = { function(params) { local k8s = self, - config:: defaults + params, + _config:: defaults + params, mixin:: (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') { - _config+:: k8s.config.mixin._config, + _config+:: k8s._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: k8s.config.commonLabels + k8s.config.mixin.ruleLabels, + labels: k8s._config.commonLabels + k8s._config.mixin.ruleLabels, name: 'kubernetes-monitoring-rules', - namespace: k8s.config.namespace, + namespace: k8s._config.namespace, }, spec: { local r = if std.objectHasAll(k8s.mixin, 'prometheusRules') then k8s.mixin.prometheusRules.groups else {}, @@ -52,7 +52,7 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'kube-scheduler', - namespace: k8s.config.namespace, + namespace: k8s._config.namespace, labels: { 'app.kubernetes.io/name': 'kube-scheduler' }, }, spec: { @@ -78,7 +78,7 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'kubelet', - namespace: k8s.config.namespace, + namespace: k8s._config.namespace, labels: { 'app.kubernetes.io/name': 'kubelet' }, }, spec: { @@ -150,7 +150,7 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'kube-controller-manager', - namespace: k8s.config.namespace, + namespace: k8s._config.namespace, labels: { 'app.kubernetes.io/name': 'kube-controller-manager' }, }, spec: { @@ -185,7 +185,7 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'kube-apiserver', - namespace: k8s.config.namespace, + namespace: k8s._config.namespace, labels: { 'app.kubernetes.io/name': 'apiserver' }, }, spec: { @@ -239,7 +239,7 @@ function(params) { kind: 'ServiceMonitor', metadata: { name: 'coredns', - namespace: k8s.config.namespace, + namespace: k8s._config.namespace, labels: { 'app.kubernetes.io/name': 'coredns' }, }, spec: { diff --git a/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet b/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet index bc4bf7ff..faec1f40 100644 --- a/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet @@ -41,20 +41,20 @@ local defaults = { function(params) { local krp = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(krp.config.resources), + assert std.isObject(krp._config.resources), - name: krp.config.name, - image: krp.config.image, + name: krp._config.name, + image: krp._config.image, args: [ '--logtostderr', - '--secure-listen-address=' + krp.config.secureListenAddress, - '--tls-cipher-suites=' + std.join(',', krp.config.tlsCipherSuites), - '--upstream=' + krp.config.upstream, + '--secure-listen-address=' + krp._config.secureListenAddress, + '--tls-cipher-suites=' + std.join(',', krp._config.tlsCipherSuites), + '--upstream=' + krp._config.upstream, ], - resources: krp.config.resources, - ports: krp.config.ports, + resources: krp._config.resources, + ports: krp._config.ports, securityContext: { runAsUser: 65532, runAsGroup: 65532, diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index b4520a0c..c9b5820f 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -35,30 +35,30 @@ local defaults = { function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet') { local ksm = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(ksm.config.resources), - assert std.isObject(ksm.config.mixin._config), + assert std.isObject(ksm._config.resources), + assert std.isObject(ksm._config.mixin._config), - name:: ksm.config.name, - namespace:: ksm.config.namespace, - version:: ksm.config.version, - image:: ksm.config.image, - commonLabels:: ksm.config.commonLabels, - podLabels:: ksm.config.selectorLabels, + name:: ksm._config.name, + namespace:: ksm._config.namespace, + version:: ksm._config.version, + image:: ksm._config.image, + commonLabels:: ksm._config.commonLabels, + podLabels:: ksm._config.selectorLabels, mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { - _config+:: ksm.config.mixin._config, + _config+:: ksm._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: ksm.config.commonLabels + ksm.config.mixin.ruleLabels, - name: ksm.config.name + '-rules', - namespace: ksm.config.namespace, + labels: ksm._config.commonLabels + ksm._config.mixin.ruleLabels, + name: ksm._config.name + '-rules', + namespace: ksm._config.namespace, }, spec: { local r = if std.objectHasAll(ksm.mixin, 'prometheusRules') then ksm.mixin.prometheusRules.groups else [], @@ -115,7 +115,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- livenessProbe:: null, readinessProbe:: null, args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], - resources: ksm.config.resources, + resources: ksm._config.resources, }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], }, }, @@ -127,18 +127,18 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- kind: 'ServiceMonitor', metadata: { name: ksm.name, - namespace: ksm.config.namespace, - labels: ksm.config.commonLabels, + namespace: ksm._config.namespace, + labels: ksm._config.commonLabels, }, spec: { jobLabel: 'app.kubernetes.io/name', - selector: { matchLabels: ksm.config.selectorLabels }, + selector: { matchLabels: ksm._config.selectorLabels }, endpoints: [ { port: 'https-main', scheme: 'https', - interval: ksm.config.scrapeInterval, - scrapeTimeout: ksm.config.scrapeTimeout, + interval: ksm._config.scrapeInterval, + scrapeTimeout: ksm._config.scrapeTimeout, honorLabels: true, bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', relabelings: [ @@ -154,7 +154,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- { port: 'https-self', scheme: 'https', - interval: ksm.config.scrapeInterval, + interval: ksm._config.scrapeInterval, bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', tlsConfig: { insecureSkipVerify: true, diff --git a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet index d4f3d9d2..b32f9469 100644 --- a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet @@ -18,22 +18,22 @@ local defaults = { function(params) { local m = self, - config:: defaults + params, + _config:: defaults + params, local alertsandrules = (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet'), mixin:: alertsandrules + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { - _config+:: m.config.mixin._config, + _config+:: m._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: m.config.commonLabels + m.config.mixin.ruleLabels, - name: m.config.name + '-rules', - namespace: m.config.namespace, + labels: m._config.commonLabels + m._config.mixin.ruleLabels, + name: m._config.name + '-rules', + namespace: m._config.namespace, }, spec: { local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules.groups else [], diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index c5c8b971..0f07f8af 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -37,23 +37,23 @@ local defaults = { function(params) { local ne = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(ne.config.resources), - assert std.isObject(ne.config.mixin._config), + assert std.isObject(ne._config.resources), + assert std.isObject(ne._config.mixin._config), mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { - _config+:: ne.config.mixin._config, + _config+:: ne._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: ne.config.commonLabels + ne.config.mixin.ruleLabels, - name: ne.config.name + '-rules', - namespace: ne.config.namespace, + labels: ne._config.commonLabels + ne._config.mixin.ruleLabels, + name: ne._config.name + '-rules', + namespace: ne._config.namespace, }, spec: { local r = if std.objectHasAll(ne.mixin, 'prometheusRules') then ne.mixin.prometheusRules.groups else [], @@ -66,18 +66,18 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRoleBinding', metadata: { - name: ne.config.name, - labels: ne.config.commonLabels, + name: ne._config.name, + labels: ne._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', - name: ne.config.name, + name: ne._config.name, }, subjects: [{ kind: 'ServiceAccount', - name: ne.config.name, - namespace: ne.config.namespace, + name: ne._config.name, + namespace: ne._config.namespace, }], }, @@ -85,8 +85,8 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', metadata: { - name: ne.config.name, - labels: ne.config.commonLabels, + name: ne._config.name, + labels: ne._config.commonLabels, }, rules: [ { @@ -106,9 +106,9 @@ function(params) { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { - name: ne.config.name, - namespace: ne.config.namespace, - labels: ne.config.commonLabels, + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, }, }, @@ -116,15 +116,15 @@ function(params) { apiVersion: 'v1', kind: 'Service', metadata: { - name: ne.config.name, - namespace: ne.config.namespace, - labels: ne.config.commonLabels, + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, }, spec: { ports: [ - { name: 'https', targetPort: 'https', port: ne.config.port }, + { name: 'https', targetPort: 'https', port: ne._config.port }, ], - selector: ne.config.selectorLabels, + selector: ne._config.selectorLabels, clusterIP: 'None', }, }, @@ -133,14 +133,14 @@ function(params) { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { - name: ne.config.name, - namespace: ne.config.namespace, - labels: ne.config.commonLabels, + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, }, spec: { jobLabel: 'app.kubernetes.io/name', selector: { - matchLabels: ne.config.selectorLabels, + matchLabels: ne._config.selectorLabels, }, endpoints: [{ port: 'https', @@ -165,10 +165,10 @@ function(params) { daemonset: local nodeExporter = { - name: ne.config.name, - image: ne.config.image, + name: ne._config.name, + image: ne._config.image, args: [ - '--web.listen-address=' + std.join(':', [ne.config.listenAddress, std.toString(ne.config.port)]), + '--web.listen-address=' + std.join(':', [ne._config.listenAddress, std.toString(ne._config.port)]), '--path.sysfs=/host/sys', '--path.rootfs=/host/root', '--no-collector.wifi', @@ -181,14 +181,14 @@ function(params) { { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true }, ], - resources: ne.config.resources, + resources: ne._config.resources, }; local kubeRbacProxy = krp({ name: 'kube-rbac-proxy', //image: krpImage, - upstream: 'http://127.0.0.1:' + ne.config.port + '/', - secureListenAddress: '[$(IP)]:' + ne.config.port, + upstream: 'http://127.0.0.1:' + ne._config.port + '/', + secureListenAddress: '[$(IP)]:' + ne._config.port, // Keep `hostPort` here, rather than in the node-exporter container // because Kubernetes mandates that if you define a `hostPort` then // `containerPort` must match. In our case, we are splitting the @@ -198,7 +198,7 @@ function(params) { // forgo declaring the host port, however it is important to declare // it so that the scheduler can decide if the pod is schedulable. ports: [ - { name: 'https', containerPort: ne.config.port, hostPort: ne.config.port }, + { name: 'https', containerPort: ne._config.port, hostPort: ne._config.port }, ], }) + { env: [ @@ -210,18 +210,18 @@ function(params) { apiVersion: 'apps/v1', kind: 'DaemonSet', metadata: { - name: ne.config.name, - namespace: ne.config.namespace, - labels: ne.config.commonLabels, + name: ne._config.name, + namespace: ne._config.namespace, + labels: ne._config.commonLabels, }, spec: { - selector: { matchLabels: ne.config.selectorLabels }, + selector: { matchLabels: ne._config.selectorLabels }, updateStrategy: { type: 'RollingUpdate', rollingUpdate: { maxUnavailable: '10%' }, }, template: { - metadata: { labels: ne.config.commonLabels }, + metadata: { labels: ne._config.commonLabels }, spec: { nodeSelector: { 'kubernetes.io/os': 'linux' }, tolerations: [{ @@ -232,7 +232,7 @@ function(params) { { name: 'sys', hostPath: { path: '/sys' } }, { name: 'root', hostPath: { path: '/' } }, ], - serviceAccountName: ne.config.name, + serviceAccountName: ne._config.name, securityContext: { runAsUser: 65534, runAsNonRoot: true, diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index e2be622c..71ef5275 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -56,21 +56,21 @@ local defaults = { function(params) { local pa = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(pa.config.resources), + assert std.isObject(pa._config.resources), apiService: { apiVersion: 'apiregistration.k8s.io/v1', kind: 'APIService', metadata: { name: 'v1beta1.metrics.k8s.io', - labels: pa.config.commonLabels, + labels: pa._config.commonLabels, }, spec: { service: { name: $.service.metadata.name, - namespace: pa.config.namespace, + namespace: pa._config.namespace, }, group: 'metrics.k8s.io', version: 'v1beta1', @@ -85,23 +85,23 @@ function(params) { kind: 'ConfigMap', metadata: { name: 'adapter-config', - namespace: pa.config.namespace, - labels: pa.config.commonLabels, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, }, - data: { 'config.yaml': std.manifestYamlDoc(pa.config.config) }, + data: { 'config.yaml': std.manifestYamlDoc(pa._config.config) }, }, serviceMonitor: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { - name: pa.config.name, - namespace: pa.config.namespace, - labels: pa.config.commonLabels, + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, }, spec: { selector: { - matchLabels: pa.config.selectorLabels, + matchLabels: pa._config.selectorLabels, }, endpoints: [ { @@ -121,28 +121,28 @@ function(params) { apiVersion: 'v1', kind: 'Service', metadata: { - name: pa.config.name, - namespace: pa.config.namespace, - labels: pa.config.commonLabels, + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, }, spec: { ports: [ { name: 'https', targetPort: 6443, port: 443 }, ], - selector: pa.config.selectorLabels, + selector: pa._config.selectorLabels, }, }, deployment: local c = { - name: pa.config.name, - image: pa.config.image, + name: pa._config.name, + image: pa._config.image, args: [ '--cert-dir=/var/run/serving-cert', '--config=/etc/adapter/config.yaml', '--logtostderr=true', '--metrics-relist-interval=1m', - '--prometheus-url=' + pa.config.prometheusURL, + '--prometheus-url=' + pa._config.prometheusURL, '--secure-port=6443', ], ports: [{ containerPort: 6443 }], @@ -157,13 +157,13 @@ function(params) { apiVersion: 'apps/v1', kind: 'Deployment', metadata: { - name: pa.config.name, - namespace: pa.config.namespace, - labels: pa.config.commonLabels, + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, }, spec: { replicas: 1, - selector: { matchLabels: pa.config.selectorLabels }, + selector: { matchLabels: pa._config.selectorLabels }, strategy: { rollingUpdate: { maxSurge: 1, @@ -171,7 +171,7 @@ function(params) { }, }, template: { - metadata: { labels: pa.config.commonLabels }, + metadata: { labels: pa._config.commonLabels }, spec: { containers: [c], serviceAccountName: $.serviceAccount.metadata.name, @@ -190,9 +190,9 @@ function(params) { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { - name: pa.config.name, - namespace: pa.config.namespace, - labels: pa.config.commonLabels, + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, }, }, @@ -200,8 +200,8 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', metadata: { - name: pa.config.name, - labels: pa.config.commonLabels, + name: pa._config.name, + labels: pa._config.commonLabels, }, rules: [{ apiGroups: [''], @@ -214,8 +214,8 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRoleBinding', metadata: { - name: pa.config.name, - labels: pa.config.commonLabels, + name: pa._config.name, + labels: pa._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -225,7 +225,7 @@ function(params) { subjects: [{ kind: 'ServiceAccount', name: $.serviceAccount.metadata.name, - namespace: pa.config.namespace, + namespace: pa._config.namespace, }], }, @@ -234,7 +234,7 @@ function(params) { kind: 'ClusterRoleBinding', metadata: { name: 'resource-metrics:system:auth-delegator', - labels: pa.config.commonLabels, + labels: pa._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -244,7 +244,7 @@ function(params) { subjects: [{ kind: 'ServiceAccount', name: $.serviceAccount.metadata.name, - namespace: pa.config.namespace, + namespace: pa._config.namespace, }], }, @@ -253,7 +253,7 @@ function(params) { kind: 'ClusterRole', metadata: { name: 'resource-metrics-server-resources', - labels: pa.config.commonLabels, + labels: pa._config.commonLabels, }, rules: [{ apiGroups: ['metrics.k8s.io'], @@ -271,7 +271,7 @@ function(params) { 'rbac.authorization.k8s.io/aggregate-to-admin': 'true', 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', 'rbac.authorization.k8s.io/aggregate-to-view': 'true', - } + pa.config.commonLabels, + } + pa._config.commonLabels, }, rules: [{ apiGroups: ['metrics.k8s.io'], @@ -286,7 +286,7 @@ function(params) { metadata: { name: 'resource-metrics-auth-reader', namespace: 'kube-system', - labels: pa.config.commonLabels, + labels: pa._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -296,7 +296,7 @@ function(params) { subjects: [{ kind: 'ServiceAccount', name: $.serviceAccount.metadata.name, - namespace: pa.config.namespace, + namespace: pa._config.namespace, }], }, } diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index 75bed255..7b6d0a33 100644 --- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -42,18 +42,20 @@ function(params) prometheusOperator(config) { local po = self, + // declare variable as a field to allow overriding options and to have unified API across all components + _config:: config, mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { - _config+:: config.mixin._config, + _config+:: po._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: config.commonLabels + config.mixin.ruleLabels, - name: config.name + '-rules', - namespace: config.namespace, + labels: po._config.commonLabels + po._config.mixin.ruleLabels, + name: po._config.name + '-rules', + namespace: po._config.namespace, }, spec: { local r = if std.objectHasAll(po.mixin, 'prometheusRules') then po.mixin.prometheusRules.groups else [], diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 7d0d0729..5c88881a 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -44,31 +44,31 @@ local defaults = { function(params) { local p = self, - config:: defaults + params, + _config:: defaults + params, // Safety check - assert std.isObject(p.config.resources), - assert std.isObject(p.config.mixin._config), + assert std.isObject(p._config.resources), + assert std.isObject(p._config.mixin._config), mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') + ( - if p.config.thanos != {} then + if p._config.thanos != {} then (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { sidecar: { - selector: p.config.mixin._config.thanosSelector, + selector: p._config.mixin._config.thanosSelector, }, } else {} ) { - _config+:: p.config.mixin._config, + _config+:: p._config.mixin._config, }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: p.config.commonLabels + p.config.mixin.ruleLabels, - name: 'prometheus-' + p.config.name + '-prometheus-rules', - namespace: p.config.namespace, + labels: p._config.commonLabels + p._config.mixin.ruleLabels, + name: 'prometheus-' + p._config.name + '-prometheus-rules', + namespace: p._config.namespace, }, spec: { local r = if std.objectHasAll(p.mixin, 'prometheusRules') then p.mixin.prometheusRules.groups else [], @@ -81,9 +81,9 @@ function(params) { apiVersion: 'v1', kind: 'ServiceAccount', metadata: { - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels, }, }, @@ -91,20 +91,20 @@ function(params) { apiVersion: 'v1', kind: 'Service', metadata: { - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, - labels: { prometheus: p.config.name } + p.config.commonLabels, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: { prometheus: p._config.name } + p._config.commonLabels, }, spec: { ports: [ { name: 'web', targetPort: 'web', port: 9090 }, ] + ( - if p.config.thanos != {} then + if p._config.thanos != {} then [{ name: 'grpc', port: 10901, targetPort: 10901 }] else [] ), - selector: { app: 'prometheus' } + p.config.selectorLabels, + selector: { app: 'prometheus' } + p._config.selectorLabels, sessionAffinity: 'ClientIP', }, }, @@ -114,33 +114,33 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'RoleBinding', metadata: { - name: 'prometheus-' + p.config.name, + name: 'prometheus-' + p._config.name, namespace: namespace, - labels: p.config.commonLabels, + labels: p._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'Role', - name: 'prometheus-' + p.config.name, + name: 'prometheus-' + p._config.name, }, subjects: [{ kind: 'ServiceAccount', - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, }], }; { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'RoleBindingList', - items: [newSpecificRoleBinding(x) for x in p.config.namespaces], + items: [newSpecificRoleBinding(x) for x in p._config.namespaces], }, clusterRole: { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRole', metadata: { - name: 'prometheus-' + p.config.name, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name, + labels: p._config.commonLabels, }, rules: [ { @@ -159,9 +159,9 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'Role', metadata: { - name: 'prometheus-' + p.config.name + '-config', - namespace: p.config.namespace, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name + '-config', + namespace: p._config.namespace, + labels: p._config.commonLabels, }, rules: [{ apiGroups: [''], @@ -174,19 +174,19 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'RoleBinding', metadata: { - name: 'prometheus-' + p.config.name + '-config', - namespace: p.config.namespace, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name + '-config', + namespace: p._config.namespace, + labels: p._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'Role', - name: 'prometheus-' + p.config.name + '-config', + name: 'prometheus-' + p._config.name + '-config', }, subjects: [{ kind: 'ServiceAccount', - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, }], }, @@ -194,18 +194,18 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'ClusterRoleBinding', metadata: { - name: 'prometheus-' + p.config.name, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name, + labels: p._config.commonLabels, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', kind: 'ClusterRole', - name: 'prometheus-' + p.config.name, + name: 'prometheus-' + p._config.name, }, subjects: [{ kind: 'ServiceAccount', - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, }], }, @@ -214,9 +214,9 @@ function(params) { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'Role', metadata: { - name: 'prometheus-' + p.config.name, + name: 'prometheus-' + p._config.name, namespace: namespace, - labels: p.config.commonLabels, + labels: p._config.commonLabels, }, rules: [ { @@ -234,23 +234,23 @@ function(params) { { apiVersion: 'rbac.authorization.k8s.io/v1', kind: 'RoleList', - items: [newSpecificRole(x) for x in p.config.namespaces], + items: [newSpecificRole(x) for x in p._config.namespaces], }, [if (defaults + params).replicas > 1 then 'podDisruptionBudget']: { apiVersion: 'policy/v1beta1', kind: 'PodDisruptionBudget', metadata: { - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels, }, spec: { minAvailable: 1, selector: { matchLabels: { - prometheus: p.config.name, - } + p.config.selectorLabels, + prometheus: p._config.name, + } + p._config.selectorLabels, }, }, }, @@ -259,19 +259,19 @@ function(params) { apiVersion: 'monitoring.coreos.com/v1', kind: 'Prometheus', metadata: { - name: p.config.name, - namespace: p.config.namespace, - labels: { prometheus: p.config.name } + p.config.commonLabels, + name: p._config.name, + namespace: p._config.namespace, + labels: { prometheus: p._config.name } + p._config.commonLabels, }, spec: { - replicas: p.config.replicas, - version: p.config.version, - image: p.config.image, + replicas: p._config.replicas, + version: p._config.version, + image: p._config.image, podMetadata: { - labels: p.config.commonLabels, + labels: p._config.commonLabels, }, - externalLabels: p.config.externalLabels, - serviceAccountName: 'prometheus-' + p.config.name, + externalLabels: p._config.externalLabels, + serviceAccountName: 'prometheus-' + p._config.name, serviceMonitorSelector: {}, podMonitorSelector: {}, probeSelector: {}, @@ -279,12 +279,12 @@ function(params) { podMonitorNamespaceSelector: {}, probeNamespaceSelector: {}, nodeSelector: { 'kubernetes.io/os': 'linux' }, - ruleSelector: p.config.ruleSelector, - resources: p.config.resources, + ruleSelector: p._config.ruleSelector, + resources: p._config.resources, alerting: { alertmanagers: [{ - namespace: p.config.namespace, - name: 'alertmanager-' + p.config.alertmanagerName, + namespace: p._config.namespace, + name: 'alertmanager-' + p._config.alertmanagerName, port: 'web', apiVersion: 'v2', }], @@ -294,7 +294,7 @@ function(params) { runAsNonRoot: true, fsGroup: 2000, }, - [if std.objectHas(params, 'thanos') then 'thanos']: p.config.thanos, + [if std.objectHas(params, 'thanos') then 'thanos']: p._config.thanos, }, }, @@ -302,13 +302,13 @@ function(params) { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { - name: 'prometheus-' + p.config.name, - namespace: p.config.namespace, - labels: p.config.commonLabels, + name: 'prometheus-' + p._config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels, }, spec: { selector: { - matchLabels: p.config.selectorLabels, + matchLabels: p._config.selectorLabels, }, endpoints: [{ port: 'web', @@ -322,10 +322,10 @@ function(params) { apiVersion: 'v1', kind: 'Service', metadata+: { - name: 'prometheus-' + p.config.name + '-thanos-sidecar', - namespace: p.config.namespace, - labels+: p.config.commonLabels { - prometheus: p.config.name, + name: 'prometheus-' + p._config.name + '-thanos-sidecar', + namespace: p._config.namespace, + labels+: p._config.commonLabels { + prometheus: p._config.name, 'app.kubernetes.io/component': 'thanos-sidecar', }, }, @@ -334,8 +334,8 @@ function(params) { { name: 'grpc', port: 10901, targetPort: 10901 }, { name: 'http', port: 10902, targetPort: 10902 }, ], - selector: p.config.selectorLabels { - prometheus: p.config.name, + selector: p._config.selectorLabels { + prometheus: p._config.name, 'app.kubernetes.io/component': 'prometheus', }, clusterIP: 'None', @@ -348,9 +348,9 @@ function(params) { kind: 'ServiceMonitor', metadata+: { name: 'thanos-sidecar', - namespace: p.config.namespace, - labels: p.config.commonLabels { - prometheus: p.config.name, + namespace: p._config.namespace, + labels: p._config.commonLabels { + prometheus: p._config.name, 'app.kubernetes.io/component': 'thanos-sidecar', }, }, @@ -358,7 +358,7 @@ function(params) { jobLabel: 'app.kubernetes.io/component', selector: { matchLabels: { - prometheus: p.config.name, + prometheus: p._config.name, 'app.kubernetes.io/component': 'thanos-sidecar', }, }, diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index 815c1234..9fa55750 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -69,9 +69,9 @@ apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: $.prometheus.config.commonLabels + $.prometheus.config.mixin.ruleLabels, + labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels, name: 'eks-rules', - namespace: $.prometheus.config.namespace, + namespace: $.prometheus._config.namespace, }, spec: { groups: [ From 5d2156ffbf4c21774b2d37ff6d4affed3e5c0116 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Mar 2021 18:05:45 +0100 Subject: [PATCH 209/388] jsonnet/addons: simplify managed-cluster addon Signed-off-by: paulfantom --- jsonnet/kube-prometheus/addons/managed-cluster.libsonnet | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet index f936375c..79c464a6 100644 --- a/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet +++ b/jsonnet/kube-prometheus/addons/managed-cluster.libsonnet @@ -2,12 +2,9 @@ // Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'main.libsonnet' defaults { - local k = super.kubernetesControlPlane, - kubernetesControlPlane+: { - [q]: null - for q in std.objectFields(k) - if std.setMember(q, ['serviceMonitorKubeControllerManager', 'serviceMonitorKubeScheduler']) + serviceMonitorKubeControllerManager:: null, + serviceMonitorKubeScheduler:: null, } + { prometheusRule+: { spec+: { From 4e5087c665e532829191efbffe972418e5952f84 Mon Sep 17 00:00:00 2001 From: Jan Fajerski Date: Wed, 24 Mar 2021 16:51:54 +0100 Subject: [PATCH 210/388] jsonnet: update kubernetes-mixins Signed-off-by: Jan Fajerski --- jsonnetfile.lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 3d578a52..34d52efa 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "4a8e078147dbca51067521e6ac59c7b54d44d3bd", - "sum": "D5XwKXhd3c0e+1D5iRgUhStB0qpcT4dSCmytuGQa3+k=" + "version": "0eed665cfd5c4710e59a1d3b3beb80078608fcba", + "sum": "R9xO3uraXGkiccI8snVRzFA2VHEp7JjGvnIU1PJHfQo=" }, { "source": { From 9966c375732cce55e3fb3bf427c9a7c9fe0b57b7 Mon Sep 17 00:00:00 2001 From: Jan Fajerski Date: Wed, 24 Mar 2021 16:52:30 +0100 Subject: [PATCH 211/388] update generated manifests Signed-off-by: Jan Fajerski --- manifests/grafana-dashboardDefinitions.yaml | 662 ++++++++------------ manifests/kubernetes-prometheusRule.yaml | 22 +- 2 files changed, 277 insertions(+), 407 deletions(-) diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 56e92f0b..7e0b4844 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -3697,7 +3697,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{job=\"kube-controller-manager\"})", + "expr": "sum(up{cluster=\"$cluster\", job=\"kube-controller-manager\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -3766,7 +3766,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(workqueue_adds_total{job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", + "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{name}}", @@ -3872,7 +3872,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(workqueue_depth{job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", + "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{name}}", @@ -3978,7 +3978,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name, le))", + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{name}}", @@ -4198,7 +4198,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -4304,7 +4304,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -4410,7 +4410,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "process_resident_memory_bytes{job=\"kube-controller-manager\",instance=~\"$instance\"}", + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -4503,7 +4503,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(process_cpu_seconds_total{job=\"kube-controller-manager\",instance=~\"$instance\"}[5m])", + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -4596,7 +4596,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "go_goroutines{job=\"kube-controller-manager\",instance=~\"$instance\"}", + "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -4680,6 +4680,32 @@ items: "allValue": null, "current": { + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + }, "datasource": "$datasource", "hide": 0, @@ -4690,7 +4716,7 @@ items: "options": [ ], - "query": "label_values(process_cpu_seconds_total{job=\"kube-controller-manager\"}, instance)", + "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)", "refresh": 2, "regex": "", "sort": 1, @@ -4893,7 +4919,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "expr": "sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5145,7 +5171,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5624,7 +5650,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -5633,7 +5659,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6435,7 +6461,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -6475,7 +6501,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6527,19 +6553,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -6573,7 +6587,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6631,7 +6645,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -6671,7 +6685,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6723,19 +6737,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -6769,7 +6771,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6827,7 +6829,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Average Container Bandwidth by Namespace", "titleSize": "h6" }, { @@ -6867,7 +6869,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -6919,19 +6921,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -6965,7 +6955,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -7023,7 +7013,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -7063,7 +7053,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -7115,19 +7105,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -7161,7 +7139,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -7219,7 +7197,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -7723,8 +7701,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -7733,8 +7712,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -8129,8 +8109,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -8139,8 +8120,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -8879,7 +8861,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -8919,7 +8901,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -8971,19 +8953,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -9017,7 +8987,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9075,7 +9045,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -9115,7 +9085,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9167,19 +9137,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -9213,7 +9171,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9271,7 +9229,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -9311,7 +9269,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9363,19 +9321,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -9409,7 +9355,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -9467,7 +9413,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -10637,7 +10583,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", cluster=\"$cluster\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -10751,7 +10697,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", + "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -10993,7 +10939,7 @@ items: ], "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11127,7 +11073,7 @@ items: "dashes": true, "fill": 0, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -11137,7 +11083,7 @@ items: "dashes": true, "fill": 0, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -11148,7 +11094,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -11456,7 +11402,7 @@ items: ], "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11501,7 +11447,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11510,7 +11456,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11519,7 +11465,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11615,12 +11561,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11667,19 +11613,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -11714,12 +11648,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11772,7 +11706,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -11813,12 +11747,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11865,19 +11799,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -11912,12 +11834,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11970,7 +11892,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -12011,12 +11933,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -12063,19 +11985,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -12110,12 +12020,12 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -12168,7 +12078,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -13380,7 +13290,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -13420,7 +13330,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13472,19 +13382,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -13518,7 +13416,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13576,7 +13474,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -13616,7 +13514,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13668,19 +13566,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -13714,7 +13600,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13772,7 +13658,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Average Container Bandwidth by Pod", "titleSize": "h6" }, { @@ -13812,7 +13698,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13864,19 +13750,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -13910,7 +13784,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -13968,7 +13842,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -14008,7 +13882,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -14060,19 +13934,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -14106,7 +13968,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -14164,7 +14026,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -14401,8 +14263,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -14411,8 +14274,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -14854,8 +14718,9 @@ items: "color": "#F2495C", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false }, @@ -14864,8 +14729,9 @@ items: "color": "#FF9830", "dashes": true, "fill": 0, + "hiddenSeries": true, "hideTooltip": true, - "legend": false, + "legend": true, "linewidth": 2, "stack": false } @@ -15586,7 +15452,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Current Network Usage", "titleSize": "h6" }, { @@ -15626,7 +15492,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15678,19 +15544,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -15724,7 +15578,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15782,7 +15636,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Bandwidth", "titleSize": "h6" }, { @@ -15822,7 +15676,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15874,19 +15728,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -15920,7 +15762,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -15978,7 +15820,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Average Container Bandwidth by Workload", "titleSize": "h6" }, { @@ -16018,7 +15860,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16070,19 +15912,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -16116,7 +15946,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16174,7 +16004,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets", "titleSize": "h6" }, { @@ -16214,7 +16044,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16266,19 +16096,7 @@ items: "show": false } ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ + }, { "aliasColors": { @@ -16312,7 +16130,7 @@ items: ], "spaceLength": 10, - "span": 12, + "span": 6, "stack": true, "steppedLine": false, "targets": [ @@ -16370,7 +16188,7 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Network", + "title": "Rate of Packets Dropped", "titleSize": "h6" } ], @@ -16397,38 +16215,6 @@ items: "regex": "", "type": "datasource" }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "deployment", - "value": "deployment" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, { "allValue": null, "current": { @@ -16456,6 +16242,38 @@ items: "type": "query", "useTags": false }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, { "allValue": null, "current": { @@ -29895,7 +29713,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{job=\"kube-proxy\"})", + "expr": "sum(up{cluster=\"$cluster\", job=\"kube-proxy\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -29964,7 +29782,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", + "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "rate", @@ -30057,7 +29875,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", + "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30163,7 +29981,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", + "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "rate", @@ -30256,7 +30074,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{job=\"kube-proxy\", instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30362,28 +30180,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "2xx", "refId": "A" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "3xx", "refId": "B" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "4xx", "refId": "C" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "5xx", @@ -30476,7 +30294,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -30582,7 +30400,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -30688,7 +30506,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "process_resident_memory_bytes{job=\"kube-proxy\",instance=~\"$instance\"}", + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30781,7 +30599,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(process_cpu_seconds_total{job=\"kube-proxy\",instance=~\"$instance\"}[5m])", + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30874,7 +30692,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "go_goroutines{job=\"kube-proxy\",instance=~\"$instance\"}", + "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -30958,6 +30776,32 @@ items: "allValue": null, "current": { + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + }, "datasource": "$datasource", "hide": 0, @@ -30968,7 +30812,7 @@ items: "options": [ ], - "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{job=\"kube-proxy\"}, instance)", + "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\"}, instance)", "refresh": 2, "regex": "", "sort": 1, @@ -31115,7 +30959,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{job=\"kube-scheduler\"})", + "expr": "sum(up{cluster=\"$cluster\", job=\"kube-scheduler\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -31184,28 +31028,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} e2e", "refId": "A" }, { - "expr": "sum(rate(scheduler_binding_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} binding", "refId": "B" }, { - "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} scheduling algorithm", "refId": "C" }, { - "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} volume", @@ -31298,28 +31142,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} e2e", "refId": "A" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} binding", "refId": "B" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} scheduling algorithm", "refId": "C" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} volume", @@ -31425,28 +31269,28 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "2xx", "refId": "A" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "3xx", "refId": "B" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "4xx", "refId": "C" }, { - "expr": "sum(rate(rest_client_requests_total{job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[5m]))", "format": "time_series", "intervalFactor": 2, "legendFormat": "5xx", @@ -31539,7 +31383,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -31645,7 +31489,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{verb}} {{url}}", @@ -31751,7 +31595,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "process_resident_memory_bytes{job=\"kube-scheduler\", instance=~\"$instance\"}", + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -31844,7 +31688,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(process_cpu_seconds_total{job=\"kube-scheduler\", instance=~\"$instance\"}[5m])", + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -31937,7 +31781,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "go_goroutines{job=\"kube-scheduler\",instance=~\"$instance\"}", + "expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -32021,6 +31865,32 @@ items: "allValue": null, "current": { + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + }, "datasource": "$datasource", "hide": 0, @@ -32031,7 +31901,7 @@ items: "options": [ ], - "query": "label_values(process_cpu_seconds_total{job=\"kube-scheduler\"}, instance)", + "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\"}, instance)", "refresh": 2, "regex": "", "sort": 1, diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 4dc01f2f..968f5f61 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -61,7 +61,7 @@ spec: != kube_deployment_status_replicas_available{job="kube-state-metrics"} ) and ( - changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[5m]) + changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[10m]) == 0 ) @@ -79,7 +79,7 @@ spec: != kube_statefulset_status_replicas{job="kube-state-metrics"} ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[5m]) + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics"}[10m]) == 0 ) @@ -401,7 +401,7 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch summary: Different semantic versions of Kubernetes components running. expr: | - count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 + count(count by (git_version) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1 for: 15m labels: severity: warning @@ -1199,7 +1199,7 @@ spec: rules: - expr: | sum by (cluster, namespace, pod, container) ( - rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]) + rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}[5m]) ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) @@ -1229,9 +1229,9 @@ spec: ) record: node_namespace_pod_container:container_memory_swap - expr: | - sum by (namespace) ( - sum by (namespace, pod) ( - max by (namespace, pod, container) ( + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} ) * on(namespace, pod) group_left() max by (namespace, pod) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 @@ -1240,9 +1240,9 @@ spec: ) record: namespace:kube_pod_container_resource_requests_memory_bytes:sum - expr: | - sum by (namespace) ( - sum by (namespace, pod) ( - max by (namespace, pod, container) ( + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} ) * on(namespace, pod) group_left() max by (namespace, pod) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 @@ -1346,7 +1346,7 @@ spec: count by (cluster, node) (sum by (node, cpu) ( node_cpu_seconds_total{job="node-exporter"} * on (namespace, pod) group_left(node) - node_namespace_pod:kube_pod_info: + topk by(namespace, pod) (1, node_namespace_pod:kube_pod_info:) )) record: node:node_num_cpu:sum - expr: | From 35a22050e08965b1989a45d6cc099fecbf10551e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 11 Mar 2021 12:32:05 +0100 Subject: [PATCH 212/388] *: update dependencies Signed-off-by: paulfantom --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 36 ++++++++++++------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 947aef1e..e05b298e 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -80,7 +80,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "release-2.24", + "version": "release-2.25", "name": "prometheus" }, { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 780497be..537db026 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "4204279da8d3d6317116ee161ac706fadbba9193", - "sum": "VUavLhri7lTnJ2V7F9lDlL+K96NwIhqqlxMtasYBs3Q=" + "version": "8ea4e7bc04b1bf5e9bd99918ca28c6271b42be0e", + "sum": "muenICtKXABk6MZZHCZD2wCbmtiE96GwWRMGa1Rg+wA=" }, { "source": { @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "63cb3c97b7b1f09b09f6a62a65bb0fca821113ae", + "version": "8ee1dd9e23bce4d9770816edf5816b13767ac51d", "sum": "EgKKzxcW3ttt7gjPMX//DNTqNcn/0o2VAIaWJ/HSLEc=" }, { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "b0d72d6ed0e9fcab83fc2dd954b3bd57113e768c", - "sum": "g2UC37YmOShdIFThAO99Uw89UO+H3sHt+y0ionv9/sA=" + "version": "daad85cf3fad3580e58029414630e29956aefe21", + "sum": "zkOBVXtNSGlOdbm5TRCbEik7c/Jk+btbJqaE9qW8j3Y=" }, { "source": { @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "2cef89cb717c8b596443ac5de0415d1ffdb42252", - "sum": "EmHrmBY8PbnV0BKXmVWvAEmax6eglRinKSyZbTmVWuc=" + "version": "5d376192970fc4eab52005ac08168e7109c87075", + "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { "source": { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "0eed665cfd5c4710e59a1d3b3beb80078608fcba", - "sum": "R9xO3uraXGkiccI8snVRzFA2VHEp7JjGvnIU1PJHfQo=" + "version": "0e9fc466b492e45cfd1a59a09ab10162bf8b1baa", + "sum": "1GkBTf5DP+tYDimZZUrdoDkx0Cr5yeil3odK7Ilbfuc=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "4a8e078147dbca51067521e6ac59c7b54d44d3bd", + "version": "0e9fc466b492e45cfd1a59a09ab10162bf8b1baa", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -79,7 +79,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "8fb9b23f7376be9014f110b83a83fe930e027726", + "version": "6ba0712daefa77e89c18f99f82cb8f2fc9d009ec", "sum": "aE6e4P6NiMf5eQMv0w4hy+oSeLBzwCrjUSkP+DSgrro=" }, { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "8fb9b23f7376be9014f110b83a83fe930e027726", + "version": "6ba0712daefa77e89c18f99f82cb8f2fc9d009ec", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "7f94a06b86d41c20176f0d5b53aa0100fdc361e6", + "version": "bbb2431b998d18a1b4c61ef1cd933ffa13af1a4c", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -119,7 +119,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "3f46b62d75da4d68d2098388797e6a61fcc5e043", + "version": "10757eb5fb78c5c58586812721e9833b0d8500ee", "sum": "VP1vn/WTGLZaBgGhGMUO81qNTc/fnp5KtzVjcaxad6Q=", "name": "alertmanager" }, @@ -130,8 +130,8 @@ "subdir": "docs/node-mixin" } }, - "version": "cfdd9dd0c983057df5e814e067fadbf8c7781559", - "sum": "rvyiD/yCB4BeYAWqYF53bP8c+aCUt2ipLHW2Ea8ELO8=" + "version": "1dfd858e4aaa35e2595348dd13540700cd9df89b", + "sum": "cZTNXQMUCLB5FGYpMn845dcqGdkcYt58qCqOFIV/BoQ=" }, { "source": { @@ -140,8 +140,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "e4487274853c587717006eeda8804e597d120340", - "sum": "6kUzElCBWZ5U/3cxEpHNMmoKKPubG45QxpmLu8PGg08=", + "version": "bda05a23ada314a0b9806a362da39b7a1a4e04c3", + "sum": "VK0c3sQ3ksiM6JQsAVfWmL5NbzGv9llMfXFNXfFdJ+A=", "name": "prometheus" }, { From c960da64bb48ea92ca571cb93ff8b5fb6fee69cf Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 25 Mar 2021 14:22:38 +0100 Subject: [PATCH 213/388] manifests: regenerate --- manifests/grafana-dashboardDefinitions.yaml | 186 ++++++++++---------- manifests/grafana-service.yaml | 1 - manifests/kubernetes-prometheusRule.yaml | 52 +++--- manifests/node-exporter-prometheusRule.yaml | 6 +- manifests/prometheus-prometheusRule.yaml | 6 +- 5 files changed, 123 insertions(+), 128 deletions(-) diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 7e0b4844..5a9f181d 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -4919,7 +4919,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "expr": "sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5003,7 +5003,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5087,7 +5087,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5171,7 +5171,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5255,7 +5255,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5659,7 +5659,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -5668,7 +5668,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -5677,7 +5677,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6077,7 +6077,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6086,7 +6086,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6095,7 +6095,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6104,7 +6104,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -7357,7 +7357,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7441,7 +7441,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7525,7 +7525,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"})", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"memory\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7609,7 +7609,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"})", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"memory\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7985,7 +7985,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -7994,7 +7994,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8003,7 +8003,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8012,7 +8012,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8450,7 +8450,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8459,7 +8459,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8468,7 +8468,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8477,7 +8477,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9843,7 +9843,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9852,7 +9852,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9861,7 +9861,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9870,7 +9870,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10271,7 +10271,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10280,7 +10280,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10289,7 +10289,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10298,7 +10298,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10591,7 +10591,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "requests", @@ -10599,7 +10599,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "limits", @@ -10948,7 +10948,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10957,7 +10957,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10966,7 +10966,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -10975,7 +10975,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11102,7 +11102,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "requests", @@ -11110,7 +11110,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "limits", @@ -11411,7 +11411,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11420,7 +11420,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11429,7 +11429,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11438,7 +11438,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11447,7 +11447,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\"}) by (container)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11456,7 +11456,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\"}) by (container)", + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11465,7 +11465,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\"}) by (container)", + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12535,7 +12535,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12544,7 +12544,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12553,7 +12553,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12562,7 +12562,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12906,7 +12906,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12915,7 +12915,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12924,7 +12924,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12933,7 +12933,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14594,7 +14594,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14603,7 +14603,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14612,7 +14612,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14621,7 +14621,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15049,7 +15049,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15058,7 +15058,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15067,7 +15067,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15076,7 +15076,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -22121,7 +22121,7 @@ items: "timeShift": null, "title": "CPU Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22207,7 +22207,7 @@ items: "timeShift": null, "title": "CPU Saturation (load1 per CPU)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22305,7 +22305,7 @@ items: "timeShift": null, "title": "Memory Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22391,7 +22391,7 @@ items: "timeShift": null, "title": "Memory Saturation (Major Page Faults)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22505,7 +22505,7 @@ items: "timeShift": null, "title": "Net Utilisation (Bytes Receive/Transmit)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22607,7 +22607,7 @@ items: "timeShift": null, "title": "Net Saturation (Drops Receive/Transmit)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22705,7 +22705,7 @@ items: "timeShift": null, "title": "Disk IO Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22791,7 +22791,7 @@ items: "timeShift": null, "title": "Disk IO Saturation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -22889,7 +22889,7 @@ items: "timeShift": null, "title": "Disk Space Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23074,7 +23074,7 @@ items: "timeShift": null, "title": "CPU Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23160,7 +23160,7 @@ items: "timeShift": null, "title": "CPU Saturation (Load1 per CPU)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23258,7 +23258,7 @@ items: "timeShift": null, "title": "Memory Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23344,7 +23344,7 @@ items: "timeShift": null, "title": "Memory Saturation (Major Page Faults)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23458,7 +23458,7 @@ items: "timeShift": null, "title": "Net Utilisation (Bytes Receive/Transmit)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23560,7 +23560,7 @@ items: "timeShift": null, "title": "Net Saturation (Drops Receive/Transmit)", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23658,7 +23658,7 @@ items: "timeShift": null, "title": "Disk IO Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23744,7 +23744,7 @@ items: "timeShift": null, "title": "Disk IO Saturation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -23842,7 +23842,7 @@ items: "timeShift": null, "title": "Disk Space Utilisation", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28610,7 +28610,7 @@ items: "timeShift": null, "title": "Prometheus Stats", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28709,7 +28709,7 @@ items: "timeShift": null, "title": "Target Sync", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28795,7 +28795,7 @@ items: "timeShift": null, "title": "Targets", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -28893,7 +28893,7 @@ items: "timeShift": null, "title": "Average Scrape Interval Duration", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29003,7 +29003,7 @@ items: "timeShift": null, "title": "Scrape failures", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29089,7 +29089,7 @@ items: "timeShift": null, "title": "Appended Samples", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29187,7 +29187,7 @@ items: "timeShift": null, "title": "Head Series", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29273,7 +29273,7 @@ items: "timeShift": null, "title": "Head Chunks", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29371,7 +29371,7 @@ items: "timeShift": null, "title": "Query Rate", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29457,7 +29457,7 @@ items: "timeShift": null, "title": "Stage Duration", "tooltip": { - "shared": true, + "shared": false, "sort": 0, "value_type": "individual" }, @@ -29523,7 +29523,7 @@ items: "type": "datasource" }, { - "allValue": null, + "allValue": ".+", "current": { "selected": true, "text": "All", @@ -29551,7 +29551,7 @@ items: "useTags": false }, { - "allValue": null, + "allValue": ".+", "current": { "selected": true, "text": "All", diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 003cdad9..a74ab4ac 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -17,4 +17,3 @@ spec: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - type: NodePort diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 968f5f61..6445fa0d 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -250,11 +250,11 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | - sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) + sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) / - sum(kube_node_status_allocatable_cpu_cores) + sum(kube_node_status_allocatable{resource="cpu"}) > - (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) + (count(kube_node_status_allocatable{resource="cpu"}) -1) / count(kube_node_status_allocatable{resource="cpu"}) for: 5m labels: severity: warning @@ -264,13 +264,13 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | - sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) + sum(namespace_memory:kube_pod_container_resource_requests_bytes:sum{}) / - sum(kube_node_status_allocatable_memory_bytes) + sum(kube_node_status_allocatable{resource="memory"}) > - (count(kube_node_status_allocatable_memory_bytes)-1) + (count(kube_node_status_allocatable{resource="memory"})-1) / - count(kube_node_status_allocatable_memory_bytes) + count(kube_node_status_allocatable{resource="memory"}) for: 5m labels: severity: warning @@ -279,11 +279,7 @@ spec: description: Cluster has overcommitted CPU resource requests for Namespaces. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit summary: Cluster has overcommitted CPU resource requests. - expr: | - sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) - / - sum(kube_node_status_allocatable_cpu_cores) - > 1.5 + expr: "sum(kube_resourcequota{job=\"kube-state-metrics\", type=\"hard\", resource=\"cpu\"})\n /\nsum(kube_node_status_allocatable{resource=\"cpu\"}) \n > 1.5\n" for: 5m labels: severity: warning @@ -295,7 +291,7 @@ spec: expr: | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) / - sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) + sum(kube_node_status_allocatable{resource="memory",job="kube-state-metrics"}) > 1.5 for: 5m labels: @@ -568,7 +564,7 @@ spec: ) / max by(node) ( - kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 + kube_node_status_capacity{job="kube-state-metrics",resource="pods"} != 1 ) > 0.95 for: 15m labels: @@ -1232,24 +1228,24 @@ spec: sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} - ) * on(namespace, pod) group_left() max by (namespace, pod) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace:kube_pod_container_resource_requests_memory_bytes:sum - - expr: | - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} - ) * on(namespace, pod) group_left() max by (namespace, pod) ( + kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) ) - record: namespace:kube_pod_container_resource_requests_cpu_cores:sum + record: namespace_memory:kube_pod_container_resource_requests:sum + - expr: | + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace_cpu:kube_pod_container_resource_requests:sum - expr: | max by (cluster, namespace, workload, pod) ( label_replace( diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 0b5e60b8..616f2b37 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -174,7 +174,7 @@ spec: severity: warning - alert: NodeClockSkewDetected annotations: - message: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + description: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected summary: Clock skew detected. expr: | @@ -194,7 +194,7 @@ spec: severity: warning - alert: NodeClockNotSynchronising annotations: - message: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. + description: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising summary: Clock not synchronising. expr: | @@ -220,7 +220,7 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure summary: Failed device in RAID array expr: | - node_md_disks{state="fail"} > 0 + node_md_disks{state="failed"} > 0 labels: severity: warning - name: node-exporter.rules diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index b668863f..86a853d7 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -135,12 +135,12 @@ spec: summary: Prometheus fails to send samples to remote storage. expr: | ( - rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + (rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="prometheus-k8s",namespace="monitoring"}[5m])) / ( - rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + (rate(prometheus_remote_storage_failed_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="prometheus-k8s",namespace="monitoring"}[5m])) + - rate(prometheus_remote_storage_succeeded_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) + (rate(prometheus_remote_storage_succeeded_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m]) or rate(prometheus_remote_storage_samples_total{job="prometheus-k8s",namespace="monitoring"}[5m])) ) ) * 100 From 8973a90049b866c67c5652354f7450c7dba02215 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Thu, 25 Mar 2021 18:09:42 +0100 Subject: [PATCH 214/388] examples: use ExampleAlert instead of Watchdog Replace Watchdog alerts part of the `example-group` in some examples by ExampleAlert alerts to reinforce the fact that this is just an example. Signed-off-by: Damien Grisonnet --- docs/developing-prometheus-rules-and-grafana-dashboards.md | 6 +++--- examples/existingrule.json | 2 +- examples/existingrule.yaml | 6 +++--- examples/prometheus-additional-alert-rule-example.jsonnet | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 990c07bf..b3a67f1f 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -90,13 +90,13 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { name: 'example-group', rules: [ { - alert: 'Watchdog', + alert: 'ExampleAlert', expr: 'vector(1)', labels: { - severity: 'none', + severity: 'warning', }, annotations: { - description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.', + description: 'This is an example alert.', }, }, ], diff --git a/examples/existingrule.json b/examples/existingrule.json index 41d6620b..8486eb7d 100644 --- a/examples/existingrule.json +++ b/examples/existingrule.json @@ -1 +1 @@ -{"groups":[{"name":"example-group","rules":[{"alert":"Watchdog","annotations":{"description":"This is a Watchdog meant to ensure that the entire alerting pipeline is functional."},"expr":"vector(1)","labels":{"severity":"none"}}]}]} \ No newline at end of file +{"groups":[{"name":"example-group","rules":[{"alert":"ExampleAlert","annotations":{"description":"This is an example alert."},"expr":"vector(1)","labels":{"severity":"warning"}}]}]} \ No newline at end of file diff --git a/examples/existingrule.yaml b/examples/existingrule.yaml index 6a67032f..ab5de270 100644 --- a/examples/existingrule.yaml +++ b/examples/existingrule.yaml @@ -1,9 +1,9 @@ groups: - name: example-group rules: - - alert: Watchdog + - alert: ExampleAlert expr: vector(1) labels: - severity: "none" + severity: "warning" annotations: - description: This is a Watchdog meant to ensure that the entire alerting pipeline is functional. + description: This is an example alert. diff --git a/examples/prometheus-additional-alert-rule-example.jsonnet b/examples/prometheus-additional-alert-rule-example.jsonnet index 483b9cb1..43dc538c 100644 --- a/examples/prometheus-additional-alert-rule-example.jsonnet +++ b/examples/prometheus-additional-alert-rule-example.jsonnet @@ -18,13 +18,13 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { name: 'example-group', rules: [ { - alert: 'Watchdog', + alert: 'ExampleAlert', expr: 'vector(1)', labels: { - severity: 'none', + severity: 'warning', }, annotations: { - description: 'This is a Watchdog meant to ensure that the entire alerting pipeline is functional.', + description: 'This is an example alert.', }, }, ], From c9b52c97f5b5c61981a9ff1741bdb23e99e5c86e Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Thu, 25 Mar 2021 20:59:49 +0000 Subject: [PATCH 215/388] PodSecurityPolicy uses role instead of clusterRole where posible Signed-off-by: ArthurSens --- .../addons/podsecuritypolicies.libsonnet | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 65908f8c..62825d7e 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -2,7 +2,7 @@ local restrictedPodSecurityPolicy = { apiVersion: 'policy/v1beta1', kind: 'PodSecurityPolicy', metadata: { - name: 'restricted', + name: 'kube-prometheus-restricted', }, spec: { privileged: false, @@ -54,9 +54,9 @@ local restrictedPodSecurityPolicy = { restrictedPodSecurityPolicy: restrictedPodSecurityPolicy, alertmanager+: { - clusterRole: { + role: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', + kind: 'Role', metadata: { name: 'alertmanager-' + $.values.alertmanager.name, }, @@ -68,15 +68,15 @@ local restrictedPodSecurityPolicy = { }], }, - clusterRoleBinding: { + roleBinding: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', + kind: 'RoleBinding', metadata: { name: 'alertmanager-' + $.values.alertmanager.name, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', + kind: 'Role', name: 'alertmanager-' + $.values.alertmanager.name, }, subjects: [{ @@ -121,9 +121,9 @@ local restrictedPodSecurityPolicy = { }, grafana+: { - clusterRole: { + role: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRole', + kind: 'Role', metadata: { name: 'grafana', }, @@ -135,15 +135,15 @@ local restrictedPodSecurityPolicy = { }], }, - clusterRoleBinding: { + roleBinding: { apiVersion: 'rbac.authorization.k8s.io/v1', - kind: 'ClusterRoleBinding', + kind: 'RoleBinding', metadata: { name: 'grafana', }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', - kind: 'ClusterRole', + kind: 'Role', name: 'grafana', }, subjects: [{ From d1f401a73db369899a3af513ea370ae99cb9dbb4 Mon Sep 17 00:00:00 2001 From: viperstars Date: Mon, 29 Mar 2021 14:19:35 +0800 Subject: [PATCH 216/388] add cluster role to list and watch ingresses in api group "networking.k8s.io" --- .../components/prometheus.libsonnet | 5 ++++ .../prometheus-roleSpecificNamespaces.yaml | 24 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 7d0d0729..8474428e 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -229,6 +229,11 @@ function(params) { resources: ['ingresses'], verbs: ['get', 'list', 'watch'], }, + { + apiGroups: ['networking.k8s.io'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, ], }; { diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index 1bc40041..de5bca6e 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -29,6 +29,14 @@ items: - get - list - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -58,6 +66,14 @@ items: - get - list - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch - apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -87,4 +103,12 @@ items: - get - list - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch kind: RoleList From 17b11ae344a0e1148e3e7d3999c20fa0556ca328 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Mon, 29 Mar 2021 14:19:51 +0200 Subject: [PATCH 217/388] jsonnetfile.lock.json: Bump kube-state-metrics to 2.0.0-rc.1 --- jsonnet/kube-prometheus/versions.json | 2 +- jsonnetfile.lock.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 1d55d2ea..7cd8c6cf 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -2,7 +2,7 @@ "alertmanager": "0.21.0", "blackboxExporter": "0.18.0", "grafana": "7.4.3", - "kubeStateMetrics": "2.0.0-rc.0", + "kubeStateMetrics": "2.0.0-rc.1", "nodeExporter": "1.1.1", "prometheus": "2.25.0", "prometheusAdapter": "0.8.3", diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 537db026..943152b1 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -79,8 +79,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "6ba0712daefa77e89c18f99f82cb8f2fc9d009ec", - "sum": "aE6e4P6NiMf5eQMv0w4hy+oSeLBzwCrjUSkP+DSgrro=" + "version": "aafecf305bbb5c13fcec0ba3e749d1ffcb0d93e1", + "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { "source": { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "6ba0712daefa77e89c18f99f82cb8f2fc9d009ec", + "version": "aafecf305bbb5c13fcec0ba3e749d1ffcb0d93e1", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { From 0df93109d4367dfdd2cc3116905e9dc404463bb1 Mon Sep 17 00:00:00 2001 From: Lili Cosic Date: Mon, 29 Mar 2021 14:32:08 +0200 Subject: [PATCH 218/388] manifests: Regenerate files --- manifests/kube-state-metrics-clusterRole.yaml | 11 +---------- manifests/kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 6 +++--- manifests/kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- manifests/kube-state-metrics-serviceAccount.yaml | 2 +- manifests/kube-state-metrics-serviceMonitor.yaml | 2 +- 7 files changed, 9 insertions(+), 18 deletions(-) diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index c1cd228b..d18a23bf 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 name: kube-state-metrics rules: - apiGroups: @@ -26,15 +26,6 @@ rules: verbs: - list - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch - apiGroups: - apps resources: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index 4f524dd0..a635e6f0 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 2438d408..9f534b16 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 name: kube-state-metrics namespace: monitoring spec: @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 spec: containers: - args: @@ -29,7 +29,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0-rc.0 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0-rc.1 name: kube-state-metrics resources: limits: diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 4739e168..b2b6f00e 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index 6b1537d5..bcbff985 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index 99f34128..413df7e0 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index 6739bfdf..df301e31 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.0 + app.kubernetes.io/version: 2.0.0-rc.1 name: kube-state-metrics namespace: monitoring spec: From 7ba0479433d26a654be035f8bf96a295384da05b Mon Sep 17 00:00:00 2001 From: mansikulkarni96 Date: Thu, 25 Mar 2021 11:17:42 -0400 Subject: [PATCH 219/388] jsonnet: Add windows_exporter queries for adapter This commit includes windows_exporter metrics in the node queries for the prometheus adapter configuration. This will help obtain the resource metrics: memory and CPU for Windows nodes. This change will also help in displaying metrics reported through the 'kubectl top' command which currently reports 'unknown' status for Windows nodes. --- .../kube-prometheus/components/prometheus-adapter.libsonnet | 4 ++-- manifests/prometheus-adapter-configMap.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index e2be622c..4bd3ea8a 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -27,7 +27,7 @@ local defaults = { resourceRules: { cpu: { containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[5m])) by (<<.GroupBy>>)', - nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', + nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)', resources: { overrides: { node: { resource: 'node' }, @@ -39,7 +39,7 @@ local defaults = { }, memory: { containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)', - nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', + nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum(windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} - windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', resources: { overrides: { instance: { resource: 'node' }, diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index 62d1ee5f..e933b692 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -5,7 +5,7 @@ data: "cpu": "containerLabel": "container" "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)" - "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)" + "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode=\"idle\", job=\"windows-exporter\",<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)" "resources": "overrides": "namespace": @@ -17,7 +17,7 @@ data: "memory": "containerLabel": "container" "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)" - "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)" + "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum(windows_cs_physical_memory_bytes{job=\"windows-exporter\",<<.LabelMatchers>>} - windows_memory_available_bytes{job=\"windows-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)" "resources": "overrides": "instance": From 069f95148f8e73e4489a2996c1e4a76f8d091be5 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Tue, 30 Mar 2021 19:00:12 +0000 Subject: [PATCH 220/388] Psp should be deployed at the same namespace as kube-prometheus stack Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 62825d7e..b072b9fb 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -59,6 +59,7 @@ local restrictedPodSecurityPolicy = { kind: 'Role', metadata: { name: 'alertmanager-' + $.values.alertmanager.name, + namespace: $.values.common.namespace, }, rules: [{ apiGroups: ['policy'], @@ -73,6 +74,7 @@ local restrictedPodSecurityPolicy = { kind: 'RoleBinding', metadata: { name: 'alertmanager-' + $.values.alertmanager.name, + namespace: $.values.common.namespace, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', @@ -126,6 +128,7 @@ local restrictedPodSecurityPolicy = { kind: 'Role', metadata: { name: 'grafana', + namespace: $.values.common.namespace, }, rules: [{ apiGroups: ['policy'], @@ -140,6 +143,7 @@ local restrictedPodSecurityPolicy = { kind: 'RoleBinding', metadata: { name: 'grafana', + namespace: $.values.common.namespace, }, roleRef: { apiGroup: 'rbac.authorization.k8s.io', From f06175bb3bc3bc0208cf750b2e9d46761ce134ca Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 31 Mar 2021 17:12:42 +0200 Subject: [PATCH 221/388] jsonnet: add function to apply platform patches Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/main.libsonnet | 5 ++++- jsonnet/kube-prometheus/platforms/README.md | 18 ++++++++++++++++++ .../platforms/platforms.libsonnet | 16 ++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 jsonnet/kube-prometheus/platforms/README.md create mode 100644 jsonnet/kube-prometheus/platforms/platforms.libsonnet diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 462f9aef..ddb241d8 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -9,6 +9,8 @@ local prometheusAdapter = import './components/prometheus-adapter.libsonnet'; local prometheusOperator = import './components/prometheus-operator.libsonnet'; local prometheus = import './components/prometheus.libsonnet'; +local platformPatch = (import './platforms/platforms.libsonnet').platformPatch; + { // using `values` as this is similar to helm values:: { @@ -104,6 +106,7 @@ local prometheus = import './components/prometheus.libsonnet'; kubePrometheus: { namespace: $.values.common.namespace, mixin+: { ruleLabels: $.values.common.ruleLabels }, + platform: null, }, }, @@ -124,5 +127,5 @@ local prometheus = import './components/prometheus.libsonnet'; name: $.values.kubePrometheus.namespace, }, }, - }, + } + platformPatch($.values.kubePrometheus.platform), } diff --git a/jsonnet/kube-prometheus/platforms/README.md b/jsonnet/kube-prometheus/platforms/README.md new file mode 100644 index 00000000..8edeade6 --- /dev/null +++ b/jsonnet/kube-prometheus/platforms/README.md @@ -0,0 +1,18 @@ +# Adding a new platform specific configuration + +Adding a new platform specific configuration requires to update the +[platforms.jsonnet](./platform.jsonnet) file by adding the platform to the list +of existing ones. + +This allow configuring the new platform in the following way: + +```jsonnet +(import 'kube-prometheus/main.libsonnet') + + { + values+:: { + kubePrometheus+: { + platform: 'example-platform', + } + } + } +``` diff --git a/jsonnet/kube-prometheus/platforms/platforms.libsonnet b/jsonnet/kube-prometheus/platforms/platforms.libsonnet new file mode 100644 index 00000000..9c6f07c7 --- /dev/null +++ b/jsonnet/kube-prometheus/platforms/platforms.libsonnet @@ -0,0 +1,16 @@ +local platforms = { + aws: import './aws.libsonnet', + bootkube: import './bootkube.libsonnet', + gke: import './gke.libsonnet', + eks: import './eks.libsonnet', + kops: import './kops.libsonnet', + kops_coredns: (import './kops.libsonnet') + (import './kops-coredns.libsonnet'), + kubeadm: import './kubeadm.libsonnet', + kubespray: import './kubespray.libsonnet', +}; + +{ + // platformPatch returns the platform specific patch associated to the given + // platform. + platformPatch(p): if p != null && std.objectHas(platforms, p) then platforms[p] else {}, +} From 1c63b6d0213ad4ae47cd03384d51424fd1f5f3c9 Mon Sep 17 00:00:00 2001 From: mansikulkarni96 Date: Wed, 31 Mar 2021 13:21:01 -0400 Subject: [PATCH 222/388] Add relabel_config to replace endpoint address This commit adds a relabeling config to the scrape config of windows-exporter using the 'replace' action field to replace the node endpoint address with node name. The windows_exporter returns endpoint target as node IP but we need it to be node name to use the prometheus adapter queries and collect resource metrics information. --- jsonnet/kube-prometheus/addons/windows.libsonnet | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/jsonnet/kube-prometheus/addons/windows.libsonnet b/jsonnet/kube-prometheus/addons/windows.libsonnet index 04d2f6f4..d8112351 100644 --- a/jsonnet/kube-prometheus/addons/windows.libsonnet +++ b/jsonnet/kube-prometheus/addons/windows.libsonnet @@ -10,6 +10,17 @@ local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; targets: [error 'must provide targets array'], }, ], + relabel_configs: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: [ + '__meta_kubernetes_endpoint_address_target_name', + ], + targetLabel: 'instance', + }, + ], }, grafana+:: { From cf4d2ad5244e8984853745d88f9f39c60dc3c270 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 2 Apr 2021 01:26:13 +0000 Subject: [PATCH 223/388] Setup gitpod config for ephemeral dev-environments Signed-off-by: ArthurSens --- .gitpod.yml | 8 ++++++++ README.md | 1 + 2 files changed, 9 insertions(+) create mode 100644 .gitpod.yml diff --git a/.gitpod.yml b/.gitpod.yml new file mode 100644 index 00000000..413b7adc --- /dev/null +++ b/.gitpod.yml @@ -0,0 +1,8 @@ + +tasks: + - init: | + make --always-make + export PATH="$(pwd)/tmp/bin:${PATH}" +vscode: + extensions: + - heptio.jsonnet@0.1.0:woEDU5N62LRdgdz0g/I6sQ== \ No newline at end of file diff --git a/README.md b/README.md index 794063bd..0bb77a10 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ [![Build Status](https://github.com/prometheus-operator/kube-prometheus/workflows/ci/badge.svg)](https://github.com/prometheus-operator/kube-prometheus/actions) [![Slack](https://img.shields.io/badge/join%20slack-%23prometheus--operator-brightgreen.svg)](http://slack.k8s.io/) +[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/prometheus-operator/kube-prometheus) > Note that everything is experimental and may change significantly at any time. From b59b2c23d85292e559750feca9fee9d3041989b8 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Tue, 6 Apr 2021 11:33:07 +0200 Subject: [PATCH 224/388] examples: update platform snippets and doc Signed-off-by: Damien Grisonnet --- README.md | 65 +++++-------------- docs/EKS-cni-support.md | 6 +- examples/eks-cni-example.jsonnet | 6 +- examples/jsonnet-snippets/aws.jsonnet | 2 - examples/jsonnet-snippets/bootkube.jsonnet | 2 - .../jsonnet-snippets/kops-coredns.jsonnet | 3 - examples/jsonnet-snippets/kops.jsonnet | 2 - examples/jsonnet-snippets/kubeadm.jsonnet | 2 - examples/jsonnet-snippets/kubespray.jsonnet | 2 - examples/jsonnet-snippets/platform.jsonnet | 8 +++ examples/minikube.jsonnet | 4 +- jsonnet/kube-prometheus/platforms/README.md | 17 +---- 12 files changed, 38 insertions(+), 81 deletions(-) delete mode 100644 examples/jsonnet-snippets/aws.jsonnet delete mode 100644 examples/jsonnet-snippets/bootkube.jsonnet delete mode 100644 examples/jsonnet-snippets/kops-coredns.jsonnet delete mode 100644 examples/jsonnet-snippets/kops.jsonnet delete mode 100644 examples/jsonnet-snippets/kubeadm.jsonnet delete mode 100644 examples/jsonnet-snippets/kubespray.jsonnet create mode 100644 examples/jsonnet-snippets/platform.jsonnet diff --git a/README.md b/README.md index 794063bd..b6e7624f 100644 --- a/README.md +++ b/README.md @@ -360,57 +360,28 @@ Jsonnet is a turing complete language, any logic can be reflected in it. It also ### Cluster Creation Tools -A common example is that not all Kubernetes clusters are created exactly the same way, meaning the configuration to monitor them may be slightly different. For [kubeadm](examples/jsonnet-snippets/kubeadm.jsonnet), [bootkube](examples/jsonnet-snippets/bootkube.jsonnet), [kops](examples/jsonnet-snippets/kops.jsonnet) and [kubespray](examples/jsonnet-snippets/kubespray.jsonnet) clusters there are mixins available to easily configure these: +A common example is that not all Kubernetes clusters are created exactly the same way, meaning the configuration to monitor them may be slightly different. For the following clusters there are mixins available to easily configure them: -kubeadm: +* aws +* bootkube +* eks +* gke +* kops-coredns +* kubeadm +* kubespray -[embedmd]:# (examples/jsonnet-snippets/kubeadm.jsonnet) +These mixins are selectable via the `platform` field of kubePrometheus: + +[embedmd]:# (examples/jsonnet-snippets/platform.jsonnet) ```jsonnet (import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kubeadm.libsonnet') -``` - -bootkube: - -[embedmd]:# (examples/jsonnet-snippets/bootkube.jsonnet) -```jsonnet -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/bootkube.libsonnet') -``` - -kops: - -[embedmd]:# (examples/jsonnet-snippets/kops.jsonnet) -```jsonnet -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kops.libsonnet') -``` - -kops with CoreDNS: - -If your kops cluster is using CoreDNS, there is an additional mixin to import. - -[embedmd]:# (examples/jsonnet-snippets/kops-coredns.jsonnet) -```jsonnet -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kops.libsonnet') + -(import 'kube-prometheus/platforms/kops-coredns.libsonnet') -``` - -kubespray: - -[embedmd]:# (examples/jsonnet-snippets/kubespray.jsonnet) -```jsonnet -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kubespray.libsonnet') -``` - -aws: - -[embedmd]:# (examples/jsonnet-snippets/aws.jsonnet) -```jsonnet -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/aws.libsonnet') +{ + values+:: { + kubePrometheus+: { + platform: 'example-platform', + }, + }, +} ``` ### Internal Registry diff --git a/docs/EKS-cni-support.md b/docs/EKS-cni-support.md index 266d5fcb..1cd8b146 100644 --- a/docs/EKS-cni-support.md +++ b/docs/EKS-cni-support.md @@ -7,12 +7,14 @@ One fatal issue that can occur is that you run out of IP addresses in your eks c You can monitor the `awscni` using kube-promethus with : [embedmd]:# (../examples/eks-cni-example.jsonnet) ```jsonnet -local kp = (import 'kube-prometheus/main.libsonnet') + - (import 'kube-prometheus/platforms/eks.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { values+:: { common+: { namespace: 'monitoring', }, + kubePrometheus+: { + platform: 'eks', + }, }, kubernetesControlPlane+: { prometheusRuleEksCNI+: { diff --git a/examples/eks-cni-example.jsonnet b/examples/eks-cni-example.jsonnet index c92236fe..1b37af50 100644 --- a/examples/eks-cni-example.jsonnet +++ b/examples/eks-cni-example.jsonnet @@ -1,9 +1,11 @@ -local kp = (import 'kube-prometheus/main.libsonnet') + - (import 'kube-prometheus/platforms/eks.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { values+:: { common+: { namespace: 'monitoring', }, + kubePrometheus+: { + platform: 'eks', + }, }, kubernetesControlPlane+: { prometheusRuleEksCNI+: { diff --git a/examples/jsonnet-snippets/aws.jsonnet b/examples/jsonnet-snippets/aws.jsonnet deleted file mode 100644 index 6eaca09f..00000000 --- a/examples/jsonnet-snippets/aws.jsonnet +++ /dev/null @@ -1,2 +0,0 @@ -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/aws.libsonnet') diff --git a/examples/jsonnet-snippets/bootkube.jsonnet b/examples/jsonnet-snippets/bootkube.jsonnet deleted file mode 100644 index 3d9f3482..00000000 --- a/examples/jsonnet-snippets/bootkube.jsonnet +++ /dev/null @@ -1,2 +0,0 @@ -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/bootkube.libsonnet') diff --git a/examples/jsonnet-snippets/kops-coredns.jsonnet b/examples/jsonnet-snippets/kops-coredns.jsonnet deleted file mode 100644 index d1af478b..00000000 --- a/examples/jsonnet-snippets/kops-coredns.jsonnet +++ /dev/null @@ -1,3 +0,0 @@ -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kops.libsonnet') + -(import 'kube-prometheus/platforms/kops-coredns.libsonnet') diff --git a/examples/jsonnet-snippets/kops.jsonnet b/examples/jsonnet-snippets/kops.jsonnet deleted file mode 100644 index 9271b993..00000000 --- a/examples/jsonnet-snippets/kops.jsonnet +++ /dev/null @@ -1,2 +0,0 @@ -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kops.libsonnet') diff --git a/examples/jsonnet-snippets/kubeadm.jsonnet b/examples/jsonnet-snippets/kubeadm.jsonnet deleted file mode 100644 index 0750b4b3..00000000 --- a/examples/jsonnet-snippets/kubeadm.jsonnet +++ /dev/null @@ -1,2 +0,0 @@ -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kubeadm.libsonnet') diff --git a/examples/jsonnet-snippets/kubespray.jsonnet b/examples/jsonnet-snippets/kubespray.jsonnet deleted file mode 100644 index d9bb3bd5..00000000 --- a/examples/jsonnet-snippets/kubespray.jsonnet +++ /dev/null @@ -1,2 +0,0 @@ -(import 'kube-prometheus/main.libsonnet') + -(import 'kube-prometheus/platforms/kubespray.libsonnet') diff --git a/examples/jsonnet-snippets/platform.jsonnet b/examples/jsonnet-snippets/platform.jsonnet new file mode 100644 index 00000000..a3ad9c3d --- /dev/null +++ b/examples/jsonnet-snippets/platform.jsonnet @@ -0,0 +1,8 @@ +(import 'kube-prometheus/main.libsonnet') + +{ + values+:: { + kubePrometheus+: { + platform: 'example-platform', + }, + }, +} diff --git a/examples/minikube.jsonnet b/examples/minikube.jsonnet index 87b88d69..c5a1bc68 100644 --- a/examples/minikube.jsonnet +++ b/examples/minikube.jsonnet @@ -1,6 +1,5 @@ local kp = (import 'kube-prometheus/main.libsonnet') + - (import 'kube-prometheus/platforms/kubeadm.libsonnet') + // Note that NodePort type services is likely not a good idea for your production use case, it is only used for demonstration purposes here. (import 'kube-prometheus/addons/node-ports.libsonnet') + { @@ -19,6 +18,9 @@ local kp = }, }, }, + kubePrometheus+: { + platform: 'kubeadm', + }, }, // For simplicity, each of the following values for 'externalUrl': diff --git a/jsonnet/kube-prometheus/platforms/README.md b/jsonnet/kube-prometheus/platforms/README.md index 8edeade6..45eb76d1 100644 --- a/jsonnet/kube-prometheus/platforms/README.md +++ b/jsonnet/kube-prometheus/platforms/README.md @@ -1,18 +1,3 @@ # Adding a new platform specific configuration -Adding a new platform specific configuration requires to update the -[platforms.jsonnet](./platform.jsonnet) file by adding the platform to the list -of existing ones. - -This allow configuring the new platform in the following way: - -```jsonnet -(import 'kube-prometheus/main.libsonnet') + - { - values+:: { - kubePrometheus+: { - platform: 'example-platform', - } - } - } -``` +Adding a new platform specific configuration requires to update the [README](../../../README.md#cluster-creation-tools) and the [platforms.jsonnet](./platform.jsonnet) file by adding the platform to the list of existing ones. This allow the new platform to be discoverable and easily configurable by the users. From 0268128bd111182104c4ff9ab0f231b60afcf01b Mon Sep 17 00:00:00 2001 From: Adin Hodovic Date: Tue, 23 Mar 2021 00:29:28 +0100 Subject: [PATCH 225/388] Add External mixin library Add library for mixins --- jsonnet/kube-prometheus/lib/mixin.libsonnet | 38 +++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 jsonnet/kube-prometheus/lib/mixin.libsonnet diff --git a/jsonnet/kube-prometheus/lib/mixin.libsonnet b/jsonnet/kube-prometheus/lib/mixin.libsonnet new file mode 100644 index 00000000..ae39425d --- /dev/null +++ b/jsonnet/kube-prometheus/lib/mixin.libsonnet @@ -0,0 +1,38 @@ +local defaults = { + name: error 'provide name', + namespace: 'monitoring', + labels: { + prometheus: 'k8s', + }, + mixin: error 'provide a mixin', +}; + +function(params) { + config:: defaults + params, + + local m = self, + + local prometheusRules = if std.objectHasAll(m.config.mixin, 'prometheusRules') || std.objectHasAll(m.config.mixin, 'prometheusAlerts') then { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: m.config.labels, + name: m.config.name, + namespace: m.config.namespace, + }, + spec: { + local r = if std.objectHasAll(m.config.mixin, 'prometheusRules') then m.config.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(m.config.mixin, 'prometheusAlerts') then m.config.mixin.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + + local grafanaDashboards = if std.objectHasAll(m.config.mixin, 'grafanaDashboards') then ( + if std.objectHas(m.config, 'dashboardFolder') then { + [m.config.dashboardFolder]+: m.config.mixin.grafanaDashboards, + } else (m.config.mixin.grafanaDashboards) + ), + + prometheusRules: prometheusRules, + grafanaDashboards: grafanaDashboards, +} From f81412d05dd5154d01dda8a2f6b260ce1b2f987a Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 7 Apr 2021 12:15:28 +0200 Subject: [PATCH 226/388] jsonnet/kube-prometheus/addons: reduce KSM cardinality by denylisting unused metrics Signed-off-by: paulfantom --- .../kube-prometheus/addons/ksm-lite.libsonnet | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 jsonnet/kube-prometheus/addons/ksm-lite.libsonnet diff --git a/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet b/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet new file mode 100644 index 00000000..18791e1e --- /dev/null +++ b/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet @@ -0,0 +1,39 @@ +local addArgs(args, name, containers) = std.map( + function(c) if c.name == name then + c { + args+: args, + } + else c, + containers, +); + +{ + kubeStateMetrics+: { + deployment+: { + spec+: { + template+: { + spec+: { + containers: addArgs( + [||| + --metric-denylist= + kube_*_created, + kube_*_metadata_resource_version, + kube_replicaset_metadata_generation, + kube_replicaset_status_observed_generation, + kube_pod_restart_policy, + kube_pod_init_container_status_terminated, + kube_pod_init_container_status_running, + kube_pod_container_status_terminated, + kube_pod_container_status_running, + kube_pod_completion_time, + kube_pod_status_scheduled + |||], + 'kube-state-metrics', + super.containers + ), + }, + }, + }, + }, + }, +} From 0c468d534d87ccd37346d8a3b43eff59a90dd8ee Mon Sep 17 00:00:00 2001 From: Jan Fajerski Date: Fri, 9 Apr 2021 11:52:22 +0200 Subject: [PATCH 227/388] update kubernetes-mixins Signed-off-by: Jan Fajerski --- jsonnetfile.lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 943152b1..1213cbe4 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "0e9fc466b492e45cfd1a59a09ab10162bf8b1baa", - "sum": "1GkBTf5DP+tYDimZZUrdoDkx0Cr5yeil3odK7Ilbfuc=" + "version": "778b1cc035a6785e05ead0a022cd7e6cea4c2059", + "sum": "oY2XqGB26n/qX+T5L7NvfJLwBnAN2C11OTGvmqQBFRA=" }, { "source": { From 1cefb18e55525fe5f159b2d5def8f93b00ea3b45 Mon Sep 17 00:00:00 2001 From: Jan Fajerski Date: Fri, 9 Apr 2021 11:53:06 +0200 Subject: [PATCH 228/388] update generated manifests Signed-off-by: Jan Fajerski --- manifests/grafana-dashboardDefinitions.yaml | 84 ++++++++++----------- manifests/kubernetes-prometheusRule.yaml | 6 +- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 5a9f181d..e6d5d9c0 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -3551,7 +3551,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -4919,7 +4919,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", + "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5087,7 +5087,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"\"})", + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5171,7 +5171,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", + "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5650,7 +5650,7 @@ items: "step": 10 }, { - "expr": "sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -7357,7 +7357,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"cpu\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7441,7 +7441,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"cpu\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7525,7 +7525,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"memory\"})", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7609,7 +7609,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"memory\"})", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -7985,7 +7985,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -7994,7 +7994,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8003,7 +8003,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8012,7 +8012,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8450,7 +8450,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8459,7 +8459,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8468,7 +8468,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8477,7 +8477,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9456,7 +9456,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -9483,7 +9483,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -10423,7 +10423,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -10450,7 +10450,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, node)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -12121,7 +12121,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -12148,7 +12148,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14069,7 +14069,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14096,7 +14096,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14123,7 +14123,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -14150,7 +14150,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -16231,7 +16231,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -16262,7 +16262,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, @@ -16290,7 +16290,7 @@ items: ], "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 1, "tagValuesQuery": "", @@ -20153,7 +20153,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -20184,7 +20184,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -21846,7 +21846,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -21877,7 +21877,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -21909,7 +21909,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, @@ -26548,7 +26548,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -26579,7 +26579,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -26611,7 +26611,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -34070,7 +34070,7 @@ items: ], "query": "label_values(kube_pod_info, cluster)", - "refresh": 1, + "refresh": 2, "regex": "", "sort": 0, "tagValuesQuery": "", @@ -34101,7 +34101,7 @@ items: ], "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -34133,7 +34133,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, @@ -34165,7 +34165,7 @@ items: ], "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", - "refresh": 1, + "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 6445fa0d..e83cd084 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -226,7 +226,7 @@ spec: < kube_hpa_spec_max_replicas{job="kube-state-metrics"}) and - changes(kube_hpa_status_current_replicas[15m]) == 0 + changes(kube_hpa_status_current_replicas{job="kube-state-metrics"}[15m]) == 0 for: 15m labels: severity: warning @@ -264,7 +264,7 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | - sum(namespace_memory:kube_pod_container_resource_requests_bytes:sum{}) + sum(namespace_memory:kube_pod_container_resource_requests:sum{}) / sum(kube_node_status_allocatable{resource="memory"}) > @@ -498,7 +498,7 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors summary: An aggregated API has reported errors. expr: | - sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[10m])) > 4 + sum by(name, namespace)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 labels: severity: warning - alert: AggregatedAPIDown From ed5a2f94fcfd1091ec3abb6ca7ce0ceb2c73dcb9 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Fri, 9 Apr 2021 12:44:51 +0200 Subject: [PATCH 229/388] jsonnet: fix test failures with platformPatch Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/main.libsonnet | 6 ++-- .../platforms/platforms.libsonnet | 31 +++++++++++++++++-- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index ddb241d8..1c13b7b9 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -9,7 +9,7 @@ local prometheusAdapter = import './components/prometheus-adapter.libsonnet'; local prometheusOperator = import './components/prometheus-operator.libsonnet'; local prometheus = import './components/prometheus.libsonnet'; -local platformPatch = (import './platforms/platforms.libsonnet').platformPatch; +local platformPatch = import './platforms/platforms.libsonnet'; { // using `values` as this is similar to helm @@ -127,5 +127,5 @@ local platformPatch = (import './platforms/platforms.libsonnet').platformPatch; name: $.values.kubePrometheus.namespace, }, }, - } + platformPatch($.values.kubePrometheus.platform), -} + }, +} + platformPatch diff --git a/jsonnet/kube-prometheus/platforms/platforms.libsonnet b/jsonnet/kube-prometheus/platforms/platforms.libsonnet index 9c6f07c7..979190f2 100644 --- a/jsonnet/kube-prometheus/platforms/platforms.libsonnet +++ b/jsonnet/kube-prometheus/platforms/platforms.libsonnet @@ -9,8 +9,33 @@ local platforms = { kubespray: import './kubespray.libsonnet', }; +// platformPatch returns the platform specific patch associated to the given +// platform. +local platformPatch(p) = if p != null && std.objectHas(platforms, p) then platforms[p] else {}; + { - // platformPatch returns the platform specific patch associated to the given - // platform. - platformPatch(p): if p != null && std.objectHas(platforms, p) then platforms[p] else {}, + // initialize the object to prevent "Indexed object has no field" lint errors + local p = { + alertmanager: {}, + blackboxExporter: {}, + grafana: {}, + kubeStateMetrics: {}, + nodeExporter: {}, + prometheus: {}, + prometheusAdapter: {}, + prometheusOperator: {}, + kubernetesControlPlane: {}, + kubePrometheus: {}, + } + platformPatch($.values.kubePrometheus.platform), + + alertmanager+: p.alertmanager, + blackboxExporter+: p.blackboxExporter, + grafana+: p.grafana, + kubeStateMetrics+: p.kubeStateMetrics, + nodeExporter+: p.nodeExporter, + prometheus+: p.prometheus, + prometheusAdapter+: p.prometheusAdapter, + prometheusOperator+: p.prometheusOperator, + kubernetesControlPlane+: p.kubernetesControlPlane, + kubePrometheus+: p.kubePrometheus, } From e13f0db3d11156fed84ce7ebf876e9d73e526f59 Mon Sep 17 00:00:00 2001 From: Markus Heinemann Date: Fri, 9 Apr 2021 12:42:11 +0000 Subject: [PATCH 230/388] update customizing kube-prometheus installing section raised the version of kube-prometheus to 0.7 in the customizing kube-prometheus installing section --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d1412a0a..8d966676 100644 --- a/README.md +++ b/README.md @@ -186,15 +186,15 @@ Install this library in your own project with [jsonnet-bundler](https://github.c $ mkdir my-kube-prometheus; cd my-kube-prometheus $ jb init # Creates the initial/empty `jsonnetfile.json` # Install the kube-prometheus dependency -$ jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.4 # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json` +$ jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.7 # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json` -$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.4/example.jsonnet -O example.jsonnet -$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.4/build.sh -O build.sh +$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.7/example.jsonnet -O example.jsonnet +$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.7/build.sh -O build.sh ``` > `jb` can be installed with `go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb` -> An e.g. of how to install a given version of this library: `jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.4` +> An e.g. of how to install a given version of this library: `jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.7` In order to update the kube-prometheus dependency, simply use the jsonnet-bundler update functionality: ```shell From 19801f0709240e73f127dd9d2e974b96b6344cb8 Mon Sep 17 00:00:00 2001 From: Adin Hodovic Date: Sat, 10 Apr 2021 00:13:41 +0200 Subject: [PATCH 231/388] Document usage of the mixin library --- ...prometheus-rules-and-grafana-dashboards.md | 78 +++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index b3a67f1f..2ca2e621 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -401,3 +401,81 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } ``` + +### Mixins + +Kube-prometheus comes with a couple of default mixins as the Kubernetes-mixin and the Node-exporter mixin, however there [are many more mixins](https://monitoring.mixins.dev/). To use other mixins Kube-prometheus has a jsonnet library for creating a Kubernetes PrometheusRule CRD and Grafana dashboards from a mixin. Below is an example of creating a mixin object that has Prometheus rules and Grafana dashboards: + +```jsonnet +// Import the library function for adding mixins +local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet'); + +// Create your mixin +local myMixin = addMixin({ + name: 'myMixin', + mixin: import 'my-mixin/mixin.libsonnet', +}); +``` + +The myMixin object will have two objects - `prometheusRules` and `grafanaDashboards`. The `grafanaDashboards` object will be needed to be added to the `dashboards` field as in the example below: + +```jsonnet +values+:: { + grafana+:: { + dashboards+:: myMixin.grafanaDashboards +``` + +The `prometheusRules` object is a PrometheusRule Kubernetes CRD and it should be defined as its own jsonnet object. If you define multiple mixins in a single jsonnet object there is a possibility that they will overwrite each others' configuration and there will be unintended effects. Therefore, use the `prometheusRules` object as its own jsonnet object: + +```jsonnet +... +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ 'external-mixins/my-mixin-prometheus-rules': myMixin.prometheusRules } // one object for each mixin +``` + +As mentioned above each mixin is configurable and you would configure the mixin as in the example below: + +```jsonnet +local myMixin = addMixin({ + name: 'myMixin', + mixin: (import 'my-mixin/mixin.libsonnet') + { + _config+:: { + myMixinSelector: 'my-selector', + interval: '30d', // example + }, + }, +}); +``` + +The library has also two optional parameters - the namespace for the `PrometheusRule` CRD and the dashboard folder for the Grafana dashboards. The below example shows how to use both: + +```jsonnet +local myMixin = addMixin({ + name: 'myMixin', + namespace: 'prometheus', // default is monitoring + dashboardFolder: 'Observability', + mixin: (import 'my-mixin/mixin.libsonnet') + { + _config+:: { + myMixinSelector: 'my-selector', + interval: '30d', // example + }, + }, +}); +``` + +The created `prometheusRules` object will have the metadata field `namespace` added and the usage will remain the same. However, the `grafanaDasboards` will be added to the `folderDashboards` field instead of the `dashboards` field as shown in the example below: + +```jsonnet +values+:: { + grafana+:: { + folderDashboards+:: { + Kubernetes: { + ... + }, + Misc: { + 'grafana-home.json': import 'dashboards/misc/grafana-home.json', + }, + } + myMixin.grafanaDashboards +``` From 28d58a9dbc0140ea6d5cc2b1d655912071e1051f Mon Sep 17 00:00:00 2001 From: Kristijan Sedlak Date: Wed, 14 Apr 2021 20:19:00 +0200 Subject: [PATCH 232/388] Update versions --- examples/thanos-sidecar.jsonnet | 4 +- jsonnet/kube-prometheus/jsonnetfile.json | 6 +- jsonnet/kube-prometheus/versions.json | 12 +- jsonnetfile.lock.json | 34 ++--- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 90 +++++------ manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 +- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- manifests/kube-state-metrics-clusterRole.yaml | 2 +- ...kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 6 +- .../kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- .../kube-state-metrics-serviceAccount.yaml | 2 +- .../kube-state-metrics-serviceMonitor.yaml | 2 +- manifests/kubernetes-prometheusRule.yaml | 10 +- manifests/node-exporter-clusterRole.yaml | 2 +- .../node-exporter-clusterRoleBinding.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 6 +- manifests/node-exporter-prometheusRule.yaml | 34 ++--- manifests/node-exporter-service.yaml | 2 +- manifests/node-exporter-serviceAccount.yaml | 2 +- manifests/node-exporter-serviceMonitor.yaml | 2 +- manifests/prometheus-adapter-apiService.yaml | 2 +- manifests/prometheus-adapter-clusterRole.yaml | 2 +- ...er-clusterRoleAggregatedMetricsReader.yaml | 2 +- ...prometheus-adapter-clusterRoleBinding.yaml | 2 +- ...s-adapter-clusterRoleBindingDelegator.yaml | 2 +- ...us-adapter-clusterRoleServerResources.yaml | 2 +- manifests/prometheus-adapter-configMap.yaml | 2 +- manifests/prometheus-adapter-deployment.yaml | 6 +- ...metheus-adapter-roleBindingAuthReader.yaml | 2 +- manifests/prometheus-adapter-service.yaml | 2 +- .../prometheus-adapter-serviceAccount.yaml | 2 +- .../prometheus-adapter-serviceMonitor.yaml | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- .../prometheus-operator-prometheusRule.yaml | 2 +- .../prometheus-operator-serviceMonitor.yaml | 4 +- manifests/prometheus-podDisruptionBudget.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 +- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- ...metheus-roleBindingSpecificNamespaces.yaml | 6 +- manifests/prometheus-roleConfig.yaml | 2 +- .../prometheus-roleSpecificNamespaces.yaml | 6 +- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- ...r-0podmonitorCustomResourceDefinition.yaml | 2 +- ...erator-0probeCustomResourceDefinition.yaml | 142 ++++++++++++++++++ ...r-0prometheusCustomResourceDefinition.yaml | 19 ++- ...ervicemonitorCustomResourceDefinition.yaml | 2 +- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 8 +- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 60 files changed, 327 insertions(+), 166 deletions(-) diff --git a/examples/thanos-sidecar.jsonnet b/examples/thanos-sidecar.jsonnet index 8949a1b1..7ed55036 100644 --- a/examples/thanos-sidecar.jsonnet +++ b/examples/thanos-sidecar.jsonnet @@ -7,8 +7,8 @@ local kp = }, prometheus+: { thanos: { - version: '0.17.2', - image: 'quay.io/thanos/thanos:v0.17.2', + version: '0.19.0', + image: 'quay.io/thanos/thanos:v0.19.0', objectStorageConfig: { key: 'thanos.yaml', // How the file inside the secret is called name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index e05b298e..a0b6eddb 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.46" + "version": "release-0.47" }, { "source": { @@ -80,7 +80,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "release-2.25", + "version": "release-2.26", "name": "prometheus" }, { @@ -100,7 +100,7 @@ "subdir": "mixin" } }, - "version": "release-0.17" + "version": "release-0.19" } ], "legacyImports": true diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 7cd8c6cf..387e111c 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,10 +1,10 @@ { "alertmanager": "0.21.0", "blackboxExporter": "0.18.0", - "grafana": "7.4.3", - "kubeStateMetrics": "2.0.0-rc.1", - "nodeExporter": "1.1.1", - "prometheus": "2.25.0", - "prometheusAdapter": "0.8.3", - "prometheusOperator": "0.46.0" + "grafana": "7.5.3", + "kubeStateMetrics": "2.0.0", + "nodeExporter": "1.1.2", + "prometheus": "2.26.0", + "prometheusAdapter": "0.8.4", + "prometheusOperator": "0.47.0" } diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 1213cbe4..253fd89e 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "8ee1dd9e23bce4d9770816edf5816b13767ac51d", - "sum": "EgKKzxcW3ttt7gjPMX//DNTqNcn/0o2VAIaWJ/HSLEc=" + "version": "57a092b45d0eae6c9e600e62513ffcd2f1f25a92", + "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "5d376192970fc4eab52005ac08168e7109c87075", + "version": "89299b1c5e93952622801795353d496fb337f44e", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "778b1cc035a6785e05ead0a022cd7e6cea4c2059", - "sum": "oY2XqGB26n/qX+T5L7NvfJLwBnAN2C11OTGvmqQBFRA=" + "version": "faa0561a823cbd3b726aaefffcf6ee317547041a", + "sum": "CaoF5iyX+bntNZgcHeKcwVO1wc7X9W6u/JOuhqSW9/Q=" }, { "source": { @@ -69,7 +69,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "0e9fc466b492e45cfd1a59a09ab10162bf8b1baa", + "version": "faa0561a823cbd3b726aaefffcf6ee317547041a", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -79,7 +79,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "aafecf305bbb5c13fcec0ba3e749d1ffcb0d93e1", + "version": "93255df07113f87dcdec0726b4f4db4e6344df26", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -89,7 +89,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "aafecf305bbb5c13fcec0ba3e749d1ffcb0d93e1", + "version": "93255df07113f87dcdec0726b4f4db4e6344df26", "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" }, { @@ -99,7 +99,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "bbb2431b998d18a1b4c61ef1cd933ffa13af1a4c", + "version": "a4f5928b074e75addb76a27c5ebfe78314fcd6d1", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "7f94a06b86d41c20176f0d5b53aa0100fdc361e6", - "sum": "2CCa4pHH08Pnyf+0c+ZhVjM5h6TfoCbhHypPigpB9AM=" + "version": "64d466d7730165c0d260f187e2e9742bc0295bf2", + "sum": "MRwyChXdKG3anL2OWpbUu3qWc97w9J6YsjUWjLFQyB0=" }, { "source": { @@ -119,7 +119,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "10757eb5fb78c5c58586812721e9833b0d8500ee", + "version": "22ac6dff21901bfce14545da59b37a1aaca0db3a", "sum": "VP1vn/WTGLZaBgGhGMUO81qNTc/fnp5KtzVjcaxad6Q=", "name": "alertmanager" }, @@ -130,8 +130,8 @@ "subdir": "docs/node-mixin" } }, - "version": "1dfd858e4aaa35e2595348dd13540700cd9df89b", - "sum": "cZTNXQMUCLB5FGYpMn845dcqGdkcYt58qCqOFIV/BoQ=" + "version": "46cdf618c9419ea62dd1a87331def97a0f18c837", + "sum": "sxI7cBEy34JSbB0gHy9xC/ErtFsRzl9eJPsWVqd+XSY=" }, { "source": { @@ -140,7 +140,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "bda05a23ada314a0b9806a362da39b7a1a4e04c3", + "version": "3cafc58827d1ebd1a67749f88be4218f0bab3d8d", "sum": "VK0c3sQ3ksiM6JQsAVfWmL5NbzGv9llMfXFNXfFdJ+A=", "name": "prometheus" }, @@ -151,8 +151,8 @@ "subdir": "mixin" } }, - "version": "37e6ef61566c7c70793ba6d128f00c4c66cb2402", - "sum": "OptiWUMOHFrRGTZhSfxV1RCeXZ90qsefGNTD4lDYVG0=" + "version": "ba6c5c4726ff52807c7383c68f2159b1af7980bb", + "sum": "XP3uq7xcfKHsnWsz1v992csZhhZR3jQma6hFOfSViTs=" }, { "source": { diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 9cc89841..076cf1ba 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index e6d5d9c0..6b9ab53d 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -1733,7 +1733,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -3604,7 +3604,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -4770,7 +4770,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -7293,7 +7293,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -9536,7 +9536,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -10503,7 +10503,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -12228,7 +12228,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -14203,7 +14203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -16343,7 +16343,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -18865,7 +18865,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -20318,7 +20318,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -22043,7 +22043,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -22106,7 +22106,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "(\n instance:node_cpu_utilisation:rate1m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n", + "expr": "(\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -22376,7 +22376,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_vmstat_pgmajfault:rate1m{job=\"node-exporter\"}", + "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -22482,7 +22482,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate1m{job=\"node-exporter\"}", + "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} Receive", @@ -22490,7 +22490,7 @@ items: "step": 10 }, { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate1m{job=\"node-exporter\"}", + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} Transmit", @@ -22584,7 +22584,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_network_receive_drop_excluding_lo:rate1m{job=\"node-exporter\"}", + "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} Receive", @@ -22592,7 +22592,7 @@ items: "step": 10 }, { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate1m{job=\"node-exporter\"}", + "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} Transmit", @@ -22690,7 +22690,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\"}))\n", + "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{device}}", @@ -22776,7 +22776,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\"}))\n", + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}))\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}} {{device}}", @@ -22996,7 +22996,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -23059,7 +23059,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_cpu_utilisation:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Utilisation", @@ -23329,7 +23329,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_vmstat_pgmajfault:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Major page faults", @@ -23435,7 +23435,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Receive", @@ -23443,7 +23443,7 @@ items: "step": 10 }, { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Transmit", @@ -23537,7 +23537,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance:node_network_receive_drop_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Receive drops", @@ -23545,7 +23545,7 @@ items: "step": 10 }, { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "Transmit drops", @@ -23643,7 +23643,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}}", @@ -23729,7 +23729,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{device}}", @@ -23976,7 +23976,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -24056,7 +24056,7 @@ items: { "expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", "format": "time_series", - "interval": "1m", + "interval": "$__rate_interval", "intervalFactor": 5, "legendFormat": "{{cpu}}", "refId": "A" @@ -24492,7 +24492,7 @@ items: { "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", "format": "time_series", - "interval": "1m", + "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}} read", "refId": "A" @@ -24500,7 +24500,7 @@ items: { "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", "format": "time_series", - "interval": "1m", + "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}} written", "refId": "B" @@ -24508,7 +24508,7 @@ items: { "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", "format": "time_series", - "interval": "1m", + "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}} io time", "refId": "C" @@ -24722,7 +24722,7 @@ items: { "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", "format": "time_series", - "interval": "1m", + "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}}", "refId": "A" @@ -24816,7 +24816,7 @@ items: { "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", "format": "time_series", - "interval": "1m", + "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}}", "refId": "A" @@ -24962,7 +24962,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -25528,7 +25528,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -26745,7 +26745,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -28404,7 +28404,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -29620,7 +29620,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -30866,7 +30866,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -31955,7 +31955,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -32872,7 +32872,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-statefulset namespace: monitoring - apiVersion: v1 @@ -34299,7 +34299,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 9c5ce06b..d631765b 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 7443ed5e..cb466e6e 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: 42a69d2dee9d1a6d6331226efedb56a6 + checksum/grafana-datasources: d118a0f812be10bddbea6fdd25543bb1 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 spec: containers: - env: [] - image: grafana/grafana:7.4.3 + image: grafana/grafana:7.5.3 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index a74ab4ac..46148403 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 090ff4f8..e10b1fa7 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.4.3 + app.kubernetes.io/version: 7.5.3 name: grafana namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index d18a23bf..c7f14e29 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics rules: - apiGroups: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index a635e6f0..4030e967 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 9f534b16..b5776083 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics namespace: monitoring spec: @@ -21,7 +21,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 spec: containers: - args: @@ -29,7 +29,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0-rc.1 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0 name: kube-state-metrics resources: limits: diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index b2b6f00e..9b4541f6 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index bcbff985..2f8117a8 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index 413df7e0..f98d4fea 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index df301e31..c27306d7 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0-rc.1 + app.kubernetes.io/version: 2.0.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index e83cd084..fda06912 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -254,7 +254,7 @@ spec: / sum(kube_node_status_allocatable{resource="cpu"}) > - (count(kube_node_status_allocatable{resource="cpu"}) -1) / count(kube_node_status_allocatable{resource="cpu"}) + ((count(kube_node_status_allocatable{resource="cpu"}) > 1) - 1) / count(kube_node_status_allocatable{resource="cpu"}) for: 5m labels: severity: warning @@ -268,7 +268,7 @@ spec: / sum(kube_node_status_allocatable{resource="memory"}) > - (count(kube_node_status_allocatable{resource="memory"})-1) + ((count(kube_node_status_allocatable{resource="memory"}) > 1) - 1) / count(kube_node_status_allocatable{resource="memory"}) for: 5m @@ -279,7 +279,11 @@ spec: description: Cluster has overcommitted CPU resource requests for Namespaces. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit summary: Cluster has overcommitted CPU resource requests. - expr: "sum(kube_resourcequota{job=\"kube-state-metrics\", type=\"hard\", resource=\"cpu\"})\n /\nsum(kube_node_status_allocatable{resource=\"cpu\"}) \n > 1.5\n" + expr: | + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(kube_node_status_allocatable{resource="cpu"}) + > 1.5 for: 5m labels: severity: warning diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index 38fa0770..18ac8610 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index 26754d62..3d552151 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 146cb487..f63d1019 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 name: node-exporter namespace: monitoring spec: @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 spec: containers: - args: @@ -32,7 +32,7 @@ spec: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*)$ - --collector.netdev.device-exclude=^(veth.*)$ - image: quay.io/prometheus/node-exporter:v1.1.1 + image: quay.io/prometheus/node-exporter:v1.1.2 name: node-exporter resources: limits: diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 616f2b37..1300f5b6 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 prometheus: k8s role: alert-rules name: node-exporter-rules @@ -234,9 +234,9 @@ spec: record: instance:node_num_cpu:sum - expr: | 1 - avg without (cpu, mode) ( - rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) + rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[5m]) ) - record: instance:node_cpu_utilisation:rate1m + record: instance:node_cpu_utilisation:rate5m - expr: | ( node_load1{job="node-exporter"} @@ -252,31 +252,31 @@ spec: ) record: instance:node_memory_utilisation:ratio - expr: | - rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) - record: instance:node_vmstat_pgmajfault:rate1m + rate(node_vmstat_pgmajfault{job="node-exporter"}[5m]) + record: instance:node_vmstat_pgmajfault:rate5m - expr: | - rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) - record: instance_device:node_disk_io_time_seconds:rate1m + rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[5m]) + record: instance_device:node_disk_io_time_seconds:rate5m - expr: | - rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) - record: instance_device:node_disk_io_time_weighted_seconds:rate1m + rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[5m]) + record: instance_device:node_disk_io_time_weighted_seconds:rate5m - expr: | sum without (device) ( - rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) + rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[5m]) ) - record: instance:node_network_receive_bytes_excluding_lo:rate1m + record: instance:node_network_receive_bytes_excluding_lo:rate5m - expr: | sum without (device) ( - rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) + rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[5m]) ) - record: instance:node_network_transmit_bytes_excluding_lo:rate1m + record: instance:node_network_transmit_bytes_excluding_lo:rate5m - expr: | sum without (device) ( - rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) + rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[5m]) ) - record: instance:node_network_receive_drop_excluding_lo:rate1m + record: instance:node_network_receive_drop_excluding_lo:rate5m - expr: | sum without (device) ( - rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) + rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[5m]) ) - record: instance:node_network_transmit_drop_excluding_lo:rate1m + record: instance:node_network_transmit_drop_excluding_lo:rate5m diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index 15634261..2c89de8b 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 name: node-exporter namespace: monitoring spec: diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index 446bf8b5..1b665a47 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 name: node-exporter namespace: monitoring diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index c5096105..c63ef32c 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.1 + app.kubernetes.io/version: 1.1.2 name: node-exporter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-apiService.yaml b/manifests/prometheus-adapter-apiService.yaml index aced8989..ab5af8fb 100644 --- a/manifests/prometheus-adapter-apiService.yaml +++ b/manifests/prometheus-adapter-apiService.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io diff --git a/manifests/prometheus-adapter-clusterRole.yaml b/manifests/prometheus-adapter-clusterRole.yaml index 1884b593..d011b3c6 100644 --- a/manifests/prometheus-adapter-clusterRole.yaml +++ b/manifests/prometheus-adapter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter rules: - apiGroups: diff --git a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml index f0e7d560..03e76925 100644 --- a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml +++ b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" diff --git a/manifests/prometheus-adapter-clusterRoleBinding.yaml b/manifests/prometheus-adapter-clusterRoleBinding.yaml index eb4cf6bd..52c8df93 100644 --- a/manifests/prometheus-adapter-clusterRoleBinding.yaml +++ b/manifests/prometheus-adapter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml index 2787eefa..d77d743e 100644 --- a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml +++ b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: resource-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleServerResources.yaml b/manifests/prometheus-adapter-clusterRoleServerResources.yaml index 43e2b1e8..f4fb9c38 100644 --- a/manifests/prometheus-adapter-clusterRoleServerResources.yaml +++ b/manifests/prometheus-adapter-clusterRoleServerResources.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: resource-metrics-server-resources rules: - apiGroups: diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index e933b692..64ee1079 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -33,6 +33,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: adapter-config namespace: monitoring diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index b04e2fd7..92740436 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter namespace: monitoring spec: @@ -25,7 +25,7 @@ spec: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 spec: containers: - args: @@ -35,7 +35,7 @@ spec: - --metrics-relist-interval=1m - --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/ - --secure-port=6443 - image: directxman12/k8s-prometheus-adapter:v0.8.3 + image: directxman12/k8s-prometheus-adapter:v0.8.4 name: prometheus-adapter ports: - containerPort: 6443 diff --git a/manifests/prometheus-adapter-roleBindingAuthReader.yaml b/manifests/prometheus-adapter-roleBindingAuthReader.yaml index 96a5643b..ddc119ef 100644 --- a/manifests/prometheus-adapter-roleBindingAuthReader.yaml +++ b/manifests/prometheus-adapter-roleBindingAuthReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: resource-metrics-auth-reader namespace: kube-system roleRef: diff --git a/manifests/prometheus-adapter-service.yaml b/manifests/prometheus-adapter-service.yaml index bbcd1ccd..7e711d5e 100644 --- a/manifests/prometheus-adapter-service.yaml +++ b/manifests/prometheus-adapter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-serviceAccount.yaml b/manifests/prometheus-adapter-serviceAccount.yaml index a1da8795..74404d5d 100644 --- a/manifests/prometheus-adapter-serviceAccount.yaml +++ b/manifests/prometheus-adapter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter namespace: monitoring diff --git a/manifests/prometheus-adapter-serviceMonitor.yaml b/manifests/prometheus-adapter-serviceMonitor.yaml index 2de7a36c..5d8bd2c3 100644 --- a/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/manifests/prometheus-adapter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.3 + app.kubernetes.io/version: 0.8.4 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index d11d4344..8baca486 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index 92b449a5..97814375 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index 1db20307..33bfffca 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 prometheus: k8s role: alert-rules name: prometheus-operator-rules diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 3ad1e304..7884328e 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml index 4bc1a8d0..457fe436 100644 --- a/manifests/prometheus-podDisruptionBudget.yaml +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 3febbfee..e45a86f8 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 prometheus: k8s name: k8s namespace: monitoring @@ -17,7 +17,7 @@ spec: namespace: monitoring port: web externalLabels: {} - image: quay.io/prometheus/prometheus:v2.25.0 + image: quay.io/prometheus/prometheus:v2.26.0 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -25,7 +25,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -45,4 +45,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.25.0 + version: 2.26.0 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 86a853d7..681219fb 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index 719538b9..d02fcc6a 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index 78b387f5..e9efd6bd 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index e1bd1715..d83277b4 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index de5bca6e..a55e8610 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: default rules: @@ -44,7 +44,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: kube-system rules: @@ -81,7 +81,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 799ac53f..3c512b9f 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index d82e617f..5496825f 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index 3440a5c9..edeacbc6 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.25.0 + app.kubernetes.io/version: 2.26.0 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 5cb8d021..5897c240 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -158,7 +158,7 @@ spec: description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 273616af..d6a8acd9 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -32,6 +32,55 @@ spec: spec: description: Specification of desired Ingress selection for target discovery by Prometheus. properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object interval: description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. type: string @@ -185,6 +234,99 @@ spec: type: array type: object type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object type: object required: - spec diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 3f0eb867..23816577 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -1464,6 +1464,11 @@ spec: enableAdminAPI: description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' type: boolean + enableFeatures: + description: Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + items: + type: string + type: array enforcedNamespaceLabel: description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. type: string @@ -2462,7 +2467,7 @@ spec: type: object type: object bearerToken: - description: bearer token for remote read. + description: Bearer token for remote read. type: string bearerTokenFile: description: File to read bearer token for remote read. @@ -2633,7 +2638,7 @@ spec: type: object type: object bearerToken: - description: File to read bearer token for remote write. + description: Bearer token for remote write. type: string bearerTokenFile: description: File to read bearer token for remote write. @@ -2643,6 +2648,16 @@ spec: type: string description: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer. type: object + metadataConfig: + description: MetadataConfig configures the sending of series metadata to remote storage. + properties: + send: + description: Whether metric metadata is sent to remote storage or not. + type: boolean + sendInterval: + description: How frequently metric metadata is sent to remote storage. + type: string + type: object name: description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. type: string diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 82d6ba34..4ae0a59d 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -146,7 +146,7 @@ spec: description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index ef18e645..6ff220b4 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 821e55b1..99c9ae30 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index 41c02268..23992a03 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 name: prometheus-operator namespace: monitoring spec: @@ -21,13 +21,13 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.46.0 - image: quay.io/prometheus-operator/prometheus-operator:v0.46.0 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.47.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.47.0 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index 792cc6e5..ac4e89a7 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index ecb7cce9..20f98fd2 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/version: 0.47.0 name: prometheus-operator namespace: monitoring From 3135cdd70d4e8d7d4f5ff158f081ae13c4a41809 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 16 Apr 2021 15:12:41 +0200 Subject: [PATCH 233/388] jsonnet: fix windows addon --- jsonnet/kube-prometheus/addons/windows.libsonnet | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/windows.libsonnet b/jsonnet/kube-prometheus/addons/windows.libsonnet index d8112351..cbf9071a 100644 --- a/jsonnet/kube-prometheus/addons/windows.libsonnet +++ b/jsonnet/kube-prometheus/addons/windows.libsonnet @@ -48,7 +48,7 @@ local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; prometheus+: { spec+: { additionalScrapeConfigs: { - name: 'prometheus-' + p.config.name + '-additional-scrape-config', + name: 'prometheus-' + p._config.name + '-additional-scrape-config', key: 'prometheus-additional.yaml', }, }, @@ -58,8 +58,8 @@ local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; apiVersion: 'v1', kind: 'Secret', metadata: { - name: 'prometheus-' + p.config.name + '-additional-scrape-config', - namespace: p.config.namespace, + name: 'prometheus-' + p._config.name + '-additional-scrape-config', + namespace: p._config.namespace, }, stringData: { 'prometheus-additional.yaml': std.manifestYamlDoc(sc), From 92016ef68d522f6e922a3875d0bd488c6755f92d Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 16 Apr 2021 12:54:08 +0000 Subject: [PATCH 234/388] Change message to description Signed-off-by: ArthurSens --- .../kube-prometheus/components/mixin/alerts/general.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet index 16f3e39c..221d8a83 100644 --- a/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet @@ -7,7 +7,7 @@ { alert: 'TargetDown', annotations: { - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.', + description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.', }, expr: '100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10', 'for': '10m', @@ -18,7 +18,7 @@ { alert: 'Watchdog', annotations: { - message: ||| + description: ||| This is an alert meant to ensure that the entire alerting pipeline is functional. This alert is always firing, therefore it should always be firing in Alertmanager and always fire against a receiver. There are integrations with various notification From c96c639ef18c9e4fe8ce232461b96b5313857eb9 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 16 Apr 2021 12:54:23 +0000 Subject: [PATCH 235/388] Add summary Signed-off-by: ArthurSens --- .../kube-prometheus/components/mixin/alerts/general.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet index 221d8a83..cd5c7165 100644 --- a/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet @@ -7,6 +7,7 @@ { alert: 'TargetDown', annotations: { + summary: 'One or more targets are unreachable.', description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.', }, expr: '100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10', @@ -18,6 +19,7 @@ { alert: 'Watchdog', annotations: { + summary: 'An alert that should always be firing to certify that Alertmanager is working properly.', description: ||| This is an alert meant to ensure that the entire alerting pipeline is functional. This alert is always firing, therefore it should always be firing in Alertmanager From 72b742d7e8836d9764e50862bdb8259bbf3708e3 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 16 Apr 2021 14:17:26 +0000 Subject: [PATCH 236/388] Regenerate manifests Signed-off-by: ArthurSens --- manifests/kube-prometheus-prometheusRule.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml index 530dc0cd..e3ee47fa 100644 --- a/manifests/kube-prometheus-prometheusRule.yaml +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -15,21 +15,23 @@ spec: rules: - alert: TargetDown annotations: - message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' + description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/targetdown + summary: One or more targets are unreachable. expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 for: 10m labels: severity: warning - alert: Watchdog annotations: - message: | + description: | This is an alert meant to ensure that the entire alerting pipeline is functional. This alert is always firing, therefore it should always be firing in Alertmanager and always fire against a receiver. There are integrations with various notification mechanisms that send a notification when this alert is not firing. For example the "DeadMansSnitch" integration in PagerDuty. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/watchdog + summary: An alert that should always be firing to certify that Alertmanager is working properly. expr: vector(1) labels: severity: none From b043054974079c1ae34d5e9b5c1a4f3df93e67c4 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Fri, 16 Apr 2021 19:34:07 +0000 Subject: [PATCH 237/388] Add githook to gitpod.yaml that validates fmt and manifests Signed-off-by: ArthurSens --- .gitpod.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.gitpod.yml b/.gitpod.yml index 413b7adc..1ec86098 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -3,6 +3,24 @@ tasks: - init: | make --always-make export PATH="$(pwd)/tmp/bin:${PATH}" + cat > ${PWD}/.git/hooks/pre-commit < /dev/null 2>&1 + echo "Checking if manifests are correct" + make generate > /dev/null 2>&1 + + git diff --exit-code + if [[ \$? == 1 ]]; then + echo " + + This commit is being rejected because the YAML manifests are incorrect or jsonnet needs to be formatted." + echo "Please commit your changes again!" + exit 1 + fi + EOF + chmod +x ${PWD}/.git/hooks/pre-commit vscode: extensions: - heptio.jsonnet@0.1.0:woEDU5N62LRdgdz0g/I6sQ== \ No newline at end of file From 9952e858c78cb10ae26774b9ebaf33e91ac5428c Mon Sep 17 00:00:00 2001 From: Jan Fajerski Date: Tue, 20 Apr 2021 14:31:40 +0200 Subject: [PATCH 238/388] update kubernetes-mixins Signed-off-by: Jan Fajerski --- jsonnetfile.lock.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 253fd89e..aa8a90fe 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -59,8 +59,8 @@ "subdir": "" } }, - "version": "faa0561a823cbd3b726aaefffcf6ee317547041a", - "sum": "CaoF5iyX+bntNZgcHeKcwVO1wc7X9W6u/JOuhqSW9/Q=" + "version": "ec3e85f45b5691d54a02ab38ed654c3c9f736fe5", + "sum": "6KgRTpd101espi7a7CDpkqN0yaIPmENxxlAXqGcCWhk=" }, { "source": { From 8b39a459fa2a24ac8661a183aadc182e95e263b7 Mon Sep 17 00:00:00 2001 From: Jan Fajerski Date: Tue, 20 Apr 2021 14:35:31 +0200 Subject: [PATCH 239/388] update generated assets Signed-off-by: Jan Fajerski --- manifests/grafana-dashboardDefinitions.yaml | 22 ++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 6b9ab53d..deb8ac1e 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -5087,7 +5087,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{resource=\"memory\",cluster=\"$cluster\"})", + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -11102,7 +11102,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "requests", @@ -11110,7 +11110,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "limits", @@ -12906,7 +12906,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12915,7 +12915,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12924,7 +12924,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -12933,7 +12933,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15049,7 +15049,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15058,7 +15058,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15067,7 +15067,7 @@ items: "step": 10 }, { - "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -15076,7 +15076,7 @@ items: "step": 10 }, { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, From 417e8b3f66d0558267719059b0d4eb1ee6b1bd0d Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 22 Mar 2021 13:47:54 +0100 Subject: [PATCH 240/388] jsonnet/kube-prometheus: fix jb warning message Signed-off-by: paulfantom --- jsonnet/kube-prometheus/jsonnetfile.json | 6 ++++-- jsonnetfile.lock.json | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index a0b6eddb..4fcc7d74 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -35,7 +35,8 @@ "subdir": "jsonnet/mixin" } }, - "version": "master" + "version": "master", + "name": "prometheus-operator-mixin" }, { "source": { @@ -100,7 +101,8 @@ "subdir": "mixin" } }, - "version": "release-0.19" + "version": "release-0.19", + "name": "thanos-mixin" } ], "legacyImports": true diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index aa8a90fe..e638c086 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -100,7 +100,8 @@ } }, "version": "a4f5928b074e75addb76a27c5ebfe78314fcd6d1", - "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=" + "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", + "name": "prometheus-operator-mixin" }, { "source": { @@ -152,7 +153,8 @@ } }, "version": "ba6c5c4726ff52807c7383c68f2159b1af7980bb", - "sum": "XP3uq7xcfKHsnWsz1v992csZhhZR3jQma6hFOfSViTs=" + "sum": "XP3uq7xcfKHsnWsz1v992csZhhZR3jQma6hFOfSViTs=", + "name": "thanos-mixin" }, { "source": { From 7b69800686864592cf37e3247fc6cf7dbdf29fce Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 13 Apr 2021 13:38:02 +0200 Subject: [PATCH 241/388] jsonnet: add default container annotation for KSM and blackbox Signed-off-by: paulfantom --- .../kube-prometheus/components/blackbox-exporter.libsonnet | 7 ++++++- .../components/kube-state-metrics.libsonnet | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index 2bec003b..e574c9f2 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -218,7 +218,12 @@ function(params) { replicas: bb._config.replicas, selector: { matchLabels: bb._config.selectorLabels }, template: { - metadata: { labels: bb._config.commonLabels }, + metadata: { + labels: bb._config.commonLabels, + annotations: { + 'kubectl.kubernetes.io/default-container': blackboxExporter.name, + }, + }, spec: { containers: [blackboxExporter, reloader, kubeRbacProxy], nodeSelector: { 'kubernetes.io/os': 'linux' }, diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index c9b5820f..7599f618 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -109,6 +109,11 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- deployment+: { spec+: { template+: { + metadata+: { + annotations+: { + 'kubectl.kubernetes.io/default-container': 'kube-state-metrics', + }, + }, spec+: { containers: std.map(function(c) c { ports:: null, From 412061ef51ad68a01fff69dcd770e3088679cece Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 13 Apr 2021 14:34:09 +0200 Subject: [PATCH 242/388] manifests: regenerate --- manifests/blackbox-exporter-deployment.yaml | 2 ++ manifests/kube-state-metrics-deployment.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index 359b2e16..8f895846 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -17,6 +17,8 @@ spec: app.kubernetes.io/part-of: kube-prometheus template: metadata: + annotations: + kubectl.kubernetes.io/default-container: blackbox-exporter labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index b5776083..5327e389 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -17,6 +17,8 @@ spec: app.kubernetes.io/part-of: kube-prometheus template: metadata: + annotations: + kubectl.kubernetes.io/default-container: kube-state-metrics labels: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics From 4c6a06cf7e496b3f9f752efec7ad214c0b9af169 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Fri, 16 Apr 2021 17:48:20 +0200 Subject: [PATCH 243/388] jsonnet: make prometheus-adapter highly-available Prometheus-adapter is a component of the monitoring stack that in most cases require to be highly available. For instance, we most likely always want the autoscaling pipeline to be available and we also want to avoid having no available backends serving the metrics API apiservices has it would result in both the AggregatedAPIDown alert firing and the kubectl top command not working anymore. In order to make the adapter highly-avaible, we need to increase its replica count to 2 and come up with a rolling update strategy and a pod anti-affinity rule based on the kubernetes hostname to prevent the adapters to be scheduled on the same node. The default rolling update strategy for deployments isn't enough as the default maxUnavaible value is 25% and is rounded down to 0. This means that during rolling-updates scheduling will fail if there isn't more nodes than the number of replicas. As for the maxSurge, the default should be fine as it is rounded up to 1, but for clarity it might be better to just set it to 1. For the pod anti-affinity constraints, it would be best if it was hard, but having it soft should be good enough and fit most use-cases. Signed-off-by: Damien Grisonnet --- .../addons/anti-affinity.libsonnet | 36 ++++++++++++------- .../components/prometheus-adapter.libsonnet | 5 +-- manifests/prometheus-adapter-deployment.yaml | 4 +-- 3 files changed, 29 insertions(+), 16 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index 56ea5303..d7a48107 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -12,18 +12,18 @@ podAntiAffinity: 'soft', podAntiAffinityTopologyKey: 'kubernetes.io/hostname', }, + prometheusAdapter+: { + podAntiAffinity: 'soft', + podAntiAffinityTopologyKey: 'kubernetes.io/hostname', + }, }, - local antiaffinity(key, values, namespace, type, topologyKey) = { + local antiaffinity(labelSelector, namespace, type, topologyKey) = { local podAffinityTerm = { namespaces: [namespace], topologyKey: topologyKey, labelSelector: { - matchExpressions: [{ - key: key, - operator: 'In', - values: values, - }], + matchLabels: labelSelector, }, }, @@ -45,8 +45,7 @@ alertmanager+: { spec+: antiaffinity( - 'alertmanager', - [$.values.alertmanager.name], + $.alertmanager.config.selectorLabels, $.values.common.namespace, $.values.alertmanager.podAntiAffinity, $.values.alertmanager.podAntiAffinityTopologyKey, @@ -58,8 +57,7 @@ prometheus+: { spec+: antiaffinity( - 'prometheus', - [$.values.prometheus.name], + $.prometheus.config.selectorLabels, $.values.common.namespace, $.values.prometheus.podAntiAffinity, $.values.prometheus.podAntiAffinityTopologyKey, @@ -73,8 +71,7 @@ template+: { spec+: antiaffinity( - 'app.kubernetes.io/name', - ['blackbox-exporter'], + $.blackboxExporter.config.selectorLabels, $.values.common.namespace, $.values.blackboxExporter.podAntiAffinity, $.values.blackboxExporter.podAntiAffinityTopologyKey, @@ -84,4 +81,19 @@ }, }, + prometheusAdapter+: { + deployment+: { + spec+: { + template+: { + spec+: + antiaffinity( + $.prometheusAdapter.config.selectorLabels, + $.values.common.namespace, + $.values.prometheusAdapter.podAntiAffinity, + $.values.prometheusAdapter.podAntiAffinityTopologyKey, + ), + }, + }, + }, + }, } diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 33b95d13..341a2f5a 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -8,6 +8,7 @@ local defaults = { requests: { cpu: '102m', memory: '180Mi' }, limits: { cpu: '250m', memory: '180Mi' }, }, + replicas: 2, listenAddress: '127.0.0.1', port: 9100, commonLabels:: { @@ -162,12 +163,12 @@ function(params) { labels: pa._config.commonLabels, }, spec: { - replicas: 1, + replicas: pa._config.replicas, selector: { matchLabels: pa._config.selectorLabels }, strategy: { rollingUpdate: { maxSurge: 1, - maxUnavailable: 0, + maxUnavailable: 1, }, }, template: { diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index 92740436..787e18fb 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -9,7 +9,7 @@ metadata: name: prometheus-adapter namespace: monitoring spec: - replicas: 1 + replicas: 2 selector: matchLabels: app.kubernetes.io/component: metrics-adapter @@ -18,7 +18,7 @@ spec: strategy: rollingUpdate: maxSurge: 1 - maxUnavailable: 0 + maxUnavailable: 1 template: metadata: labels: From e9d5221fb7948b1def50efc9521e4da825ab4759 Mon Sep 17 00:00:00 2001 From: Michel Tomas Date: Fri, 23 Apr 2021 01:19:05 +0200 Subject: [PATCH 244/388] fix(addons): anti-affinity field does not exist: config --- jsonnet/kube-prometheus/addons/anti-affinity.libsonnet | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index d7a48107..2053e950 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -45,7 +45,7 @@ alertmanager+: { spec+: antiaffinity( - $.alertmanager.config.selectorLabels, + $.alertmanager._config.selectorLabels, $.values.common.namespace, $.values.alertmanager.podAntiAffinity, $.values.alertmanager.podAntiAffinityTopologyKey, @@ -57,7 +57,7 @@ prometheus+: { spec+: antiaffinity( - $.prometheus.config.selectorLabels, + $.prometheus._config.selectorLabels, $.values.common.namespace, $.values.prometheus.podAntiAffinity, $.values.prometheus.podAntiAffinityTopologyKey, @@ -71,7 +71,7 @@ template+: { spec+: antiaffinity( - $.blackboxExporter.config.selectorLabels, + $.blackboxExporter._config.selectorLabels, $.values.common.namespace, $.values.blackboxExporter.podAntiAffinity, $.values.blackboxExporter.podAntiAffinityTopologyKey, @@ -87,7 +87,7 @@ template+: { spec+: antiaffinity( - $.prometheusAdapter.config.selectorLabels, + $.prometheusAdapter._config.selectorLabels, $.values.common.namespace, $.values.prometheusAdapter.podAntiAffinity, $.values.prometheusAdapter.podAntiAffinityTopologyKey, From dd1b9d00e331eaab5ce90dee65a92ec46fe7c152 Mon Sep 17 00:00:00 2001 From: Michel Tomas Date: Fri, 23 Apr 2021 01:19:22 +0200 Subject: [PATCH 245/388] docs: fix outdated anti-affinity docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8d966676..71608dd7 100644 --- a/README.md +++ b/README.md @@ -637,11 +637,11 @@ In order to configure a static etcd cluster to scrape there is a simple [kube-pr ### Pod Anti-Affinity To prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when -possible, one can include the [kube-prometheus-anti-affinity.libsonnet](jsonnet/kube-prometheus/kube-prometheus-anti-affinity.libsonnet) mixin: +possible, one can include the [kube-prometheus-anti-affinity.libsonnet](jsonnet/kube-prometheus/addons/anti-affinity.libsonnet) mixin: ```jsonnet (import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') +(import 'kube-prometheus/addons/anti-affinity.libsonnet') ``` ### Stripping container resource limits From cd755f2487392f96967bb0fca301722f8d0af0a3 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 23 Apr 2021 09:38:23 +0200 Subject: [PATCH 246/388] examples: add anti-affinity example and include it in readme --- README.md | 19 +++++++++++++++++-- examples/anti-affinity.jsonnet | 16 ++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 examples/anti-affinity.jsonnet diff --git a/README.md b/README.md index 71608dd7..a04e7750 100644 --- a/README.md +++ b/README.md @@ -639,9 +639,24 @@ In order to configure a static etcd cluster to scrape there is a simple [kube-pr To prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when possible, one can include the [kube-prometheus-anti-affinity.libsonnet](jsonnet/kube-prometheus/addons/anti-affinity.libsonnet) mixin: +[embedmd]:# (examples/anti-affinity.jsonnet) ```jsonnet -(import 'kube-prometheus/kube-prometheus.libsonnet') + -(import 'kube-prometheus/addons/anti-affinity.libsonnet') +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/anti-affinity.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, + }, +}; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } ``` ### Stripping container resource limits diff --git a/examples/anti-affinity.jsonnet b/examples/anti-affinity.jsonnet new file mode 100644 index 00000000..23720837 --- /dev/null +++ b/examples/anti-affinity.jsonnet @@ -0,0 +1,16 @@ +local kp = (import 'kube-prometheus/main.libsonnet') + + (import 'kube-prometheus/addons/anti-affinity.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, + }, +}; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } From 8c712eaa36656b76b06de13ce94afa543f3551e8 Mon Sep 17 00:00:00 2001 From: Luis Vidal Ernst Date: Tue, 27 Apr 2021 12:47:23 +0200 Subject: [PATCH 247/388] Fixed labels in windows addon --- jsonnet/kube-prometheus/addons/windows.libsonnet | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/windows.libsonnet b/jsonnet/kube-prometheus/addons/windows.libsonnet index cbf9071a..89920322 100644 --- a/jsonnet/kube-prometheus/addons/windows.libsonnet +++ b/jsonnet/kube-prometheus/addons/windows.libsonnet @@ -3,6 +3,7 @@ local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; { values+:: { + // This needs to follow prometheus naming convention and not prometheus-operator one windowsScrapeConfig+:: { job_name: 'windows-exporter', static_configs: [ @@ -15,10 +16,10 @@ local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; action: 'replace', regex: '(.*)', replacement: '$1', - sourceLabels: [ + source_labels: [ '__meta_kubernetes_endpoint_address_target_name', ], - targetLabel: 'instance', + target_label: 'instance', }, ], }, From 419eaf28cef7a0e920c7dc7144dd1a28721b9b31 Mon Sep 17 00:00:00 2001 From: Luis Vidal Ernst Date: Tue, 27 Apr 2021 12:49:29 +0200 Subject: [PATCH 248/388] Fixed windows addon example --- examples/windows.jsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/windows.jsonnet b/examples/windows.jsonnet index 0c9ff36f..d90fb8da 100644 --- a/examples/windows.jsonnet +++ b/examples/windows.jsonnet @@ -7,9 +7,9 @@ local kp = namespace: 'monitoring', }, windowsScrapeConfig+:: { - static_configs: { + static_configs: [{ targets: ['10.240.0.65:5000', '10.240.0.63:5000'], - }, + }], }, }, }; From 415afa4cc0e90bd37b0e4aed868b9f6aa8a5a1db Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 21 Apr 2021 18:39:33 +0200 Subject: [PATCH 249/388] *: cut release-0.8 Signed-off-by: paulfantom --- .github/workflows/ci.yaml | 2 +- README.md | 16 ++++--- jsonnet/kube-prometheus/jsonnetfile.json | 12 +++--- jsonnet/kube-prometheus/versions.json | 2 +- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 ++++++++++----------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- 10 files changed, 46 insertions(+), 48 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8f95eb96..02e4d1a7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -52,8 +52,8 @@ jobs: strategy: matrix: kind-image: - - 'kindest/node:v1.19.0' - 'kindest/node:v1.20.0' + # - 'kindest/node:v1.21.0' #TODO(paulfantom): enable as soon as image is available steps: - uses: actions/checkout@v2 with: diff --git a/README.md b/README.md index a04e7750..bad0188c 100644 --- a/README.md +++ b/README.md @@ -105,15 +105,13 @@ $ minikube addons disable metrics-server The following versions are supported and work as we test against these versions in their respective branches. But note that other versions might work! -| kube-prometheus stack | Kubernetes 1.16 | Kubernetes 1.17 | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | -|-----------------------|-----------------|-----------------|-----------------|-----------------|-----------------| -| `release-0.4` | ✔ (v1.16.5+) | ✔ | ✗ | ✗ | ✗ | -| `release-0.5` | ✗ | ✗ | ✔ | ✗ | ✗ | -| `release-0.6` | ✗ | ✗ | ✗ | ✔ | ✗ | -| `release-0.7` | ✗ | ✗ | ✗ | ✔ | ✔ | -| `HEAD` | ✗ | ✗ | ✗ | ✔ | ✔ | - -Note: Due to [two](https://github.com/kubernetes/kubernetes/issues/83778) [bugs](https://github.com/kubernetes/kubernetes/issues/86359) in Kubernetes v1.16.1, and prior to Kubernetes v1.16.5 the kube-prometheus release-0.4 branch only supports v1.16.5 and higher. The `extension-apiserver-authentication-reader` role in the kube-system namespace can be manually edited to include list and watch permissions in order to workaround the second issue with Kubernetes v1.16.2 through v1.16.4. +| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | +|-----------------------|-----------------|-----------------|-----------------|-----------------| +| `release-0.5` | ✔ | ✗ | ✗ | ✗ | +| `release-0.6` | ✗ | ✔ | ✗ | ✗ | +| `release-0.7` | ✗ | ✔ | ✔ | ✗ | +| `release-0.8` | ✗ | ✗ | ✔ | ✔ | +| `HEAD` | ✗ | ✗ | ✔ | ✔ | ## Quickstart diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 4fcc7d74..0d73500e 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -8,7 +8,7 @@ "subdir": "grafana" } }, - "version": "master" + "version": "8ea4e7bc04b1bf5e9bd99918ca28c6271b42be0e" }, { "source": { @@ -17,7 +17,7 @@ "subdir": "contrib/mixin" } }, - "version": "master" + "version": "562d645ac923388ff5b8d270b0536764d34b0e0f" }, { "source": { @@ -35,7 +35,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "master", + "version": "release-0.47", "name": "prometheus-operator-mixin" }, { @@ -45,7 +45,7 @@ "subdir": "" } }, - "version": "master" + "version": "release-0.8" }, { "source": { @@ -72,7 +72,7 @@ "subdir": "docs/node-mixin" } }, - "version": "master" + "version": "release-1.1" }, { "source": { @@ -91,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "master", + "version": "release-0.21", "name": "alertmanager" }, { diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 387e111c..72f91628 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,7 +1,7 @@ { "alertmanager": "0.21.0", "blackboxExporter": "0.18.0", - "grafana": "7.5.3", + "grafana": "7.5.4", "kubeStateMetrics": "2.0.0", "nodeExporter": "1.1.2", "prometheus": "2.26.0", diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 076cf1ba..8d8e8b19 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index deb8ac1e..2ab0f97b 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -1733,7 +1733,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -3604,7 +3604,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -4770,7 +4770,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -7293,7 +7293,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -9536,7 +9536,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -10503,7 +10503,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -12228,7 +12228,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -14203,7 +14203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -16343,7 +16343,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -18865,7 +18865,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -20318,7 +20318,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -22043,7 +22043,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -22996,7 +22996,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -23976,7 +23976,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -24962,7 +24962,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -25528,7 +25528,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -26745,7 +26745,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -28404,7 +28404,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -29620,7 +29620,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -30866,7 +30866,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -31955,7 +31955,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -32872,7 +32872,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-statefulset namespace: monitoring - apiVersion: v1 @@ -34299,7 +34299,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index d631765b..1381ed65 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index cb466e6e..c69b637b 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: d118a0f812be10bddbea6fdd25543bb1 + checksum/grafana-datasources: bff02b6fd55e414ce7cf08a5ea2a85e3 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 spec: containers: - env: [] - image: grafana/grafana:7.5.3 + image: grafana/grafana:7.5.4 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 46148403..2ac2ecd8 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index e10b1fa7..22d7b33f 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.3 + app.kubernetes.io/version: 7.5.4 name: grafana namespace: monitoring spec: From fa05e2cde8e4a41175812908c8ceca5f802be835 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Tue, 27 Apr 2021 15:30:06 +0200 Subject: [PATCH 250/388] jsonnet: export anti-affinity addon Export the antiaffinity function of the anti-affinity addon to make it possible to extend the addon to component that are not present in the kube-prometheus stack. Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/addons/anti-affinity.libsonnet | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index 2053e950..f71c4589 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -18,7 +18,7 @@ }, }, - local antiaffinity(labelSelector, namespace, type, topologyKey) = { + antiaffinity(labelSelector, namespace, type, topologyKey): { local podAffinityTerm = { namespaces: [namespace], topologyKey: topologyKey, @@ -44,7 +44,7 @@ alertmanager+: { alertmanager+: { spec+: - antiaffinity( + $.antiaffinity( $.alertmanager._config.selectorLabels, $.values.common.namespace, $.values.alertmanager.podAntiAffinity, @@ -56,7 +56,7 @@ prometheus+: { prometheus+: { spec+: - antiaffinity( + $.antiaffinity( $.prometheus._config.selectorLabels, $.values.common.namespace, $.values.prometheus.podAntiAffinity, @@ -70,7 +70,7 @@ spec+: { template+: { spec+: - antiaffinity( + $.antiaffinity( $.blackboxExporter._config.selectorLabels, $.values.common.namespace, $.values.blackboxExporter.podAntiAffinity, @@ -86,7 +86,7 @@ spec+: { template+: { spec+: - antiaffinity( + $.antiaffinity( $.prometheusAdapter._config.selectorLabels, $.values.common.namespace, $.values.prometheusAdapter.podAntiAffinity, From 53efc25b3f77bcf0de23b9f7e5bed4f92387dd23 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 27 Apr 2021 15:57:21 +0200 Subject: [PATCH 251/388] jsonnet: pin alertmanager to specific commit as release-0.21 doesn't have mixin directory Signed-off-by: paulfantom --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 0d73500e..3678bf2d 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -91,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "release-0.21", + "version": "99f64e944b1043c790784cf5373c8fb349816fc4", "name": "alertmanager" }, { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index e638c086..b9304a99 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -120,8 +120,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "22ac6dff21901bfce14545da59b37a1aaca0db3a", - "sum": "VP1vn/WTGLZaBgGhGMUO81qNTc/fnp5KtzVjcaxad6Q=", + "version": "99f64e944b1043c790784cf5373c8fb349816fc4", + "sum": "V8jcZQ1Qrlm7AQ6wjbuQQsacPb0NvrcZovKyplmzW5w=", "name": "alertmanager" }, { From be2964887f96d37bbb052fb6e5151f5cb988cb58 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Fri, 30 Apr 2021 12:46:48 +0200 Subject: [PATCH 252/388] can change configmapReload over $.values.common.images --- .../kube-prometheus/components/blackbox-exporter.libsonnet | 2 +- jsonnet/kube-prometheus/main.libsonnet | 3 +++ jsonnet/kube-prometheus/versions.json | 5 +++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index e574c9f2..71af4056 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -20,7 +20,7 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, - configmapReloaderImage: 'jimmidyson/configmap-reload:v0.5.0', + configmapReloaderImage: error 'must provide version', port: 9115, internalPort: 19115, diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 1c13b7b9..d35ce215 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -30,6 +30,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheus: error 'must provide version', prometheusAdapter: error 'must provide version', prometheusOperator: error 'must provide version', + configmapReload: error 'must provide version' } + (import 'versions.json'), images: { alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, @@ -41,6 +42,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, + configmapReload: 'jimmidyson/configmap-reload:v' + $.values.common.versions.configmapReload, }, }, alertmanager: { @@ -54,6 +56,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; namespace: $.values.common.namespace, version: $.values.common.versions.blackboxExporter, image: $.values.common.images.blackboxExporter, + configmapReloaderImage: $.values.common.images.configmapReload, }, grafana: { namespace: $.values.common.namespace, diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 72f91628..892e6053 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -6,5 +6,6 @@ "nodeExporter": "1.1.2", "prometheus": "2.26.0", "prometheusAdapter": "0.8.4", - "prometheusOperator": "0.47.0" -} + "prometheusOperator": "0.47.0", + "configmapReload": "0.5.0" +} \ No newline at end of file From 57612678426ae724568bfbbc17bb2947c7df7375 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Fri, 30 Apr 2021 13:48:34 +0200 Subject: [PATCH 253/388] can change kubeRbacProxy over $.values.common.images --- .../kube-prometheus/components/blackbox-exporter.libsonnet | 2 ++ .../kube-prometheus/components/kube-rbac-proxy.libsonnet | 2 +- .../kube-prometheus/components/kube-state-metrics.libsonnet | 3 +++ jsonnet/kube-prometheus/components/node-exporter.libsonnet | 2 ++ .../components/prometheus-operator.libsonnet | 2 ++ jsonnet/kube-prometheus/main.libsonnet | 6 ++++++ jsonnet/kube-prometheus/versions.json | 5 +++-- 7 files changed, 19 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index e574c9f2..bd61e25f 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -21,6 +21,7 @@ local defaults = { if !std.setMember(labelName, ['app.kubernetes.io/version']) }, configmapReloaderImage: 'jimmidyson/configmap-reload:v0.5.0', + kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', port: 9115, internalPort: 19115, @@ -204,6 +205,7 @@ function(params) { ports: [ { name: 'https', containerPort: bb._config.port }, ], + image: bb._config.kubeRbacProxyImage, }); { diff --git a/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet b/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet index faec1f40..534a2eed 100644 --- a/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet @@ -1,6 +1,6 @@ local defaults = { namespace: error 'must provide namespace', - image: 'quay.io/brancz/kube-rbac-proxy:v0.8.0', + image: error 'must provide image', ports: error 'must provide ports', secureListenAddress: error 'must provide secureListenAddress', upstream: error 'must provide upstream', diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 7599f618..462e02fe 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -6,6 +6,7 @@ local defaults = { namespace: error 'must provide namespace', version: error 'must provide version', image: error 'must provide version', + kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', resources: { requests: { cpu: '10m', memory: '190Mi' }, limits: { cpu: '100m', memory: '250Mi' }, @@ -95,6 +96,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- limits+: { cpu: '40m' }, requests+: { cpu: '20m' }, }, + image: ksm._config.kubeRbacProxyImage }), local kubeRbacProxySelf = krp({ @@ -104,6 +106,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- ports: [ { name: 'https-self', containerPort: 9443 }, ], + image: ksm._config.kubeRbacProxyImage, }), deployment+: { diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 0f07f8af..30c8173b 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -6,6 +6,7 @@ local defaults = { namespace: error 'must provide namespace', version: error 'must provide version', image: error 'must provide version', + kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', resources: { requests: { cpu: '102m', memory: '180Mi' }, limits: { cpu: '250m', memory: '180Mi' }, @@ -200,6 +201,7 @@ function(params) { ports: [ { name: 'https', containerPort: ne._config.port, hostPort: ne._config.port }, ], + image: ne._config.kubeRbacProxyImage, }) + { env: [ { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } }, diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index 7b6d0a33..4bb98b48 100644 --- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -7,6 +7,7 @@ local defaults = { namespace: error 'must provide namespace', version: error 'must provide version', image: error 'must provide image', + kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', configReloaderImage: error 'must provide config reloader image', resources: { limits: { cpu: '200m', memory: '200Mi' }, @@ -114,6 +115,7 @@ function(params) ports: [ { name: 'https', containerPort: 8443 }, ], + image: po._config.kubeRbacProxyImage, }), deployment+: { diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 1c13b7b9..435c1acc 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -30,6 +30,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheus: error 'must provide version', prometheusAdapter: error 'must provide version', prometheusOperator: error 'must provide version', + kubeRbacProxy: error 'must provide version', } + (import 'versions.json'), images: { alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, @@ -41,6 +42,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, + kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy:v' + $.values.common.versions.kubeRbacProxy }, }, alertmanager: { @@ -54,6 +56,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; namespace: $.values.common.namespace, version: $.values.common.versions.blackboxExporter, image: $.values.common.images.blackboxExporter, + kubeRbacProxyImage: $.values.common.images.kubeRbacProxy, }, grafana: { namespace: $.values.common.namespace, @@ -68,12 +71,14 @@ local platformPatch = import './platforms/platforms.libsonnet'; version: $.values.common.versions.kubeStateMetrics, image: $.values.common.images.kubeStateMetrics, mixin+: { ruleLabels: $.values.common.ruleLabels }, + kubeRbacProxyImage: $.values.common.images.kubeRbacProxy, }, nodeExporter: { namespace: $.values.common.namespace, version: $.values.common.versions.nodeExporter, image: $.values.common.images.nodeExporter, mixin+: { ruleLabels: $.values.common.ruleLabels }, + kubeRbacProxyImage: $.values.common.images.kubeRbacProxy, }, prometheus: { namespace: $.values.common.namespace, @@ -98,6 +103,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; 'app.kubernetes.io/part-of': 'kube-prometheus', }, mixin+: { ruleLabels: $.values.common.ruleLabels }, + kubeRbacProxyImage: $.values.common.images.kubeRbacProxy, }, kubernetesControlPlane: { namespace: $.values.common.namespace, diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 72f91628..ca9e2368 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -6,5 +6,6 @@ "nodeExporter": "1.1.2", "prometheus": "2.26.0", "prometheusAdapter": "0.8.4", - "prometheusOperator": "0.47.0" -} + "prometheusOperator": "0.47.0", + "kubeRbacProxy": "0.8.0" +} \ No newline at end of file From 7e5d4196b960ce8c6cfc1c7527cc9af2d8cdd6f9 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Fri, 30 Apr 2021 14:05:23 +0200 Subject: [PATCH 254/388] can change grafanaImage over $.values.common.images --- jsonnet/kube-prometheus/components/grafana.libsonnet | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 5d2eeb5b..1fd668f3 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -3,8 +3,7 @@ local defaults = { name: 'grafana', namespace: error 'must provide namespace', version: error 'must provide version', - // image: error 'must provide image', - imageRepos: 'grafana/grafana', + image: error 'must provide image', resources: { requests: { cpu: '100m', memory: '100Mi' }, limits: { cpu: '200m', memory: '200Mi' }, @@ -44,7 +43,7 @@ function(params) { grafana: g._config.version, }, imageRepos+:: { - grafana: g._config.imageRepos, + grafana: std.split(g._config.image, ":")[0], }, prometheus+:: { name: g._config.prometheusName, From 80408c60570f937b32781d39f04875d223147aee Mon Sep 17 00:00:00 2001 From: Junaid Ali Date: Sat, 1 May 2021 16:28:42 +0100 Subject: [PATCH 255/388] Adding release branch URLs to compatibility matrix --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bad0188c..bb765343 100644 --- a/README.md +++ b/README.md @@ -105,13 +105,13 @@ $ minikube addons disable metrics-server The following versions are supported and work as we test against these versions in their respective branches. But note that other versions might work! -| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | -|-----------------------|-----------------|-----------------|-----------------|-----------------| -| `release-0.5` | ✔ | ✗ | ✗ | ✗ | -| `release-0.6` | ✗ | ✔ | ✗ | ✗ | -| `release-0.7` | ✗ | ✔ | ✔ | ✗ | -| `release-0.8` | ✗ | ✗ | ✔ | ✔ | -| `HEAD` | ✗ | ✗ | ✔ | ✔ | +| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | +|--------------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------| +| [`release-0.5`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✔ | ✗ | ✗ | ✗ | +| [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | +| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✗ | ✔ | ✔ | ✗ | +| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✗ | ✗ | ✔ | ✔ | +| [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✔ | ✔ | ## Quickstart From 78b88e1b17b30c7a4cb530461668ce4c290c5e50 Mon Sep 17 00:00:00 2001 From: Junaid Ali Date: Sat, 1 May 2021 16:30:03 +0100 Subject: [PATCH 256/388] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bb765343..1dd99522 100644 --- a/README.md +++ b/README.md @@ -109,8 +109,8 @@ The following versions are supported and work as we test against these versions |--------------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------| | [`release-0.5`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✔ | ✗ | ✗ | ✗ | | [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | -| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✗ | ✔ | ✔ | ✗ | -| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✗ | ✗ | ✔ | ✔ | +| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | +| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | | [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✔ | ✔ | ## Quickstart From 14e61430375de8f3227900c5ade308112fb3a672 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Mon, 3 May 2021 06:35:59 +0200 Subject: [PATCH 257/388] replace double quotes with single quotes --- jsonnet/kube-prometheus/components/grafana.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 1fd668f3..f45d75f8 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -43,7 +43,7 @@ function(params) { grafana: g._config.version, }, imageRepos+:: { - grafana: std.split(g._config.image, ":")[0], + grafana: std.split(g._config.image, ':')[0], }, prometheus+:: { name: g._config.prometheusName, From f107e8fb16b4403dc7c212ce5173769a000d00d7 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Mon, 3 May 2021 06:59:10 +0200 Subject: [PATCH 258/388] fix formatting issues --- jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet | 2 +- jsonnet/kube-prometheus/main.libsonnet | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 462e02fe..1ebd1480 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -96,7 +96,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- limits+: { cpu: '40m' }, requests+: { cpu: '20m' }, }, - image: ksm._config.kubeRbacProxyImage + image: ksm._config.kubeRbacProxyImage, }), local kubeRbacProxySelf = krp({ diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 435c1acc..a1a62bbc 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -42,7 +42,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, - kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy:v' + $.values.common.versions.kubeRbacProxy + kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy:v' + $.values.common.versions.kubeRbacProxy, }, }, alertmanager: { From 8c221441d136ccb17f0fcb6143272980fc7cb23d Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Mon, 3 May 2021 07:02:28 +0200 Subject: [PATCH 259/388] fix formatting issues --- jsonnet/kube-prometheus/main.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index d35ce215..48b1f4e9 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -30,7 +30,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheus: error 'must provide version', prometheusAdapter: error 'must provide version', prometheusOperator: error 'must provide version', - configmapReload: error 'must provide version' + configmapReload: error 'must provide version', } + (import 'versions.json'), images: { alertmanager: 'quay.io/prometheus/alertmanager:v' + $.values.common.versions.alertmanager, From 2531c043dc5bf2727934dba992707846bee7e15c Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 3 May 2021 10:01:37 +0200 Subject: [PATCH 260/388] jsonnet: fix conflict resolution --- .../kube-prometheus/components/blackbox-exporter.libsonnet | 5 ++--- jsonnet/kube-prometheus/versions.json | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index 8bed7b84..074a9f34 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -20,9 +20,8 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, - configmapReloaderImage: 'jimmidyson/configmap-reload:v0.5.0', - kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', - + configmapReloaderImage: error 'must provide version', + kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', port: 9115, internalPort: 19115, diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index d0bfa160..2a7e6ea0 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -7,6 +7,6 @@ "prometheus": "2.26.0", "prometheusAdapter": "0.8.4", "prometheusOperator": "0.47.0", - "kubeRbacProxy": "0.8.0" + "kubeRbacProxy": "0.8.0", "configmapReload": "0.5.0" -} \ No newline at end of file +} From b9a49678b2fd7638e226bc9cf5b2b36cb072ef36 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 3 May 2021 10:02:45 +0200 Subject: [PATCH 261/388] jsonnet: fmt --- jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index 074a9f34..a5ca911d 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -21,7 +21,7 @@ local defaults = { if !std.setMember(labelName, ['app.kubernetes.io/version']) }, configmapReloaderImage: error 'must provide version', - kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', + kubeRbacProxyImage: error 'must provide kubeRbacProxyImage', port: 9115, internalPort: 19115, From 982360b65e4e9fb0286f5d0fa86801013727d809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Krupa?= Date: Mon, 3 May 2021 16:01:26 +0200 Subject: [PATCH 262/388] addons: hide inline antiaffinity function --- jsonnet/kube-prometheus/addons/anti-affinity.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet index f71c4589..e266b913 100644 --- a/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet +++ b/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet @@ -18,7 +18,7 @@ }, }, - antiaffinity(labelSelector, namespace, type, topologyKey): { + antiaffinity(labelSelector, namespace, type, topologyKey):: { local podAffinityTerm = { namespaces: [namespace], topologyKey: topologyKey, From ee7fb97598a3f7c4f2ec221b6958069935e34c97 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 4 May 2021 13:20:28 +0200 Subject: [PATCH 263/388] jsonnet: by default select rules from all available namespaces --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index b3e919ff..eb8f7561 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -277,14 +277,15 @@ function(params) { }, externalLabels: p._config.externalLabels, serviceAccountName: 'prometheus-' + p._config.name, - serviceMonitorSelector: {}, podMonitorSelector: {}, - probeSelector: {}, - serviceMonitorNamespaceSelector: {}, podMonitorNamespaceSelector: {}, + probeSelector: {}, probeNamespaceSelector: {}, - nodeSelector: { 'kubernetes.io/os': 'linux' }, + ruleNamespaceSelector: {}, ruleSelector: p._config.ruleSelector, + serviceMonitorSelector: {}, + serviceMonitorNamespaceSelector: {}, + nodeSelector: { 'kubernetes.io/os': 'linux' }, resources: p._config.resources, alerting: { alertmanagers: [{ From 15a8351ce0a5fdd0fb3377815f91ff121ef9a774 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 5 May 2021 08:57:27 +0200 Subject: [PATCH 264/388] manifests: regenerate --- manifests/prometheus-prometheus.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index e45a86f8..b466b670 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -34,6 +34,7 @@ spec: resources: requests: memory: 400Mi + ruleNamespaceSelector: {} ruleSelector: matchLabels: prometheus: k8s From a4a4d4b7447db8a449b71f3f7a03ffeb1b1b00f7 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 5 May 2021 15:53:29 +0200 Subject: [PATCH 265/388] jsonnet: add PDB to prometheus-adapter Adding a PodDisruptionBudget to prometheus-adapter ensure that at least one replica of the adapter is always available. This make sure that even during disruption the aggregated API is available and thus does not impact the availability of the apiserver. Signed-off-by: Damien Grisonnet --- .../components/prometheus-adapter.libsonnet | 16 ++++++++++++++++ kustomization.yaml | 1 + .../prometheus-adapter-podDisruptionBudget.yaml | 17 +++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 manifests/prometheus-adapter-podDisruptionBudget.yaml diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 341a2f5a..8312183c 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -300,4 +300,20 @@ function(params) { namespace: pa._config.namespace, }], }, + + [if (defaults + params).replicas > 1 then 'podDisruptionBudget']: { + apiVersion: 'policy/v1beta1', + kind: 'PodDisruptionBudget', + metadata: { + name: pa._config.name, + namespace: pa._config.namespace, + labels: pa._config.commonLabels, + }, + spec: { + minAvailable: 1, + selector: { + matchLabels: pa._config.selectorLabels, + }, + }, + }, } diff --git a/kustomization.yaml b/kustomization.yaml index e23e2e6a..2f5b872e 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -51,6 +51,7 @@ resources: - ./manifests/prometheus-adapter-clusterRoleServerResources.yaml - ./manifests/prometheus-adapter-configMap.yaml - ./manifests/prometheus-adapter-deployment.yaml +- ./manifests/prometheus-adapter-podDisruptionBudget.yaml - ./manifests/prometheus-adapter-roleBindingAuthReader.yaml - ./manifests/prometheus-adapter-service.yaml - ./manifests/prometheus-adapter-serviceAccount.yaml diff --git a/manifests/prometheus-adapter-podDisruptionBudget.yaml b/manifests/prometheus-adapter-podDisruptionBudget.yaml new file mode 100644 index 00000000..cbb4a8a8 --- /dev/null +++ b/manifests/prometheus-adapter-podDisruptionBudget.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 0.8.4 + name: prometheus-adapter + namespace: monitoring +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: kube-prometheus From c2ea96bf4fc1eb03609388c60a5d84e6d99684c2 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 4 May 2021 15:39:44 +0200 Subject: [PATCH 266/388] jsonnet: use common to populate options for additional objects Signed-off-by: paulfantom --- README.md | 2 +- examples/jsonnet-snippets/platform.jsonnet | 2 +- jsonnet/kube-prometheus/main.libsonnet | 18 ++++++++---------- .../platforms/platforms.libsonnet | 2 +- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 1dd99522..528199e8 100644 --- a/README.md +++ b/README.md @@ -376,7 +376,7 @@ These mixins are selectable via the `platform` field of kubePrometheus: (import 'kube-prometheus/main.libsonnet') + { values+:: { - kubePrometheus+: { + common+: { platform: 'example-platform', }, }, diff --git a/examples/jsonnet-snippets/platform.jsonnet b/examples/jsonnet-snippets/platform.jsonnet index a3ad9c3d..e3a58804 100644 --- a/examples/jsonnet-snippets/platform.jsonnet +++ b/examples/jsonnet-snippets/platform.jsonnet @@ -1,7 +1,7 @@ (import 'kube-prometheus/main.libsonnet') + { values+:: { - kubePrometheus+: { + common+: { platform: 'example-platform', }, }, diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index a9b68896..e1dc0b59 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -16,6 +16,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; values:: { common: { namespace: 'default', + platform: null, ruleLabels: { role: 'alert-rules', prometheus: $.values.prometheus.name, @@ -102,9 +103,6 @@ local platformPatch = import './platforms/platforms.libsonnet'; version: $.values.common.versions.prometheusOperator, image: $.values.common.images.prometheusOperator, configReloaderImage: $.values.common.images.prometheusOperatorReloader, - commonLabels+: { - 'app.kubernetes.io/part-of': 'kube-prometheus', - }, mixin+: { ruleLabels: $.values.common.ruleLabels }, kubeRbacProxyImage: $.values.common.images.kubeRbacProxy, }, @@ -112,11 +110,6 @@ local platformPatch = import './platforms/platforms.libsonnet'; namespace: $.values.common.namespace, mixin+: { ruleLabels: $.values.common.ruleLabels }, }, - kubePrometheus: { - namespace: $.values.common.namespace, - mixin+: { ruleLabels: $.values.common.ruleLabels }, - platform: null, - }, }, alertmanager: alertmanager($.values.alertmanager), @@ -128,12 +121,17 @@ local platformPatch = import './platforms/platforms.libsonnet'; prometheusAdapter: prometheusAdapter($.values.prometheusAdapter), prometheusOperator: prometheusOperator($.values.prometheusOperator), kubernetesControlPlane: kubernetesControlPlane($.values.kubernetesControlPlane), - kubePrometheus: customMixin($.values.kubePrometheus) + { + kubePrometheus: customMixin( + { + namespace: $.values.common.namespace, + mixin+: { ruleLabels: $.values.common.ruleLabels }, + } + ) + { namespace: { apiVersion: 'v1', kind: 'Namespace', metadata: { - name: $.values.kubePrometheus.namespace, + name: $.values.common.namespace, }, }, }, diff --git a/jsonnet/kube-prometheus/platforms/platforms.libsonnet b/jsonnet/kube-prometheus/platforms/platforms.libsonnet index 979190f2..a3978a6c 100644 --- a/jsonnet/kube-prometheus/platforms/platforms.libsonnet +++ b/jsonnet/kube-prometheus/platforms/platforms.libsonnet @@ -26,7 +26,7 @@ local platformPatch(p) = if p != null && std.objectHas(platforms, p) then platfo prometheusOperator: {}, kubernetesControlPlane: {}, kubePrometheus: {}, - } + platformPatch($.values.kubePrometheus.platform), + } + platformPatch($.values.common.platform), alertmanager+: p.alertmanager, blackboxExporter+: p.blackboxExporter, From f340a76e2165cc9d51edb9a613f07b40fbaa35af Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 7 May 2021 09:37:03 +0200 Subject: [PATCH 267/388] jsonnet/addons: fix config-reloader limits --- jsonnet/kube-prometheus/addons/strip-limits.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/strip-limits.libsonnet b/jsonnet/kube-prometheus/addons/strip-limits.libsonnet index 83c5f77b..6faec944 100644 --- a/jsonnet/kube-prometheus/addons/strip-limits.libsonnet +++ b/jsonnet/kube-prometheus/addons/strip-limits.libsonnet @@ -37,7 +37,7 @@ spec+: { local addArgs(c) = if c.name == 'prometheus-operator' - then c { args+: ['--config-reloader-cpu=0'] } + then c { args+: ['--config-reloader-cpu-limit=0', '--config-reloader-memory-limit=0'] } else c, containers: std.map(addArgs, super.containers), }, From babc6b820c841b29099da24cb86adfb71be0746a Mon Sep 17 00:00:00 2001 From: faruryo Date: Sun, 9 May 2021 23:26:47 +0900 Subject: [PATCH 268/388] Fix scheduler and controller selectors for Kubespray - refs:https://github.com/prometheus-operator/kube-prometheus/pull/916 - kubespray uses kubeadm, so it is good to inherit it --- .../platforms/kubespray.libsonnet | 57 +------------------ 1 file changed, 1 insertion(+), 56 deletions(-) diff --git a/jsonnet/kube-prometheus/platforms/kubespray.libsonnet b/jsonnet/kube-prometheus/platforms/kubespray.libsonnet index 3b35e8e1..dabee251 100644 --- a/jsonnet/kube-prometheus/platforms/kubespray.libsonnet +++ b/jsonnet/kube-prometheus/platforms/kubespray.libsonnet @@ -1,56 +1 @@ -local service(name, namespace, labels, selector, ports) = { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: name, - namespace: namespace, - labels: labels, - }, - spec: { - ports+: ports, - selector: selector, - clusterIP: 'None', - }, -}; - -{ - - kubernetesControlPlane+: { - kubeControllerManagerPrometheusDiscoveryService: service( - 'kube-controller-manager-prometheus-discovery', - 'kube-system', - { 'app.kubernetes.io/name': 'kube-controller-manager' }, - { 'app.kubernetes.io/name': 'kube-controller-manager' }, - [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] - ), - - kubeSchedulerPrometheusDiscoveryService: service( - 'kube-scheduler-prometheus-discovery', - 'kube-system', - { 'app.kubernetes.io/name': 'kube-scheduler' }, - { 'app.kubernetes.io/name': 'kube-scheduler' }, - [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], - ), - - serviceMonitorKubeScheduler+: { - spec+: { - selector+: { - matchLabels: { - 'app.kubernetes.io/name': 'kube-scheduler', - }, - }, - }, - }, - - serviceMonitorKubeControllerManager+: { - spec+: { - selector+: { - matchLabels: { - 'app.kubernetes.io/name': 'kube-controller-manager', - }, - }, - }, - }, - - }, -} +(import './kubeadm.libsonnet') From e58cadfe9647c7ef9f4a978837ab6cf390bfa107 Mon Sep 17 00:00:00 2001 From: Simon Pasquier Date: Mon, 17 May 2021 12:42:43 +0200 Subject: [PATCH 269/388] jsonnet/kube-prometheus/addons: fix KSM regex patterns Signed-off-by: Simon Pasquier --- jsonnet/kube-prometheus/addons/ksm-lite.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet b/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet index 18791e1e..cf06ebdc 100644 --- a/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet +++ b/jsonnet/kube-prometheus/addons/ksm-lite.libsonnet @@ -16,8 +16,8 @@ local addArgs(args, name, containers) = std.map( containers: addArgs( [||| --metric-denylist= - kube_*_created, - kube_*_metadata_resource_version, + kube_.+_created, + kube_.+_metadata_resource_version, kube_replicaset_metadata_generation, kube_replicaset_status_observed_generation, kube_pod_restart_policy, From a8c344c848932c839c8244ded1244e98f72f6239 Mon Sep 17 00:00:00 2001 From: Piotr Piskiewicz Date: Mon, 17 May 2021 21:32:01 +0200 Subject: [PATCH 270/388] jsonnet/components: fix missing resource config in blackbox exporter --- jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet index a5ca911d..cb4dcd9a 100644 --- a/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet @@ -201,6 +201,7 @@ function(params) { local kubeRbacProxy = krp({ name: 'kube-rbac-proxy', upstream: 'http://127.0.0.1:' + bb._config.internalPort + '/', + resources: bb._config.resources, secureListenAddress: ':' + bb._config.port, ports: [ { name: 'https', containerPort: bb._config.port }, From 3197720de6bf630c22ede17a7e1e854ba52dd7d9 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 21 May 2021 11:43:54 +0200 Subject: [PATCH 271/388] *: add test of mixin addition in examples/; change config to `_config` in addMixin to be consistent with main components --- examples/mixin-inclusion.jsonnet | 30 +++++++++++++++++++++ jsonnet/kube-prometheus/lib/mixin.libsonnet | 22 +++++++-------- 2 files changed, 41 insertions(+), 11 deletions(-) create mode 100644 examples/mixin-inclusion.jsonnet diff --git a/examples/mixin-inclusion.jsonnet b/examples/mixin-inclusion.jsonnet new file mode 100644 index 00000000..fc75c628 --- /dev/null +++ b/examples/mixin-inclusion.jsonnet @@ -0,0 +1,30 @@ +local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet'); +local etcdMixin = addMixin({ + name: 'etcd', + mixin: (import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + { + _config+: {}, // mixin configuration object + }, +}); + +local kp = (import 'kube-prometheus/main.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + grafana+: { + // Adding new dashboard to grafana. This will modify grafana configMap with dashboards + dashboards+: etcdMixin.grafanaDashboards, + }, + }, + }; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +// Rendering prometheusRules object. This is an object compatible with prometheus-operator CRD definition for prometheusRule +{ 'external-mixins/etcd-mixin-prometheus-rules': etcdMixin.prometheusRules } diff --git a/jsonnet/kube-prometheus/lib/mixin.libsonnet b/jsonnet/kube-prometheus/lib/mixin.libsonnet index ae39425d..4c0665ea 100644 --- a/jsonnet/kube-prometheus/lib/mixin.libsonnet +++ b/jsonnet/kube-prometheus/lib/mixin.libsonnet @@ -8,29 +8,29 @@ local defaults = { }; function(params) { - config:: defaults + params, + _config:: defaults + params, local m = self, - local prometheusRules = if std.objectHasAll(m.config.mixin, 'prometheusRules') || std.objectHasAll(m.config.mixin, 'prometheusAlerts') then { + local prometheusRules = if std.objectHasAll(m._config.mixin, 'prometheusRules') || std.objectHasAll(m._config.mixin, 'prometheusAlerts') then { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { - labels: m.config.labels, - name: m.config.name, - namespace: m.config.namespace, + labels: m._config.labels, + name: m._config.name, + namespace: m._config.namespace, }, spec: { - local r = if std.objectHasAll(m.config.mixin, 'prometheusRules') then m.config.mixin.prometheusRules.groups else [], - local a = if std.objectHasAll(m.config.mixin, 'prometheusAlerts') then m.config.mixin.prometheusAlerts.groups else [], + local r = if std.objectHasAll(m._config.mixin, 'prometheusRules') then m._config.mixin.prometheusRules.groups else [], + local a = if std.objectHasAll(m._config.mixin, 'prometheusAlerts') then m._config.mixin.prometheusAlerts.groups else [], groups: a + r, }, }, - local grafanaDashboards = if std.objectHasAll(m.config.mixin, 'grafanaDashboards') then ( - if std.objectHas(m.config, 'dashboardFolder') then { - [m.config.dashboardFolder]+: m.config.mixin.grafanaDashboards, - } else (m.config.mixin.grafanaDashboards) + local grafanaDashboards = if std.objectHasAll(m._config.mixin, 'grafanaDashboards') then ( + if std.objectHas(m._config, 'dashboardFolder') then { + [m._config.dashboardFolder]+: m._config.mixin.grafanaDashboards, + } else (m._config.mixin.grafanaDashboards) ), prometheusRules: prometheusRules, From 9e00fa5136c85902af20177799005c256165aba7 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 21 May 2021 11:44:16 +0200 Subject: [PATCH 272/388] docs: regenerate --- ...prometheus-rules-and-grafana-dashboards.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 2ca2e621..1a9b3141 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -479,3 +479,39 @@ values+:: { }, } + myMixin.grafanaDashboards ``` + +Full example of including etcd mixin using method described above: + +[embedmd]:# (../examples/mixin-inclusion.jsonnet) +```jsonnet +local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet'); +local etcdMixin = addMixin({ + name: 'etcd', + mixin: (import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + { + _config+: {}, // mixin configuration object + }, +}); + +local kp = (import 'kube-prometheus/main.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + grafana+: { + // Adding new dashboard to grafana. This will modify grafana configMap with dashboards + dashboards+: etcdMixin.grafanaDashboards, + }, + }, + }; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +// Rendering prometheusRules object. This is an object compatible with prometheus-operator CRD definition for prometheusRule +{ 'external-mixins/etcd-mixin-prometheus-rules': etcdMixin.prometheusRules } +``` From 5fbdddf92e131071567577568f4e2b7f85013244 Mon Sep 17 00:00:00 2001 From: fpetkovski Date: Tue, 25 May 2021 15:23:17 +0200 Subject: [PATCH 273/388] Update kubeconform to 0.4.7 This change updates the version of kubeconform to 0.4.7. It simplifies the `validate` Makefile target and extracts the kubernetes version into a variable. --- Makefile | 5 +++-- scripts/go.mod | 2 +- scripts/go.sum | 6 ++++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 15707b08..5297661b 100644 --- a/Makefile +++ b/Makefile @@ -13,6 +13,8 @@ TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLIN JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s +KUBE_VERSION?="1.20.0" + all: generate fmt test .PHONY: clean @@ -38,8 +40,7 @@ crdschemas: vendor .PHONY: validate validate: crdschemas manifests $(KUBECONFORM_BIN) - # Follow-up on https://github.com/instrumenta/kubernetes-json-schema/issues/26 if validations start failing - $(KUBECONFORM_BIN) -schema-location 'https://kubernetesjsonschema.dev' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/ + $(KUBECONFORM_BIN) -kubernetes-version $(KUBE_VERSION) -schema-location 'default' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/ .PHONY: fmt fmt: $(JSONNETFMT_BIN) diff --git a/scripts/go.mod b/scripts/go.mod index 5f3eec9e..07b37e91 100644 --- a/scripts/go.mod +++ b/scripts/go.mod @@ -7,5 +7,5 @@ require ( github.com/campoy/embedmd v1.0.0 github.com/google/go-jsonnet v0.17.1-0.20210101181740-31d71aaccda6 // 7 commits after 0.17.0. Needed by jsonnet linter github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 - github.com/yannh/kubeconform v0.4.2 // indirect + github.com/yannh/kubeconform v0.4.7 ) diff --git a/scripts/go.sum b/scripts/go.sum index d98867db..1f96b0ed 100644 --- a/scripts/go.sum +++ b/scripts/go.sum @@ -2,6 +2,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5Vpd github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs= +github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c h1:hb6WqfcKQZlNx/vahy51SaIvKnoXD5609Nm0PC4msEM= github.com/brancz/gojsontoyaml v0.0.0-20200602132005-3697ded27e8c/go.mod h1:+00lOjYXPgMfxHVPvg9GDtc3BX5Xh5aFpB4gMB8gfMo= github.com/campoy/embedmd v1.0.0 h1:V4kI2qTJJLf4J29RzI/MAt2c3Bl4dQSYPuflzwFH2hY= @@ -22,6 +24,7 @@ github.com/jsonnet-bundler/jsonnet-bundler v0.4.0 h1:4BKZ6LDqPc2wJDmaKnmYD/vDjUp github.com/jsonnet-bundler/jsonnet-bundler v0.4.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -38,6 +41,7 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= @@ -50,6 +54,8 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/yannh/kubeconform v0.4.2 h1:8ve/dz6ns9tT5efR1Qfn8569JkenPFqnWcVWGz3lqPw= github.com/yannh/kubeconform v0.4.2/go.mod h1:Ysf3RSreh2rX8IJsVt/uT3Um/U3e3ykx6Fcz8nCdskM= +github.com/yannh/kubeconform v0.4.7 h1:ExAjZYd6D0WnG/Eq/IRxvTebPbARh6e6M96Pq8Xy5u0= +github.com/yannh/kubeconform v0.4.7/go.mod h1:lhkEiaDOtSewHGGZ8iR2iiTC0CSnR7xbMEtyL4bm4rE= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4= From ddfadbadf9902449b91cc6e1c69758bfe2092e13 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 27 Apr 2021 14:51:01 +0200 Subject: [PATCH 274/388] jsonnet: unpin dependencies Signed-off-by: paulfantom --- jsonnet/kube-prometheus/jsonnetfile.json | 22 +++++----- jsonnetfile.lock.json | 51 ++++++++++-------------- 2 files changed, 31 insertions(+), 42 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 3678bf2d..9a0ae384 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -8,7 +8,7 @@ "subdir": "grafana" } }, - "version": "8ea4e7bc04b1bf5e9bd99918ca28c6271b42be0e" + "version": "master" }, { "source": { @@ -17,7 +17,7 @@ "subdir": "contrib/mixin" } }, - "version": "562d645ac923388ff5b8d270b0536764d34b0e0f" + "version": "main" }, { "source": { @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.47" + "version": "master" }, { "source": { @@ -35,7 +35,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "release-0.47", + "version": "master", "name": "prometheus-operator-mixin" }, { @@ -45,7 +45,7 @@ "subdir": "" } }, - "version": "release-0.8" + "version": "master" }, { "source": { @@ -54,7 +54,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "release-2.0" + "version": "master" }, { "source": { @@ -63,7 +63,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "release-2.0" + "version": "master" }, { "source": { @@ -72,7 +72,7 @@ "subdir": "docs/node-mixin" } }, - "version": "release-1.1" + "version": "master" }, { "source": { @@ -81,7 +81,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "release-2.26", + "version": "main", "name": "prometheus" }, { @@ -91,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "99f64e944b1043c790784cf5373c8fb349816fc4", + "version": "master", "name": "alertmanager" }, { @@ -101,7 +101,7 @@ "subdir": "mixin" } }, - "version": "release-0.19", + "version": "main", "name": "thanos-mixin" } ], diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index b9304a99..a7b5053d 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "57a092b45d0eae6c9e600e62513ffcd2f1f25a92", + "version": "7a7b668edb7ea4087fab00c3b3392202584b5fcf", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "daad85cf3fad3580e58029414630e29956aefe21", - "sum": "zkOBVXtNSGlOdbm5TRCbEik7c/Jk+btbJqaE9qW8j3Y=" + "version": "3082bfca110166cd69533fa3c0875fdb1b68c329", + "sum": "4/sUV0Kk+o8I+wlYxL9R6EPhL/NiLfYHk+NXlU64RUk=" }, { "source": { @@ -38,20 +38,9 @@ "subdir": "grafana-builder" } }, - "version": "89299b1c5e93952622801795353d496fb337f44e", + "version": "ab47cabd71f0318fbda8efbbce0b4af074970a4e", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, - { - "source": { - "git": { - "remote": "https://github.com/ksonnet/ksonnet-lib.git", - "subdir": "" - } - }, - "version": "0d2f82676817bbf9e4acf6495b2090205f323b9f", - "sum": "h28BXZ7+vczxYJ2sCt8JuR9+yznRtU/iA6DCpQUrtEg=", - "name": "ksonnet" - }, { "source": { "git": { @@ -59,8 +48,8 @@ "subdir": "" } }, - "version": "ec3e85f45b5691d54a02ab38ed654c3c9f736fe5", - "sum": "6KgRTpd101espi7a7CDpkqN0yaIPmENxxlAXqGcCWhk=" + "version": "faf65d6fe38b2fd279b60e2f0581b2d0cb878d01", + "sum": "qDZhql8zB/4DNjniC5N8s26YcnYj6oZ6PBWTCUjB2t4=" }, { "source": { @@ -69,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "faa0561a823cbd3b726aaefffcf6ee317547041a", + "version": "faf65d6fe38b2fd279b60e2f0581b2d0cb878d01", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -79,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "93255df07113f87dcdec0726b4f4db4e6344df26", + "version": "c36d9c6adca9b61b33398f6bcf06122564da2f95", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -89,8 +78,8 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "93255df07113f87dcdec0726b4f4db4e6344df26", - "sum": "Yf8mNAHrV1YWzrdV8Ry5dJ8YblepTGw3C0Zp10XIYLo=" + "version": "c36d9c6adca9b61b33398f6bcf06122564da2f95", + "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { "source": { @@ -99,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "a4f5928b074e75addb76a27c5ebfe78314fcd6d1", + "version": "e5797e3d1c7fe50b99d9b8e8006ad0416820b5c9", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -110,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "64d466d7730165c0d260f187e2e9742bc0295bf2", - "sum": "MRwyChXdKG3anL2OWpbUu3qWc97w9J6YsjUWjLFQyB0=" + "version": "e5797e3d1c7fe50b99d9b8e8006ad0416820b5c9", + "sum": "1bEFcCwj8VP9lh1GG76M+uHc0975rolxA4YezwXaiwk=" }, { "source": { @@ -120,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "99f64e944b1043c790784cf5373c8fb349816fc4", + "version": "7301451eb94d2081fb740abf29755861dd122c65", "sum": "V8jcZQ1Qrlm7AQ6wjbuQQsacPb0NvrcZovKyplmzW5w=", "name": "alertmanager" }, @@ -131,8 +120,8 @@ "subdir": "docs/node-mixin" } }, - "version": "46cdf618c9419ea62dd1a87331def97a0f18c837", - "sum": "sxI7cBEy34JSbB0gHy9xC/ErtFsRzl9eJPsWVqd+XSY=" + "version": "220aa5b8893c599c624bbdba2f59ac1ed473a4ff", + "sum": "os3VfjBdFdDaTYzI+A/RahIhQcgQ7KoaLL68s1kiCbA=" }, { "source": { @@ -141,8 +130,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "3cafc58827d1ebd1a67749f88be4218f0bab3d8d", - "sum": "VK0c3sQ3ksiM6JQsAVfWmL5NbzGv9llMfXFNXfFdJ+A=", + "version": "ef584a9df6b4d5b360aa99ddee605b9b92f5ad45", + "sum": "Va7tcAcpgjCQjFoChBUlseoPoqQoo4mGoT70Kebep9Q=", "name": "prometheus" }, { @@ -152,8 +141,8 @@ "subdir": "mixin" } }, - "version": "ba6c5c4726ff52807c7383c68f2159b1af7980bb", - "sum": "XP3uq7xcfKHsnWsz1v992csZhhZR3jQma6hFOfSViTs=", + "version": "4e74c4ba0b6c2b4c34b5ca9cabd14e1a70232902", + "sum": "saJz+8pxFRq4oS8H5fckUOBETHYcOdoFzFtgueoRQcU=", "name": "thanos-mixin" }, { From ce7e86b93a9e57dbcaca9977777dbad78fb2ad49 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 25 May 2021 16:03:39 +0200 Subject: [PATCH 275/388] jsonnet/kube-prometheus: fix usage of latest thanos mixin --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index eb8f7561..d537f3bc 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -53,8 +53,10 @@ function(params) { (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') + ( if p._config.thanos != {} then (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { + targetGroups: {}, sidecar: { selector: p._config.mixin._config.thanosSelector, + dimensions: std.join(', ', ['job', 'instance']), }, } else {} From 888443e447cc0dd6b131da21e0103e6ade29e842 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 25 May 2021 16:03:49 +0200 Subject: [PATCH 276/388] manifests: regenerate --- manifests/grafana-dashboardDefinitions.yaml | 2628 +++++++++++------ manifests/grafana-deployment.yaml | 6 - .../kube-state-metrics-prometheusRule.yaml | 23 + manifests/kubernetes-prometheusRule.yaml | 236 +- manifests/prometheus-prometheusRule.yaml | 10 + .../setup/prometheus-operator-deployment.yaml | 2 + 6 files changed, 1841 insertions(+), 1064 deletions(-) diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 2ab0f97b..267433db 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -7199,6 +7199,496 @@ items: "showTitle": true, "title": "Rate of Packets Dropped", "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 21, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", + "titleSize": "h6" } ], "schemaVersion": 14, @@ -7535,7 +8025,7 @@ items: "thresholds": "70,80", "timeFrom": null, "timeShift": null, - "title": "Memory Utilization (from requests)", + "title": "Memory Utilisation (from requests)", "tooltip": { "shared": false, "sort": 0, @@ -9415,6 +9905,496 @@ items: "showTitle": true, "title": "Rate of Packets Dropped", "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", + "titleSize": "h6" } ], "schemaVersion": 14, @@ -11123,7 +12103,7 @@ items: ], "timeFrom": null, "timeShift": null, - "title": "Memory Usage", + "title": "Memory Usage (WSS)", "tooltip": { "shared": false, "sort": 0, @@ -11214,7 +12194,7 @@ items: "type": "hidden" }, { - "alias": "Memory Usage", + "alias": "Memory Usage (WSS)", "colorMode": null, "colors": [ @@ -12080,6 +13060,697 @@ items: "showTitle": true, "title": "Rate of Packets Dropped", "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Reads", + "legendLink": null, + "step": 10 + }, + { + "expr": "ceil(sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Writes", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Reads", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Writes", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution(Pod - Read & Writes)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{container}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{container}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution(Containers)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", + "titleSize": "h6" } ], "schemaVersion": 14, @@ -16436,7 +18107,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "sum(up{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})", + "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -16444,7 +18115,7 @@ items: } ], "thresholds": "", - "title": "Up", + "title": "Running Kubelets", "tooltip": { "shared": false }, @@ -24054,9 +25725,8 @@ items: "steppedLine": false, "targets": [ { - "expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", + "expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__rate_interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", "format": "time_series", - "interval": "$__rate_interval", "intervalFactor": 5, "legendFormat": "{{cpu}}", "refId": "A" @@ -24490,25 +26160,22 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])", "format": "time_series", - "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}} read", "refId": "A" }, { - "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])", "format": "time_series", - "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}} written", "refId": "B" }, { - "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])", "format": "time_series", - "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}} io time", "refId": "C" @@ -24720,9 +26387,8 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", + "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval])", "format": "time_series", - "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}}", "refId": "A" @@ -24814,9 +26480,8 @@ items: "steppedLine": false, "targets": [ { - "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", + "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval])", "format": "time_series", - "interval": "$__rate_interval", "intervalFactor": 2, "legendFormat": "{{device}}", "refId": "A" @@ -25040,14 +26705,14 @@ items: "steppedLine": false, "targets": [ { - "expr": "(\n sum without(instance, node) (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "Used Space", "refId": "A" }, { - "expr": "sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "Free Space", @@ -25155,7 +26820,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "max without(instance,node) (\n(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", + "expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -25237,14 +26902,14 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", "format": "time_series", "intervalFactor": 1, "legendFormat": "Used inodes", "refId": "A" }, { - "expr": "(\n sum without(instance, node) (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", "format": "time_series", "intervalFactor": 1, "legendFormat": " Free inodes", @@ -25352,7 +27017,7 @@ items: "tableColumn": "", "targets": [ { - "expr": "max without(instance,node) (\nkubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", + "expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "", @@ -31958,923 +33623,6 @@ items: app.kubernetes.io/version: 7.5.4 name: grafana-dashboard-scheduler namespace: monitoring -- apiVersion: v1 - data: - statefulset.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "cores", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 4, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "CPU", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 3, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "GB", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 4, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Memory", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 4, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "Bps", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 4, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Network", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "height": "100px", - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 5, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Desired Replicas", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 6, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Replicas of current version", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 7, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Observed Generation", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 8, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Metadata Generation", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "replicas specified", - "refId": "A" - }, - { - "expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "replicas created", - "refId": "B" - }, - { - "expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "ready", - "refId": "C" - }, - { - "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "replicas of current version", - "refId": "D" - }, - { - "expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "updated", - "refId": "E" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Replicas", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "default", - "value": "default" - }, - "hide": 0, - "label": null, - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kube_statefulset_metadata_generation, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Name", - "multi": false, - "name": "statefulset", - "options": [ - - ], - "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, statefulset)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "UTC", - "title": "Kubernetes / StatefulSets", - "uid": "a31c1f46e6f727cb37c0d731a7245005", - "version": 0 - } - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/component: grafana - app.kubernetes.io/name: grafana - app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 - name: grafana-dashboard-statefulset - namespace: monitoring - apiVersion: v1 data: workload-total.json: |- diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index c69b637b..edb6623e 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -116,9 +116,6 @@ spec: - mountPath: /grafana-dashboard-definitions/0/scheduler name: grafana-dashboard-scheduler readOnly: false - - mountPath: /grafana-dashboard-definitions/0/statefulset - name: grafana-dashboard-statefulset - readOnly: false - mountPath: /grafana-dashboard-definitions/0/workload-total name: grafana-dashboard-workload-total readOnly: false @@ -201,9 +198,6 @@ spec: - configMap: name: grafana-dashboard-scheduler name: grafana-dashboard-scheduler - - configMap: - name: grafana-dashboard-statefulset - name: grafana-dashboard-statefulset - configMap: name: grafana-dashboard-workload-total name: grafana-dashboard-workload-total diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 9b4541f6..824d8132 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -40,3 +40,26 @@ spec: for: 15m labels: severity: critical + - alert: KubeStateMetricsShardingMismatch + annotations: + description: kube-state-metrics pods are running with different --total-shards configuration, some Kubernetes objects may be exposed multiple times or not exposed at all. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricsshardingmismatch + summary: kube-state-metrics sharding is misconfigured. + expr: | + stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) != 0 + for: 15m + labels: + severity: critical + - alert: KubeStateMetricsShardsMissing + annotations: + description: kube-state-metrics shards are missing, some Kubernetes objects are not being exposed. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricsshardsmissing + summary: kube-state-metrics shards are missing. + expr: | + 2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) - 1 + - + sum( 2 ^ max by (shard_ordinal) (kube_state_metrics_shard_ordinal{job="kube-state-metrics"}) ) + != 0 + for: 15m + labels: + severity: critical diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index fda06912..0434a676 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -699,26 +699,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) labels: verb: read record: apiserver_request:burnrate1d @@ -726,26 +726,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) labels: verb: read record: apiserver_request:burnrate1h @@ -753,26 +753,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) labels: verb: read record: apiserver_request:burnrate2h @@ -780,26 +780,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) labels: verb: read record: apiserver_request:burnrate30m @@ -807,26 +807,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) labels: verb: read record: apiserver_request:burnrate3d @@ -834,26 +834,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) labels: verb: read record: apiserver_request:burnrate5m @@ -861,26 +861,26 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h])) - ( ( - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) or vector(0) ) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) + - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) ) ) + # errors - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) labels: verb: read record: apiserver_request:burnrate6h @@ -888,15 +888,15 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) labels: verb: write record: apiserver_request:burnrate1d @@ -904,15 +904,15 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) labels: verb: write record: apiserver_request:burnrate1h @@ -920,15 +920,15 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) labels: verb: write record: apiserver_request:burnrate2h @@ -936,15 +936,15 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) labels: verb: write record: apiserver_request:burnrate30m @@ -952,15 +952,15 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) labels: verb: write record: apiserver_request:burnrate3d @@ -968,15 +968,15 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) labels: verb: write record: apiserver_request:burnrate5m @@ -984,36 +984,36 @@ spec: ( ( # too slow - sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) - - sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h])) ) + - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) ) / - sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) labels: verb: write record: apiserver_request:burnrate6h - expr: | - sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) labels: verb: read record: code_resource:apiserver_request_total:rate5m - expr: | - sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) labels: verb: write record: code_resource:apiserver_request_total:rate5m - expr: | - histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 + histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 labels: quantile: "0.99" verb: read record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile - expr: | - histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0 + histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0 labels: quantile: "0.99" verb: write @@ -1040,56 +1040,56 @@ spec: 1 - ( ( # write too slow - sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) - - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) ) + ( # read too slow - sum(increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) - ( ( - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) or vector(0) ) + - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) ) ) + # errors - sum(code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) + sum by (cluster) (code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) ) / - sum(code:apiserver_request_total:increase30d) + sum by (cluster) (code:apiserver_request_total:increase30d) labels: verb: all record: apiserver_request:availability30d - expr: | 1 - ( - sum(increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) - ( # too slow ( - sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) or vector(0) ) + - sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + - sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) ) + # errors - sum(code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) + sum by (cluster) (code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) ) / - sum(code:apiserver_request_total:increase30d{verb="read"}) + sum by (cluster) (code:apiserver_request_total:increase30d{verb="read"}) labels: verb: read record: apiserver_request:availability30d @@ -1097,16 +1097,16 @@ spec: 1 - ( ( # too slow - sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) - - sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) ) + # errors - sum(code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) + sum by (cluster) (code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) ) / - sum(code:apiserver_request_total:increase30d{verb="write"}) + sum by (cluster) (code:apiserver_request_total:increase30d{verb="write"}) labels: verb: write record: apiserver_request:availability30d @@ -1114,84 +1114,84 @@ spec: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 record: code_verb:apiserver_request_total:increase30d - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) record: code_verb:apiserver_request_total:increase1h - expr: | - sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) + sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) labels: verb: read record: code:apiserver_request_total:increase30d - expr: | - sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) + sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) labels: verb: write record: code:apiserver_request_total:increase30d diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 681219fb..51f857d6 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -211,6 +211,16 @@ spec: for: 15m labels: severity: warning + - alert: PrometheusLabelLimitHit + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because some samples exceeded the configured label_limit, label_name_length_limit or label_value_length_limit. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuslabellimithit + summary: Prometheus has dropped targets because some scrape configs have exceeded the labels limit. + expr: | + increase(prometheus_target_scrape_pool_exceeded_label_limits_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 + for: 15m + labels: + severity: warning - alert: PrometheusErrorSendingAlertsToAnyAlertmanager annotations: description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index 23992a03..a87ecacc 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -17,6 +17,8 @@ spec: app.kubernetes.io/part-of: kube-prometheus template: metadata: + annotations: + kubectl.kubernetes.io/default-container: prometheus-operator labels: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator From e1e367e820e40c939e0af8161be0e52e4e3f6086 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 26 May 2021 12:12:58 +0200 Subject: [PATCH 277/388] .github: enable e2e tests on k8s 1.21 Signed-off-by: paulfantom --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 02e4d1a7..bc8418b5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,7 +4,7 @@ on: - pull_request env: golang-version: '1.15' - kind-version: 'v0.9.0' + kind-version: 'v0.11.0' jobs: generate: runs-on: ${{ matrix.os }} @@ -53,7 +53,7 @@ jobs: matrix: kind-image: - 'kindest/node:v1.20.0' - # - 'kindest/node:v1.21.0' #TODO(paulfantom): enable as soon as image is available + - 'kindest/node:v1.21.1' steps: - uses: actions/checkout@v2 with: From 2fee85eb43d4c996ddc7cc1db2976a8920a779e3 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 26 May 2021 12:31:10 +0200 Subject: [PATCH 278/388] jsonnet: drop storage_operation_errors_total and storage_operation_status_count as those are deprecated in k8s 1.21 --- .../addons/dropping-deprecated-metrics-relabelings.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet index d83368cf..e3e7565b 100644 --- a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet +++ b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet @@ -44,7 +44,7 @@ // Drop all other metrics which are deprecated in kubernetes. { sourceLabels: ['__name__'], - regex: '(admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries)', + regex: '(admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count)', action: 'drop', }, ] From edd0eb639e29de61efcb84747d7ee169ba5bb4b6 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 26 May 2021 12:50:11 +0200 Subject: [PATCH 279/388] manifests: regenerate --- manifests/kubernetes-serviceMonitorApiserver.yaml | 2 +- manifests/kubernetes-serviceMonitorKubeControllerManager.yaml | 2 +- manifests/kubernetes-serviceMonitorKubelet.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/kubernetes-serviceMonitorApiserver.yaml b/manifests/kubernetes-serviceMonitorApiserver.yaml index cc6f079c..7043cb6e 100644 --- a/manifests/kubernetes-serviceMonitorApiserver.yaml +++ b/manifests/kubernetes-serviceMonitorApiserver.yaml @@ -39,7 +39,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries) + regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count) sourceLabels: - __name__ - action: drop diff --git a/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml index fd9eddbf..0b513966 100644 --- a/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml +++ b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml @@ -39,7 +39,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries) + regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count) sourceLabels: - __name__ - action: drop diff --git a/manifests/kubernetes-serviceMonitorKubelet.yaml b/manifests/kubernetes-serviceMonitorKubelet.yaml index dc329395..331139fb 100644 --- a/manifests/kubernetes-serviceMonitorKubelet.yaml +++ b/manifests/kubernetes-serviceMonitorKubelet.yaml @@ -40,7 +40,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries) + regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count) sourceLabels: - __name__ port: https-metrics From 2873857dc7bf638db6aeac24c35875a23b7fbb8e Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 26 May 2021 12:33:00 +0200 Subject: [PATCH 280/388] jsonnet: convert string of deprecated metrics into array --- ...g-deprecated-metrics-relabelings.libsonnet | 91 ++++++++++++++++++- 1 file changed, 90 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet index e3e7565b..58bee14c 100644 --- a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet +++ b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet @@ -44,7 +44,96 @@ // Drop all other metrics which are deprecated in kubernetes. { sourceLabels: ['__name__'], - regex: '(admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count)', + regex: '(' + std.join('|', + [ + 'admission_quota_controller_adds', + 'crd_autoregistration_controller_work_duration', + 'APIServiceOpenAPIAggregationControllerQueue1_adds', + 'AvailableConditionController_retries', + 'crd_openapi_controller_unfinished_work_seconds', + 'APIServiceRegistrationController_retries', + 'admission_quota_controller_longest_running_processor_microseconds', + 'crdEstablishing_longest_running_processor_microseconds', + 'crdEstablishing_unfinished_work_seconds', + 'crd_openapi_controller_adds', + 'crd_autoregistration_controller_retries', + 'crd_finalizer_queue_latency', + 'AvailableConditionController_work_duration', + 'non_structural_schema_condition_controller_depth', + 'crd_autoregistration_controller_unfinished_work_seconds', + 'AvailableConditionController_adds', + 'DiscoveryController_longest_running_processor_microseconds', + 'autoregister_queue_latency', + 'crd_autoregistration_controller_adds', + 'non_structural_schema_condition_controller_work_duration', + 'APIServiceRegistrationController_adds', + 'crd_finalizer_work_duration', + 'crd_naming_condition_controller_unfinished_work_seconds', + 'crd_openapi_controller_longest_running_processor_microseconds', + 'DiscoveryController_adds', + 'crd_autoregistration_controller_longest_running_processor_microseconds', + 'autoregister_unfinished_work_seconds', + 'crd_naming_condition_controller_queue_latency', + 'crd_naming_condition_controller_retries', + 'non_structural_schema_condition_controller_queue_latency', + 'crd_naming_condition_controller_depth', + 'AvailableConditionController_longest_running_processor_microseconds', + 'crdEstablishing_depth', + 'crd_finalizer_longest_running_processor_microseconds', + 'crd_naming_condition_controller_adds', + 'APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds', + 'DiscoveryController_queue_latency', + 'DiscoveryController_unfinished_work_seconds', + 'crd_openapi_controller_depth', + 'APIServiceOpenAPIAggregationControllerQueue1_queue_latency', + 'APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds', + 'DiscoveryController_work_duration', + 'autoregister_adds', + 'crd_autoregistration_controller_queue_latency', + 'crd_finalizer_retries', + 'AvailableConditionController_unfinished_work_seconds', + 'autoregister_longest_running_processor_microseconds', + 'non_structural_schema_condition_controller_unfinished_work_seconds', + 'APIServiceOpenAPIAggregationControllerQueue1_depth', + 'AvailableConditionController_depth', + 'DiscoveryController_retries', + 'admission_quota_controller_depth', + 'crdEstablishing_adds', + 'APIServiceOpenAPIAggregationControllerQueue1_retries', + 'crdEstablishing_queue_latency', + 'non_structural_schema_condition_controller_longest_running_processor_microseconds', + 'autoregister_work_duration', + 'crd_openapi_controller_retries', + 'APIServiceRegistrationController_work_duration', + 'crdEstablishing_work_duration', + 'crd_finalizer_adds', + 'crd_finalizer_depth', + 'crd_openapi_controller_queue_latency', + 'APIServiceOpenAPIAggregationControllerQueue1_work_duration', + 'APIServiceRegistrationController_queue_latency', + 'crd_autoregistration_controller_depth', + 'AvailableConditionController_queue_latency', + 'admission_quota_controller_queue_latency', + 'crd_naming_condition_controller_work_duration', + 'crd_openapi_controller_work_duration', + 'DiscoveryController_depth', + 'crd_naming_condition_controller_longest_running_processor_microseconds', + 'APIServiceRegistrationController_depth', + 'APIServiceRegistrationController_longest_running_processor_microseconds', + 'crd_finalizer_unfinished_work_seconds', + 'crdEstablishing_retries', + 'admission_quota_controller_unfinished_work_seconds', + 'non_structural_schema_condition_controller_adds', + 'APIServiceRegistrationController_unfinished_work_seconds', + 'admission_quota_controller_work_duration', + 'autoregister_depth', + 'autoregister_retries', + 'kubeproxy_sync_proxy_rules_latency_microseconds', + 'rest_client_request_latency_seconds', + 'non_structural_schema_condition_controller_retries', + 'storage_operation_errors_total', + 'storage_operation_status_count' + ]) + ')', action: 'drop', }, ] From 039d4a1e48743140a945296087fef742e83225f3 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 26 May 2021 12:36:10 +0200 Subject: [PATCH 281/388] jsonnet: sort list of dropped metrics --- ...g-deprecated-metrics-relabelings.libsonnet | 178 +++++++++--------- 1 file changed, 89 insertions(+), 89 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet index 58bee14c..39eba122 100644 --- a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet +++ b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet @@ -45,95 +45,95 @@ { sourceLabels: ['__name__'], regex: '(' + std.join('|', - [ - 'admission_quota_controller_adds', - 'crd_autoregistration_controller_work_duration', - 'APIServiceOpenAPIAggregationControllerQueue1_adds', - 'AvailableConditionController_retries', - 'crd_openapi_controller_unfinished_work_seconds', - 'APIServiceRegistrationController_retries', - 'admission_quota_controller_longest_running_processor_microseconds', - 'crdEstablishing_longest_running_processor_microseconds', - 'crdEstablishing_unfinished_work_seconds', - 'crd_openapi_controller_adds', - 'crd_autoregistration_controller_retries', - 'crd_finalizer_queue_latency', - 'AvailableConditionController_work_duration', - 'non_structural_schema_condition_controller_depth', - 'crd_autoregistration_controller_unfinished_work_seconds', - 'AvailableConditionController_adds', - 'DiscoveryController_longest_running_processor_microseconds', - 'autoregister_queue_latency', - 'crd_autoregistration_controller_adds', - 'non_structural_schema_condition_controller_work_duration', - 'APIServiceRegistrationController_adds', - 'crd_finalizer_work_duration', - 'crd_naming_condition_controller_unfinished_work_seconds', - 'crd_openapi_controller_longest_running_processor_microseconds', - 'DiscoveryController_adds', - 'crd_autoregistration_controller_longest_running_processor_microseconds', - 'autoregister_unfinished_work_seconds', - 'crd_naming_condition_controller_queue_latency', - 'crd_naming_condition_controller_retries', - 'non_structural_schema_condition_controller_queue_latency', - 'crd_naming_condition_controller_depth', - 'AvailableConditionController_longest_running_processor_microseconds', - 'crdEstablishing_depth', - 'crd_finalizer_longest_running_processor_microseconds', - 'crd_naming_condition_controller_adds', - 'APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds', - 'DiscoveryController_queue_latency', - 'DiscoveryController_unfinished_work_seconds', - 'crd_openapi_controller_depth', - 'APIServiceOpenAPIAggregationControllerQueue1_queue_latency', - 'APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds', - 'DiscoveryController_work_duration', - 'autoregister_adds', - 'crd_autoregistration_controller_queue_latency', - 'crd_finalizer_retries', - 'AvailableConditionController_unfinished_work_seconds', - 'autoregister_longest_running_processor_microseconds', - 'non_structural_schema_condition_controller_unfinished_work_seconds', - 'APIServiceOpenAPIAggregationControllerQueue1_depth', - 'AvailableConditionController_depth', - 'DiscoveryController_retries', - 'admission_quota_controller_depth', - 'crdEstablishing_adds', - 'APIServiceOpenAPIAggregationControllerQueue1_retries', - 'crdEstablishing_queue_latency', - 'non_structural_schema_condition_controller_longest_running_processor_microseconds', - 'autoregister_work_duration', - 'crd_openapi_controller_retries', - 'APIServiceRegistrationController_work_duration', - 'crdEstablishing_work_duration', - 'crd_finalizer_adds', - 'crd_finalizer_depth', - 'crd_openapi_controller_queue_latency', - 'APIServiceOpenAPIAggregationControllerQueue1_work_duration', - 'APIServiceRegistrationController_queue_latency', - 'crd_autoregistration_controller_depth', - 'AvailableConditionController_queue_latency', - 'admission_quota_controller_queue_latency', - 'crd_naming_condition_controller_work_duration', - 'crd_openapi_controller_work_duration', - 'DiscoveryController_depth', - 'crd_naming_condition_controller_longest_running_processor_microseconds', - 'APIServiceRegistrationController_depth', - 'APIServiceRegistrationController_longest_running_processor_microseconds', - 'crd_finalizer_unfinished_work_seconds', - 'crdEstablishing_retries', - 'admission_quota_controller_unfinished_work_seconds', - 'non_structural_schema_condition_controller_adds', - 'APIServiceRegistrationController_unfinished_work_seconds', - 'admission_quota_controller_work_duration', - 'autoregister_depth', - 'autoregister_retries', - 'kubeproxy_sync_proxy_rules_latency_microseconds', - 'rest_client_request_latency_seconds', - 'non_structural_schema_condition_controller_retries', - 'storage_operation_errors_total', - 'storage_operation_status_count' - ]) + ')', + [ + 'admission_quota_controller_adds', + 'admission_quota_controller_depth', + 'admission_quota_controller_longest_running_processor_microseconds', + 'admission_quota_controller_queue_latency', + 'admission_quota_controller_unfinished_work_seconds', + 'admission_quota_controller_work_duration', + 'APIServiceOpenAPIAggregationControllerQueue1_adds', + 'APIServiceOpenAPIAggregationControllerQueue1_depth', + 'APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds', + 'APIServiceOpenAPIAggregationControllerQueue1_queue_latency', + 'APIServiceOpenAPIAggregationControllerQueue1_retries', + 'APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds', + 'APIServiceOpenAPIAggregationControllerQueue1_work_duration', + 'APIServiceRegistrationController_adds', + 'APIServiceRegistrationController_depth', + 'APIServiceRegistrationController_longest_running_processor_microseconds', + 'APIServiceRegistrationController_queue_latency', + 'APIServiceRegistrationController_retries', + 'APIServiceRegistrationController_unfinished_work_seconds', + 'APIServiceRegistrationController_work_duration', + 'autoregister_adds', + 'autoregister_depth', + 'autoregister_longest_running_processor_microseconds', + 'autoregister_queue_latency', + 'autoregister_retries', + 'autoregister_unfinished_work_seconds', + 'autoregister_work_duration', + 'AvailableConditionController_adds', + 'AvailableConditionController_depth', + 'AvailableConditionController_longest_running_processor_microseconds', + 'AvailableConditionController_queue_latency', + 'AvailableConditionController_retries', + 'AvailableConditionController_unfinished_work_seconds', + 'AvailableConditionController_work_duration', + 'crd_autoregistration_controller_adds', + 'crd_autoregistration_controller_depth', + 'crd_autoregistration_controller_longest_running_processor_microseconds', + 'crd_autoregistration_controller_queue_latency', + 'crd_autoregistration_controller_retries', + 'crd_autoregistration_controller_unfinished_work_seconds', + 'crd_autoregistration_controller_work_duration', + 'crdEstablishing_adds', + 'crdEstablishing_depth', + 'crdEstablishing_longest_running_processor_microseconds', + 'crdEstablishing_queue_latency', + 'crdEstablishing_retries', + 'crdEstablishing_unfinished_work_seconds', + 'crdEstablishing_work_duration', + 'crd_finalizer_adds', + 'crd_finalizer_depth', + 'crd_finalizer_longest_running_processor_microseconds', + 'crd_finalizer_queue_latency', + 'crd_finalizer_retries', + 'crd_finalizer_unfinished_work_seconds', + 'crd_finalizer_work_duration', + 'crd_naming_condition_controller_adds', + 'crd_naming_condition_controller_depth', + 'crd_naming_condition_controller_longest_running_processor_microseconds', + 'crd_naming_condition_controller_queue_latency', + 'crd_naming_condition_controller_retries', + 'crd_naming_condition_controller_unfinished_work_seconds', + 'crd_naming_condition_controller_work_duration', + 'crd_openapi_controller_adds', + 'crd_openapi_controller_depth', + 'crd_openapi_controller_longest_running_processor_microseconds', + 'crd_openapi_controller_queue_latency', + 'crd_openapi_controller_retries', + 'crd_openapi_controller_unfinished_work_seconds', + 'crd_openapi_controller_work_duration', + 'DiscoveryController_adds', + 'DiscoveryController_depth', + 'DiscoveryController_longest_running_processor_microseconds', + 'DiscoveryController_queue_latency', + 'DiscoveryController_retries', + 'DiscoveryController_unfinished_work_seconds', + 'DiscoveryController_work_duration', + 'kubeproxy_sync_proxy_rules_latency_microseconds', + 'non_structural_schema_condition_controller_adds', + 'non_structural_schema_condition_controller_depth', + 'non_structural_schema_condition_controller_longest_running_processor_microseconds', + 'non_structural_schema_condition_controller_queue_latency', + 'non_structural_schema_condition_controller_retries', + 'non_structural_schema_condition_controller_unfinished_work_seconds', + 'non_structural_schema_condition_controller_work_duration', + 'rest_client_request_latency_seconds', + 'storage_operation_errors_total', + 'storage_operation_status_count', + ]) + ')', action: 'drop', }, ] From b10e0c9690485b7249bdfacc37bff38280e7c041 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 26 May 2021 12:36:29 +0200 Subject: [PATCH 282/388] manifests: regenerate --- manifests/kubernetes-serviceMonitorApiserver.yaml | 2 +- manifests/kubernetes-serviceMonitorKubeControllerManager.yaml | 2 +- manifests/kubernetes-serviceMonitorKubelet.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/kubernetes-serviceMonitorApiserver.yaml b/manifests/kubernetes-serviceMonitorApiserver.yaml index 7043cb6e..58ba773b 100644 --- a/manifests/kubernetes-serviceMonitorApiserver.yaml +++ b/manifests/kubernetes-serviceMonitorApiserver.yaml @@ -39,7 +39,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count) + regex: (admission_quota_controller_adds|admission_quota_controller_depth|admission_quota_controller_longest_running_processor_microseconds|admission_quota_controller_queue_latency|admission_quota_controller_unfinished_work_seconds|admission_quota_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|APIServiceOpenAPIAggregationControllerQueue1_depth|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_retries|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_adds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|APIServiceRegistrationController_queue_latency|APIServiceRegistrationController_retries|APIServiceRegistrationController_unfinished_work_seconds|APIServiceRegistrationController_work_duration|autoregister_adds|autoregister_depth|autoregister_longest_running_processor_microseconds|autoregister_queue_latency|autoregister_retries|autoregister_unfinished_work_seconds|autoregister_work_duration|AvailableConditionController_adds|AvailableConditionController_depth|AvailableConditionController_longest_running_processor_microseconds|AvailableConditionController_queue_latency|AvailableConditionController_retries|AvailableConditionController_unfinished_work_seconds|AvailableConditionController_work_duration|crd_autoregistration_controller_adds|crd_autoregistration_controller_depth|crd_autoregistration_controller_longest_running_processor_microseconds|crd_autoregistration_controller_queue_latency|crd_autoregistration_controller_retries|crd_autoregistration_controller_unfinished_work_seconds|crd_autoregistration_controller_work_duration|crdEstablishing_adds|crdEstablishing_depth|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_queue_latency|crdEstablishing_retries|crdEstablishing_unfinished_work_seconds|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_finalizer_longest_running_processor_microseconds|crd_finalizer_queue_latency|crd_finalizer_retries|crd_finalizer_unfinished_work_seconds|crd_finalizer_work_duration|crd_naming_condition_controller_adds|crd_naming_condition_controller_depth|crd_naming_condition_controller_longest_running_processor_microseconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|crd_naming_condition_controller_unfinished_work_seconds|crd_naming_condition_controller_work_duration|crd_openapi_controller_adds|crd_openapi_controller_depth|crd_openapi_controller_longest_running_processor_microseconds|crd_openapi_controller_queue_latency|crd_openapi_controller_retries|crd_openapi_controller_unfinished_work_seconds|crd_openapi_controller_work_duration|DiscoveryController_adds|DiscoveryController_depth|DiscoveryController_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_retries|DiscoveryController_unfinished_work_seconds|DiscoveryController_work_duration|kubeproxy_sync_proxy_rules_latency_microseconds|non_structural_schema_condition_controller_adds|non_structural_schema_condition_controller_depth|non_structural_schema_condition_controller_longest_running_processor_microseconds|non_structural_schema_condition_controller_queue_latency|non_structural_schema_condition_controller_retries|non_structural_schema_condition_controller_unfinished_work_seconds|non_structural_schema_condition_controller_work_duration|rest_client_request_latency_seconds|storage_operation_errors_total|storage_operation_status_count) sourceLabels: - __name__ - action: drop diff --git a/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml index 0b513966..dadc9a26 100644 --- a/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml +++ b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml @@ -39,7 +39,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count) + regex: (admission_quota_controller_adds|admission_quota_controller_depth|admission_quota_controller_longest_running_processor_microseconds|admission_quota_controller_queue_latency|admission_quota_controller_unfinished_work_seconds|admission_quota_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|APIServiceOpenAPIAggregationControllerQueue1_depth|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_retries|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_adds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|APIServiceRegistrationController_queue_latency|APIServiceRegistrationController_retries|APIServiceRegistrationController_unfinished_work_seconds|APIServiceRegistrationController_work_duration|autoregister_adds|autoregister_depth|autoregister_longest_running_processor_microseconds|autoregister_queue_latency|autoregister_retries|autoregister_unfinished_work_seconds|autoregister_work_duration|AvailableConditionController_adds|AvailableConditionController_depth|AvailableConditionController_longest_running_processor_microseconds|AvailableConditionController_queue_latency|AvailableConditionController_retries|AvailableConditionController_unfinished_work_seconds|AvailableConditionController_work_duration|crd_autoregistration_controller_adds|crd_autoregistration_controller_depth|crd_autoregistration_controller_longest_running_processor_microseconds|crd_autoregistration_controller_queue_latency|crd_autoregistration_controller_retries|crd_autoregistration_controller_unfinished_work_seconds|crd_autoregistration_controller_work_duration|crdEstablishing_adds|crdEstablishing_depth|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_queue_latency|crdEstablishing_retries|crdEstablishing_unfinished_work_seconds|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_finalizer_longest_running_processor_microseconds|crd_finalizer_queue_latency|crd_finalizer_retries|crd_finalizer_unfinished_work_seconds|crd_finalizer_work_duration|crd_naming_condition_controller_adds|crd_naming_condition_controller_depth|crd_naming_condition_controller_longest_running_processor_microseconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|crd_naming_condition_controller_unfinished_work_seconds|crd_naming_condition_controller_work_duration|crd_openapi_controller_adds|crd_openapi_controller_depth|crd_openapi_controller_longest_running_processor_microseconds|crd_openapi_controller_queue_latency|crd_openapi_controller_retries|crd_openapi_controller_unfinished_work_seconds|crd_openapi_controller_work_duration|DiscoveryController_adds|DiscoveryController_depth|DiscoveryController_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_retries|DiscoveryController_unfinished_work_seconds|DiscoveryController_work_duration|kubeproxy_sync_proxy_rules_latency_microseconds|non_structural_schema_condition_controller_adds|non_structural_schema_condition_controller_depth|non_structural_schema_condition_controller_longest_running_processor_microseconds|non_structural_schema_condition_controller_queue_latency|non_structural_schema_condition_controller_retries|non_structural_schema_condition_controller_unfinished_work_seconds|non_structural_schema_condition_controller_work_duration|rest_client_request_latency_seconds|storage_operation_errors_total|storage_operation_status_count) sourceLabels: - __name__ - action: drop diff --git a/manifests/kubernetes-serviceMonitorKubelet.yaml b/manifests/kubernetes-serviceMonitorKubelet.yaml index 331139fb..9e3ec0d5 100644 --- a/manifests/kubernetes-serviceMonitorKubelet.yaml +++ b/manifests/kubernetes-serviceMonitorKubelet.yaml @@ -40,7 +40,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: (admission_quota_controller_adds|crd_autoregistration_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|AvailableConditionController_retries|crd_openapi_controller_unfinished_work_seconds|APIServiceRegistrationController_retries|admission_quota_controller_longest_running_processor_microseconds|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_unfinished_work_seconds|crd_openapi_controller_adds|crd_autoregistration_controller_retries|crd_finalizer_queue_latency|AvailableConditionController_work_duration|non_structural_schema_condition_controller_depth|crd_autoregistration_controller_unfinished_work_seconds|AvailableConditionController_adds|DiscoveryController_longest_running_processor_microseconds|autoregister_queue_latency|crd_autoregistration_controller_adds|non_structural_schema_condition_controller_work_duration|APIServiceRegistrationController_adds|crd_finalizer_work_duration|crd_naming_condition_controller_unfinished_work_seconds|crd_openapi_controller_longest_running_processor_microseconds|DiscoveryController_adds|crd_autoregistration_controller_longest_running_processor_microseconds|autoregister_unfinished_work_seconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|non_structural_schema_condition_controller_queue_latency|crd_naming_condition_controller_depth|AvailableConditionController_longest_running_processor_microseconds|crdEstablishing_depth|crd_finalizer_longest_running_processor_microseconds|crd_naming_condition_controller_adds|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_unfinished_work_seconds|crd_openapi_controller_depth|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|DiscoveryController_work_duration|autoregister_adds|crd_autoregistration_controller_queue_latency|crd_finalizer_retries|AvailableConditionController_unfinished_work_seconds|autoregister_longest_running_processor_microseconds|non_structural_schema_condition_controller_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_depth|AvailableConditionController_depth|DiscoveryController_retries|admission_quota_controller_depth|crdEstablishing_adds|APIServiceOpenAPIAggregationControllerQueue1_retries|crdEstablishing_queue_latency|non_structural_schema_condition_controller_longest_running_processor_microseconds|autoregister_work_duration|crd_openapi_controller_retries|APIServiceRegistrationController_work_duration|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_openapi_controller_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_queue_latency|crd_autoregistration_controller_depth|AvailableConditionController_queue_latency|admission_quota_controller_queue_latency|crd_naming_condition_controller_work_duration|crd_openapi_controller_work_duration|DiscoveryController_depth|crd_naming_condition_controller_longest_running_processor_microseconds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|crd_finalizer_unfinished_work_seconds|crdEstablishing_retries|admission_quota_controller_unfinished_work_seconds|non_structural_schema_condition_controller_adds|APIServiceRegistrationController_unfinished_work_seconds|admission_quota_controller_work_duration|autoregister_depth|autoregister_retries|kubeproxy_sync_proxy_rules_latency_microseconds|rest_client_request_latency_seconds|non_structural_schema_condition_controller_retries|storage_operation_errors_total|storage_operation_status_count) + regex: (admission_quota_controller_adds|admission_quota_controller_depth|admission_quota_controller_longest_running_processor_microseconds|admission_quota_controller_queue_latency|admission_quota_controller_unfinished_work_seconds|admission_quota_controller_work_duration|APIServiceOpenAPIAggregationControllerQueue1_adds|APIServiceOpenAPIAggregationControllerQueue1_depth|APIServiceOpenAPIAggregationControllerQueue1_longest_running_processor_microseconds|APIServiceOpenAPIAggregationControllerQueue1_queue_latency|APIServiceOpenAPIAggregationControllerQueue1_retries|APIServiceOpenAPIAggregationControllerQueue1_unfinished_work_seconds|APIServiceOpenAPIAggregationControllerQueue1_work_duration|APIServiceRegistrationController_adds|APIServiceRegistrationController_depth|APIServiceRegistrationController_longest_running_processor_microseconds|APIServiceRegistrationController_queue_latency|APIServiceRegistrationController_retries|APIServiceRegistrationController_unfinished_work_seconds|APIServiceRegistrationController_work_duration|autoregister_adds|autoregister_depth|autoregister_longest_running_processor_microseconds|autoregister_queue_latency|autoregister_retries|autoregister_unfinished_work_seconds|autoregister_work_duration|AvailableConditionController_adds|AvailableConditionController_depth|AvailableConditionController_longest_running_processor_microseconds|AvailableConditionController_queue_latency|AvailableConditionController_retries|AvailableConditionController_unfinished_work_seconds|AvailableConditionController_work_duration|crd_autoregistration_controller_adds|crd_autoregistration_controller_depth|crd_autoregistration_controller_longest_running_processor_microseconds|crd_autoregistration_controller_queue_latency|crd_autoregistration_controller_retries|crd_autoregistration_controller_unfinished_work_seconds|crd_autoregistration_controller_work_duration|crdEstablishing_adds|crdEstablishing_depth|crdEstablishing_longest_running_processor_microseconds|crdEstablishing_queue_latency|crdEstablishing_retries|crdEstablishing_unfinished_work_seconds|crdEstablishing_work_duration|crd_finalizer_adds|crd_finalizer_depth|crd_finalizer_longest_running_processor_microseconds|crd_finalizer_queue_latency|crd_finalizer_retries|crd_finalizer_unfinished_work_seconds|crd_finalizer_work_duration|crd_naming_condition_controller_adds|crd_naming_condition_controller_depth|crd_naming_condition_controller_longest_running_processor_microseconds|crd_naming_condition_controller_queue_latency|crd_naming_condition_controller_retries|crd_naming_condition_controller_unfinished_work_seconds|crd_naming_condition_controller_work_duration|crd_openapi_controller_adds|crd_openapi_controller_depth|crd_openapi_controller_longest_running_processor_microseconds|crd_openapi_controller_queue_latency|crd_openapi_controller_retries|crd_openapi_controller_unfinished_work_seconds|crd_openapi_controller_work_duration|DiscoveryController_adds|DiscoveryController_depth|DiscoveryController_longest_running_processor_microseconds|DiscoveryController_queue_latency|DiscoveryController_retries|DiscoveryController_unfinished_work_seconds|DiscoveryController_work_duration|kubeproxy_sync_proxy_rules_latency_microseconds|non_structural_schema_condition_controller_adds|non_structural_schema_condition_controller_depth|non_structural_schema_condition_controller_longest_running_processor_microseconds|non_structural_schema_condition_controller_queue_latency|non_structural_schema_condition_controller_retries|non_structural_schema_condition_controller_unfinished_work_seconds|non_structural_schema_condition_controller_work_duration|rest_client_request_latency_seconds|storage_operation_errors_total|storage_operation_status_count) sourceLabels: - __name__ port: https-metrics From 9b65a6ddcec19ddbb4f55f6a8b780c6beb772697 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 27 May 2021 12:16:24 +0200 Subject: [PATCH 283/388] .github: re-enable automatic version upgrader Signed-off-by: paulfantom --- .github/workflows/versions.yaml | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/versions.yaml diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml new file mode 100644 index 00000000..7bfb67f2 --- /dev/null +++ b/.github/workflows/versions.yaml @@ -0,0 +1,35 @@ +name: Upgrade to latest versions + +on: + schedule: + - cron: '37 13 * * *' +jobs: + versions: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: 1.16 + - name: Upgrade versions + run: | + export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} + scripts/generate-versions.sh > jsonnet/kube-prometheus/versions.json + make --always-make generate + - name: Create Pull Request + uses: peter-evans/create-pull-request@v3 + with: + commit-message: "[bot] Automated version update" + title: "[bot] Automated version update" + body: | + This is an automated version update performed from CI on behalf of @paulfantom. + + Configuration of the workflow is located in `.github/workflows/versions.yaml` + team-reviewers: kube-prometheus-reviewers + labels: kind/enhancement + branch: automated-updates + delete-branch: true + # GITHUB_TOKEN cannot be used as it won't trigger CI in a created PR + # More in https://github.com/peter-evans/create-pull-request/issues/155 + # TODO(paulfantom) Consider running this from a special bot account. + token: ${{ secrets.PAT }} From 228f8ffdadc6996f01fc12f246dfb7211eea1833 Mon Sep 17 00:00:00 2001 From: Prem Saraswat Date: Sun, 2 May 2021 19:14:44 +0530 Subject: [PATCH 284/388] Add support for feature-flags in Prometheus --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index d537f3bc..3c0e6bfc 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -12,6 +12,7 @@ local defaults = { namespaces: ['default', 'kube-system', defaults.namespace], replicas: 2, externalLabels: {}, + enableFeatures: [], commonLabels:: { 'app.kubernetes.io/name': 'prometheus', 'app.kubernetes.io/version': defaults.version, @@ -278,6 +279,7 @@ function(params) { labels: p._config.commonLabels, }, externalLabels: p._config.externalLabels, + enableFeatures: p._config.enableFeatures, serviceAccountName: 'prometheus-' + p._config.name, podMonitorSelector: {}, podMonitorNamespaceSelector: {}, From 93282accb73dbbb546fb58dbe7b81488bc6f745b Mon Sep 17 00:00:00 2001 From: Prem Saraswat Date: Sun, 2 May 2021 19:18:50 +0530 Subject: [PATCH 285/388] Generate manifests --- manifests/prometheus-prometheus.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index b466b670..58d462cf 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -16,6 +16,7 @@ spec: name: alertmanager-main namespace: monitoring port: web + enableFeatures: [] externalLabels: {} image: quay.io/prometheus/prometheus:v2.26.0 nodeSelector: From f7baf1599d1d722b87f1c7baf2f963417cff54db Mon Sep 17 00:00:00 2001 From: paulportela Date: Fri, 28 May 2021 17:22:27 -0700 Subject: [PATCH 286/388] Fix adding private repository `imageRepos` field was removed and the project no longer tries to compose image strings. Now the libraries use `$.values.common.images` to override default images. --- jsonnet/kube-prometheus/addons/config-mixins.libsonnet | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/config-mixins.libsonnet b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet index 79f25044..ca2f4468 100644 --- a/jsonnet/kube-prometheus/addons/config-mixins.libsonnet +++ b/jsonnet/kube-prometheus/addons/config-mixins.libsonnet @@ -18,13 +18,15 @@ local imageName(image) = // quay.io/coreos/addon-resizer -> $repository/addon-resizer // grafana/grafana -> grafana $repository/grafana local withImageRepository(repository) = { - local oldRepos = super._config.imageRepos, + local oldRepos = super.values.common.images, local substituteRepository(image, repository) = if repository == null then image else repository + '/' + imageName(image), values+:: { - imageRepos:: { - [field]: substituteRepository(oldRepos[field], repository) - for field in std.objectFields(oldRepos) + common+:: { + images:: { + [field]: substituteRepository(oldRepos[field], repository) + for field in std.objectFields(oldRepos) + }, }, }, }; From e5720038fe638cbbc7d3e75d6fe21b6592f89160 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 31 May 2021 11:02:19 +0200 Subject: [PATCH 287/388] scripts: include kube-rbac-proxy and config-reloader in version upgrades --- scripts/generate-versions.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh index 2daa38bb..c20a1881 100755 --- a/scripts/generate-versions.sh +++ b/scripts/generate-versions.sh @@ -23,9 +23,9 @@ get_current_version() { get_version() { component="${1}" v="$(get_latest_version "${component}")" - + # Advanced AI heurestics to filter out common patterns suggesting new version is not stable /s - if [[ "$v" == *"alpha"* ]] || [[ "$v" == *"beta"* ]] || [[ "$v" == *"rc"* ]] || [[ "$v" == *"helm"* ]]; then + if [[ "$v" == "" ]] || [[ "$v" == *"alpha"* ]] || [[ "$v" == *"beta"* ]] || [[ "$v" == *"rc"* ]] || [[ "$v" == *"helm"* ]]; then component="$(convert_to_camel_case "$(echo "${component}" | sed 's/^.*\///')")" v="$(get_current_version "${component}")" fi @@ -56,6 +56,8 @@ cat <<-EOF "nodeExporter": "$(get_version "prometheus/node_exporter")", "prometheus": "$(get_version "prometheus/prometheus")", "prometheusAdapter": "$(get_version "kubernetes-sigs/prometheus-adapter")", - "prometheusOperator": "$(get_version "prometheus-operator/prometheus-operator")" + "prometheusOperator": "$(get_version "prometheus-operator/prometheus-operator")", + "kubeRbacProxy": "$(get_version "brancz/kube-rbac-proxy")", + "configmapReload": "$(get_version "jimmidyson/configmap-reload")" } EOF From 8bcfb98a1dd2fa5754da84d7af3051c61ab72fc3 Mon Sep 17 00:00:00 2001 From: anarcher Date: Mon, 31 May 2021 18:52:55 +0900 Subject: [PATCH 288/388] feat(grafana): add env parameter for gradana component --- jsonnet/kube-prometheus/components/grafana.libsonnet | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index f45d75f8..cb6cafa5 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -28,6 +28,7 @@ local defaults = { datasources: [], config: {}, plugins: [], + env: [], }; function(params) { @@ -57,6 +58,7 @@ function(params) { containers: g._config.containers, config+: g._config.config, plugins+: g._config.plugins, + env: g._config.env, } + ( // Conditionally overwrite default setting. if std.length(g._config.datasources) > 0 then From 67f710846af5a045055907ff780c8a1bf8c30e24 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 31 May 2021 17:13:35 +0200 Subject: [PATCH 289/388] .github: make version update operation atomic --- .github/workflows/versions.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 7bfb67f2..ed4db648 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -14,7 +14,9 @@ jobs: - name: Upgrade versions run: | export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} - scripts/generate-versions.sh > jsonnet/kube-prometheus/versions.json + # Write to temporary file to make update atomic + scripts/generate-versions.sh > tmp/versions.json + mv tmp/versions.json jsonnet/kube-prometheus/versions.json make --always-make generate - name: Create Pull Request uses: peter-evans/create-pull-request@v3 From d57542eae14bca36c82db080e3db5be6824b2d05 Mon Sep 17 00:00:00 2001 From: Ajit <9692020+a8j8i8t8@users.noreply.github.com> Date: Mon, 31 May 2021 23:08:59 +0200 Subject: [PATCH 290/388] Fix for bug #1163 (#1164) --- jsonnet/kube-prometheus/platforms/kops.libsonnet | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/jsonnet/kube-prometheus/platforms/kops.libsonnet b/jsonnet/kube-prometheus/platforms/kops.libsonnet index 914ffb02..52eac362 100644 --- a/jsonnet/kube-prometheus/platforms/kops.libsonnet +++ b/jsonnet/kube-prometheus/platforms/kops.libsonnet @@ -18,22 +18,22 @@ local service(name, namespace, labels, selector, ports) = { kubeControllerManagerPrometheusDiscoveryService: service( 'kube-controller-manager-prometheus-discovery', 'kube-system', - { 'app.kubernetes.io/name': 'kube-controller-manager' }, - { 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'k8s-app': 'kube-controller-manager', 'app.kubernetes.io/name': 'kube-controller-manager' }, + { 'k8s-app': 'kube-controller-manager' }, [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] ), kubeSchedulerPrometheusDiscoveryService: service( 'kube-scheduler-prometheus-discovery', 'kube-system', - { 'app.kubernetes.io/name': 'kube-scheduler' }, - { 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'k8s-app': 'kube-controller-manager', 'app.kubernetes.io/name': 'kube-scheduler' }, + { 'k8s-app': 'kube-scheduler' }, [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] ), kubeDnsPrometheusDiscoveryService: service( 'kube-dns-prometheus-discovery', 'kube-system', - { 'app.kubernetes.io/name': 'kube-dns' }, - { 'app.kubernetes.io/name': 'kube-dns' }, + { 'k8s-app': 'kube-controller-manager', 'app.kubernetes.io/name': 'kube-dns' }, + { 'k8s-app': 'kube-dns' }, [{ name: 'metrics', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] ), }, From feee269fdb8e4a69eaa081b0a8c470f6ebb5ed07 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 4 May 2021 13:09:22 +0200 Subject: [PATCH 291/388] jsonnet: improve all-namespaces addon Signed-off-by: paulfantom --- .../addons/all-namespaces.libsonnet | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet b/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet index 843c1769..34f83173 100644 --- a/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet +++ b/jsonnet/kube-prometheus/addons/all-namespaces.libsonnet @@ -1,11 +1,22 @@ { prometheus+:: { clusterRole+: { - rules+: [{ - apiGroups: [''], - resources: ['services', 'endpoints', 'pods'], - verbs: ['get', 'list', 'watch'], - }], + rules+: [ + { + apiGroups: [''], + resources: ['services', 'endpoints', 'pods'], + verbs: ['get', 'list', 'watch'], + }, + { + apiGroups: ['networking.k8s.io'], + resources: ['ingresses'], + verbs: ['get', 'list', 'watch'], + }, + ], }, + // There is no need for specific namespaces RBAC as this addon grants + // all required permissions for every namespace + roleBindingSpecificNamespaces:: null, + roleSpecificNamespaces:: null, }, } From d45114c73e46ab21ac492e6b9b1df02cd8af661b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 8 Jun 2021 11:22:20 +0200 Subject: [PATCH 292/388] .github: write temporary file to /tmp --- .github/workflows/versions.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index ed4db648..82944a7e 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -15,8 +15,8 @@ jobs: run: | export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} # Write to temporary file to make update atomic - scripts/generate-versions.sh > tmp/versions.json - mv tmp/versions.json jsonnet/kube-prometheus/versions.json + scripts/generate-versions.sh > /tmp/versions.json + mv /tmp/versions.json jsonnet/kube-prometheus/versions.json make --always-make generate - name: Create Pull Request uses: peter-evans/create-pull-request@v3 From f643955034fa6ad4c3311020abd94f4390dd6dee Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Tue, 8 Jun 2021 18:19:23 +0000 Subject: [PATCH 293/388] Update alertmanager mixin Signed-off-by: ArthurSens --- jsonnet/kube-prometheus/main.libsonnet | 2 +- jsonnetfile.lock.json | 4 +- manifests/grafana-dashboardDefinitions.yaml | 599 ++++++++++++++++++++ manifests/grafana-deployment.yaml | 6 + 4 files changed, 608 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index e1dc0b59..0873e7e8 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -68,7 +68,7 @@ local platformPatch = import './platforms/platforms.libsonnet'; image: $.values.common.images.grafana, prometheusName: $.values.prometheus.name, // TODO(paulfantom) This should be done by iterating over all objects and looking for object.mixin.grafanaDashboards - dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesControlPlane.mixin.grafanaDashboards, + dashboards: $.nodeExporter.mixin.grafanaDashboards + $.prometheus.mixin.grafanaDashboards + $.kubernetesControlPlane.mixin.grafanaDashboards + $.alertmanager.mixin.grafanaDashboards, }, kubeStateMetrics: { namespace: $.values.common.namespace, diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index a7b5053d..f338b752 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -109,8 +109,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "7301451eb94d2081fb740abf29755861dd122c65", - "sum": "V8jcZQ1Qrlm7AQ6wjbuQQsacPb0NvrcZovKyplmzW5w=", + "version": "8598683b2461fb68e1921735c20163c4c784f9b6", + "sum": "YIWuR6x64SRQSCr8tuuGN1cc0TK5HGR0HWvgot3fc6k=", "name": "alertmanager" }, { diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 267433db..de6813ea 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -1,5 +1,604 @@ apiVersion: v1 items: +- apiVersion: v1 + data: + alertmanager-overview.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 1, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "30s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(alertmanager_alerts{namespace=\"$namespace\",service=\"$service\"}) by (namespace,service,instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Alerts", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(alertmanager_alerts_received_total{namespace=\"$namespace\",service=\"$service\"}[5m])) by (namespace,service,instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} Received", + "refId": "A" + }, + { + "expr": "sum(rate(alertmanager_alerts_invalid_total{namespace=\"$namespace\",service=\"$service\"}[5m])) by (namespace,service,instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} Invalid", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Alerts receive rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Alerts", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "integration", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(alertmanager_notifications_total{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (integration,namespace,service,instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} Total", + "refId": "A" + }, + { + "expr": "sum(rate(alertmanager_notifications_failed_total{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (integration,namespace,service,instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} Failed", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "$integration: Notifications Send Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": "integration", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (le,namespace,service,instance)\n) \n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} 99th Percentile", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.50,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (le,namespace,service,instance)\n) \n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} Median", + "refId": "B" + }, + { + "expr": "sum(rate(alertmanager_notification_latency_seconds_sum{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (namespace,service,instance)\n/\nsum(rate(alertmanager_notification_latency_seconds_count{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (namespace,service,instance)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} Average", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "$integration: Notification Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Notifications", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "alertmanager-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(alertmanager_alerts, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "service", + "options": [ + + ], + "query": "label_values(alertmanager_alerts, service)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "all", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": true, + "label": null, + "multi": false, + "name": "integration", + "options": [ + + ], + "query": "label_values(alertmanager_notifications_total{integration=~\".*\"}, integration)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "Alertmanager / Overview", + "uid": "alertmanager-overview", + "version": 0 + } + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 7.5.4 + name: grafana-dashboard-alertmanager-overview + namespace: monitoring - apiVersion: v1 data: apiserver.json: |- diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index edb6623e..c889337b 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -53,6 +53,9 @@ spec: - mountPath: /etc/grafana/provisioning/dashboards name: grafana-dashboards readOnly: false + - mountPath: /grafana-dashboard-definitions/0/alertmanager-overview + name: grafana-dashboard-alertmanager-overview + readOnly: false - mountPath: /grafana-dashboard-definitions/0/apiserver name: grafana-dashboard-apiserver readOnly: false @@ -135,6 +138,9 @@ spec: - configMap: name: grafana-dashboards name: grafana-dashboards + - configMap: + name: grafana-dashboard-alertmanager-overview + name: grafana-dashboard-alertmanager-overview - configMap: name: grafana-dashboard-apiserver name: grafana-dashboard-apiserver From a2cf1acd95a9eaea6cf909ca73b41855296a80b4 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Thu, 10 Jun 2021 13:59:30 +0000 Subject: [PATCH 294/388] [bot] Automated version update --- jsonnet/kube-prometheus/versions.json | 14 +++--- manifests/alertmanager-alertmanager.yaml | 8 ++-- .../alertmanager-podDisruptionBudget.yaml | 2 +- manifests/alertmanager-prometheusRule.yaml | 2 +- manifests/alertmanager-secret.yaml | 2 +- manifests/alertmanager-service.yaml | 2 +- manifests/alertmanager-serviceAccount.yaml | 2 +- manifests/alertmanager-serviceMonitor.yaml | 2 +- .../blackbox-exporter-configuration.yaml | 2 +- manifests/blackbox-exporter-deployment.yaml | 8 ++-- manifests/blackbox-exporter-service.yaml | 2 +- .../blackbox-exporter-serviceMonitor.yaml | 2 +- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 +++++++++---------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- manifests/kube-state-metrics-clusterRole.yaml | 2 +- ...kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 10 ++-- .../kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- .../kube-state-metrics-serviceAccount.yaml | 2 +- .../kube-state-metrics-serviceMonitor.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- .../prometheus-operator-prometheusRule.yaml | 2 +- .../prometheus-operator-serviceMonitor.yaml | 4 +- manifests/prometheus-podDisruptionBudget.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 ++-- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- ...metheus-roleBindingSpecificNamespaces.yaml | 6 +-- manifests/prometheus-roleConfig.yaml | 2 +- .../prometheus-roleSpecificNamespaces.yaml | 6 +-- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 10 ++-- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 45 files changed, 98 insertions(+), 98 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 2a7e6ea0..db3c0697 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,12 +1,12 @@ { - "alertmanager": "0.21.0", - "blackboxExporter": "0.18.0", - "grafana": "7.5.4", - "kubeStateMetrics": "2.0.0", + "alertmanager": "0.22.2", + "blackboxExporter": "0.19.0", + "grafana": "8.0.0", + "kubeStateMetrics": "2.1.0", "nodeExporter": "1.1.2", - "prometheus": "2.26.0", + "prometheus": "2.27.1", "prometheusAdapter": "0.8.4", - "prometheusOperator": "0.47.0", - "kubeRbacProxy": "0.8.0", + "prometheusOperator": "0.48.1", + "kubeRbacProxy": "0.10.0", "configmapReload": "0.5.0" } diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml index f4c02a74..b7f660c9 100644 --- a/manifests/alertmanager-alertmanager.yaml +++ b/manifests/alertmanager-alertmanager.yaml @@ -6,11 +6,11 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 name: main namespace: monitoring spec: - image: quay.io/prometheus/alertmanager:v0.21.0 + image: quay.io/prometheus/alertmanager:v0.22.2 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -18,7 +18,7 @@ spec: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 replicas: 3 resources: limits: @@ -32,4 +32,4 @@ spec: runAsNonRoot: true runAsUser: 1000 serviceAccountName: alertmanager-main - version: 0.21.0 + version: 0.22.2 diff --git a/manifests/alertmanager-podDisruptionBudget.yaml b/manifests/alertmanager-podDisruptionBudget.yaml index 2dd13244..4454aba3 100644 --- a/manifests/alertmanager-podDisruptionBudget.yaml +++ b/manifests/alertmanager-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 name: alertmanager-main namespace: monitoring spec: diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index ac8855a4..83eee474 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 prometheus: k8s role: alert-rules name: alertmanager-main-rules diff --git a/manifests/alertmanager-secret.yaml b/manifests/alertmanager-secret.yaml index c6ffb204..0248756a 100644 --- a/manifests/alertmanager-secret.yaml +++ b/manifests/alertmanager-secret.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 name: alertmanager-main namespace: monitoring stringData: diff --git a/manifests/alertmanager-service.yaml b/manifests/alertmanager-service.yaml index 8c611f9f..733ab5e0 100644 --- a/manifests/alertmanager-service.yaml +++ b/manifests/alertmanager-service.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 name: alertmanager-main namespace: monitoring spec: diff --git a/manifests/alertmanager-serviceAccount.yaml b/manifests/alertmanager-serviceAccount.yaml index 5a645515..07cccc9f 100644 --- a/manifests/alertmanager-serviceAccount.yaml +++ b/manifests/alertmanager-serviceAccount.yaml @@ -6,6 +6,6 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 name: alertmanager-main namespace: monitoring diff --git a/manifests/alertmanager-serviceMonitor.yaml b/manifests/alertmanager-serviceMonitor.yaml index 6ff45705..c889ae86 100644 --- a/manifests/alertmanager-serviceMonitor.yaml +++ b/manifests/alertmanager-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.21.0 + app.kubernetes.io/version: 0.22.2 name: alertmanager namespace: monitoring spec: diff --git a/manifests/blackbox-exporter-configuration.yaml b/manifests/blackbox-exporter-configuration.yaml index 0f5b03eb..35bfad12 100644 --- a/manifests/blackbox-exporter-configuration.yaml +++ b/manifests/blackbox-exporter-configuration.yaml @@ -46,6 +46,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.18.0 + app.kubernetes.io/version: 0.19.0 name: blackbox-exporter-configuration namespace: monitoring diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index 8f895846..3056073c 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.18.0 + app.kubernetes.io/version: 0.19.0 name: blackbox-exporter namespace: monitoring spec: @@ -23,13 +23,13 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.18.0 + app.kubernetes.io/version: 0.19.0 spec: containers: - args: - --config.file=/etc/blackbox_exporter/config.yml - --web.listen-address=:19115 - image: quay.io/prometheus/blackbox-exporter:v0.18.0 + image: quay.io/prometheus/blackbox-exporter:v0.19.0 name: blackbox-exporter ports: - containerPort: 19115 @@ -74,7 +74,7 @@ spec: - --secure-listen-address=:9115 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:19115/ - image: quay.io/brancz/kube-rbac-proxy:v0.8.0 + image: quay.io/brancz/kube-rbac-proxy:v0.10.0 name: kube-rbac-proxy ports: - containerPort: 9115 diff --git a/manifests/blackbox-exporter-service.yaml b/manifests/blackbox-exporter-service.yaml index 8b568e27..58ffb394 100644 --- a/manifests/blackbox-exporter-service.yaml +++ b/manifests/blackbox-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.18.0 + app.kubernetes.io/version: 0.19.0 name: blackbox-exporter namespace: monitoring spec: diff --git a/manifests/blackbox-exporter-serviceMonitor.yaml b/manifests/blackbox-exporter-serviceMonitor.yaml index ab7b5038..d7c05825 100644 --- a/manifests/blackbox-exporter-serviceMonitor.yaml +++ b/manifests/blackbox-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.18.0 + app.kubernetes.io/version: 0.19.0 name: blackbox-exporter namespace: monitoring spec: diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 8d8e8b19..a764a04e 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index de6813ea..1ec8b184 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -21135,7 +21135,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22588,7 +22588,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24313,7 +24313,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -25266,7 +25266,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26246,7 +26246,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -27226,7 +27226,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27792,7 +27792,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -29009,7 +29009,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30668,7 +30668,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31884,7 +31884,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -33130,7 +33130,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -34219,7 +34219,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35646,7 +35646,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 1381ed65..08662028 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index c889337b..a52fabfe 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: bff02b6fd55e414ce7cf08a5ea2a85e3 + checksum/grafana-datasources: 0db814229d4110029a02a7f5665c4960 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 spec: containers: - env: [] - image: grafana/grafana:7.5.4 + image: grafana/grafana:8.0.0 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 2ac2ecd8..98a04f2e 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 22d7b33f..59263ec1 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 7.5.4 + app.kubernetes.io/version: 8.0.0 name: grafana namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index c7f14e29..fbfceaeb 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 name: kube-state-metrics rules: - apiGroups: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index 4030e967..bcadf7e4 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 5327e389..bd290260 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 name: kube-state-metrics namespace: monitoring spec: @@ -23,7 +23,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 spec: containers: - args: @@ -31,7 +31,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.1.0 name: kube-state-metrics resources: limits: @@ -47,7 +47,7 @@ spec: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8081/ - image: quay.io/brancz/kube-rbac-proxy:v0.8.0 + image: quay.io/brancz/kube-rbac-proxy:v0.10.0 name: kube-rbac-proxy-main ports: - containerPort: 8443 @@ -68,7 +68,7 @@ spec: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8082/ - image: quay.io/brancz/kube-rbac-proxy:v0.8.0 + image: quay.io/brancz/kube-rbac-proxy:v0.10.0 name: kube-rbac-proxy-self ports: - containerPort: 9443 diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 824d8132..1b4904b3 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index 2f8117a8..2eb0e7f2 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index f98d4fea..4c5c9f66 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index c27306d7..1fc5d147 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.0.0 + app.kubernetes.io/version: 2.1.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index f63d1019..4fe4d68e 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -60,7 +60,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - image: quay.io/brancz/kube-rbac-proxy:v0.8.0 + image: quay.io/brancz/kube-rbac-proxy:v0.10.0 name: kube-rbac-proxy ports: - containerPort: 9100 diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index 8baca486..c5e16e28 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index 97814375..005c88a0 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index 33bfffca..8c015bd1 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 prometheus: k8s role: alert-rules name: prometheus-operator-rules diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 7884328e..6720aebf 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml index 457fe436..60ad50d1 100644 --- a/manifests/prometheus-podDisruptionBudget.yaml +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 58d462cf..b51c1a5c 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 prometheus: k8s name: k8s namespace: monitoring @@ -18,7 +18,7 @@ spec: port: web enableFeatures: [] externalLabels: {} - image: quay.io/prometheus/prometheus:v2.26.0 + image: quay.io/prometheus/prometheus:v2.27.1 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -47,4 +47,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.26.0 + version: 2.27.1 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 51f857d6..7cdb2d9c 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index d02fcc6a..69ef11f3 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index e9efd6bd..7472dfef 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index d83277b4..b7cabcf8 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index a55e8610..3cf7ed46 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: default rules: @@ -44,7 +44,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: kube-system rules: @@ -81,7 +81,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 3c512b9f..78f4d825 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index 5496825f..e3eb002a 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index edeacbc6..076bbb22 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.26.0 + app.kubernetes.io/version: 2.27.1 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index 6ff220b4..4990441c 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 99c9ae30..28d2941f 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index a87ecacc..9d57d15d 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 name: prometheus-operator namespace: monitoring spec: @@ -23,13 +23,13 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.47.0 - image: quay.io/prometheus-operator/prometheus-operator:v0.47.0 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.48.1 + image: quay.io/prometheus-operator/prometheus-operator:v0.48.1 name: prometheus-operator ports: - containerPort: 8080 @@ -48,7 +48,7 @@ spec: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8080/ - image: quay.io/brancz/kube-rbac-proxy:v0.8.0 + image: quay.io/brancz/kube-rbac-proxy:v0.10.0 name: kube-rbac-proxy ports: - containerPort: 8443 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index ac4e89a7..c4c2f40d 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 20f98fd2..380c9212 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.47.0 + app.kubernetes.io/version: 0.48.1 name: prometheus-operator namespace: monitoring From 5ea10d80a1930f4fbfe94bf57316bcde526a1df3 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 11 Jun 2021 10:56:54 +0200 Subject: [PATCH 295/388] jsonnet: fix label selector for coredns ServiceMonitor --- jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet index fdc6e49a..dbf3474b 100644 --- a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet +++ b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -245,7 +245,7 @@ function(params) { spec: { jobLabel: 'app.kubernetes.io/name', selector: { - matchLabels: { 'app.kubernetes.io/name': 'kube-dns' }, + matchLabels: { 'k8s-app': 'kube-dns' }, }, namespaceSelector: { matchNames: ['kube-system'], From edc869991d1b50107f77635ed34cd99ef631da6f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 11 Jun 2021 11:02:21 +0200 Subject: [PATCH 296/388] manifests: regenerate --- manifests/kubernetes-serviceMonitorCoreDNS.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kubernetes-serviceMonitorCoreDNS.yaml b/manifests/kubernetes-serviceMonitorCoreDNS.yaml index c4b37433..38b602d6 100644 --- a/manifests/kubernetes-serviceMonitorCoreDNS.yaml +++ b/manifests/kubernetes-serviceMonitorCoreDNS.yaml @@ -16,4 +16,4 @@ spec: - kube-system selector: matchLabels: - app.kubernetes.io/name: kube-dns + k8s-app: kube-dns From 859b87b4548ba686884b604367f283caf565c124 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 8 Jun 2021 15:06:13 +0200 Subject: [PATCH 297/388] examples: add example of running without grafana deployment Signed-off-by: paulfantom --- examples/grafana-only-dashboards.jsonnet | 25 ++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 examples/grafana-only-dashboards.jsonnet diff --git a/examples/grafana-only-dashboards.jsonnet b/examples/grafana-only-dashboards.jsonnet new file mode 100644 index 00000000..2c5520c0 --- /dev/null +++ b/examples/grafana-only-dashboards.jsonnet @@ -0,0 +1,25 @@ +local kp = + (import 'kube-prometheus/main.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + }, + + // Disable all grafana-related objects apart from dashboards and datasource + grafana: { + dashboardSources:: {}, + deployment:: {}, + serviceAccount:: {}, + serviceMonitor:: {}, + service:: {}, + }, + }; + +// Manifestation +{ + [component + '-' + resource + '.json']: kp[component][resource] + for component in std.objectFields(kp) + for resource in std.objectFields(kp[component]) +} From 54f79428ce7cda38791193c95c697b12a2433216 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 11 Jun 2021 13:51:10 +0000 Subject: [PATCH 298/388] [bot] Automated version update --- jsonnet/kube-prometheus/versions.json | 2 +- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 ++++++++++----------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- 7 files changed, 32 insertions(+), 32 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index db3c0697..c7578769 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,7 +1,7 @@ { "alertmanager": "0.22.2", "blackboxExporter": "0.19.0", - "grafana": "8.0.0", + "grafana": "8.0.1", "kubeStateMetrics": "2.1.0", "nodeExporter": "1.1.2", "prometheus": "2.27.1", diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index a764a04e..1db54e1b 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 1ec8b184..53f9acef 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -21135,7 +21135,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22588,7 +22588,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24313,7 +24313,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -25266,7 +25266,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26246,7 +26246,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -27226,7 +27226,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27792,7 +27792,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -29009,7 +29009,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30668,7 +30668,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31884,7 +31884,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -33130,7 +33130,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -34219,7 +34219,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35646,7 +35646,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 08662028..aa5e8a47 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index a52fabfe..c1fd10a7 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: 0db814229d4110029a02a7f5665c4960 + checksum/grafana-datasources: 597a279280c5743c23dd2fe4fbcac7b8 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 spec: containers: - env: [] - image: grafana/grafana:8.0.0 + image: grafana/grafana:8.0.1 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 98a04f2e..d7516c52 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 59263ec1..9b1a5cbf 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.0 + app.kubernetes.io/version: 8.0.1 name: grafana namespace: monitoring spec: From 78a467737064513e64eeb2b1df60a2478cfeb23c Mon Sep 17 00:00:00 2001 From: Prashant Balachandran Date: Fri, 11 Jun 2021 17:01:13 +0530 Subject: [PATCH 299/388] pulling in changes from kubernetes-mixin adding changes from kube-mixin --- jsonnetfile.lock.json | 4 +- manifests/grafana-dashboardDefinitions.yaml | 4561 +++++++++---------- manifests/kubernetes-prometheusRule.yaml | 6 +- 3 files changed, 2143 insertions(+), 2428 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index f338b752..80bacaa7 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "faf65d6fe38b2fd279b60e2f0581b2d0cb878d01", - "sum": "qDZhql8zB/4DNjniC5N8s26YcnYj6oZ6PBWTCUjB2t4=" + "version": "8524aa43d49914b170b84816fc182319da04a167", + "sum": "J06UiBvcfpRzLM5VbLRAhP39Zaz+EKguJ5sSTBDeygs=" }, { "source": { diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index de6813ea..9fa96fa3 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -4365,10 +4365,10 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", + "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (cluster, instance, name)", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} {{name}}", + "legendFormat": "{{cluster}} {{instance}} {{name}}", "refId": "A" } ], @@ -4471,10 +4471,10 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name)", + "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (cluster, instance, name)", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} {{name}}", + "legendFormat": "{{cluster}} {{instance}} {{name}}", "refId": "A" } ], @@ -4577,10 +4577,10 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (instance, name, le))", + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (cluster, instance, name, le))", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} {{name}}", + "legendFormat": "{{cluster}} {{instance}} {{name}}", "refId": "A" } ], @@ -5949,7 +5949,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{namespace}}", @@ -6240,7 +6240,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6258,7 +6258,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6276,7 +6276,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -8446,7 +8446,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -8530,7 +8530,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -8814,7 +8814,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -9065,7 +9065,7 @@ items: ], "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9083,7 +9083,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9101,7 +9101,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11178,7 +11178,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -11413,7 +11413,7 @@ items: ], "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11431,7 +11431,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11449,7 +11449,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12162,7 +12162,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{container}}", @@ -12518,7 +12518,7 @@ items: ], "targets": [ { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12536,7 +12536,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12554,7 +12554,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -14561,7 +14561,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", @@ -14796,7 +14796,7 @@ items: ], "targets": [ { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14814,7 +14814,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -14832,7 +14832,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -16557,7 +16557,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{workload}} - {{workload_type}}", @@ -16855,7 +16855,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -16873,7 +16873,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -16891,7 +16891,7 @@ items: "step": 10 }, { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", "format": "table", "instant": true, "intervalFactor": 2, @@ -18638,2385 +18638,2100 @@ items: "id": null, "links": [ + ], + "panels": [ + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "links": [ + + ], + "mappings": [ + + ], + "thresholds": { + "mode": "absolute", + "steps": [ + + ] + }, + "unit": "none" + } + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "links": [ + + ], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } + }, + "pluginVersion": "7", + "targets": [ + { + "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Running Kubelets", + "transparent": false, + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "links": [ + + ], + "mappings": [ + + ], + "thresholds": { + "mode": "absolute", + "steps": [ + + ] + }, + "unit": "none" + } + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 3, + "links": [ + + ], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } + }, + "pluginVersion": "7", + "targets": [ + { + "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "title": "Running Pods", + "transparent": false, + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "links": [ + + ], + "mappings": [ + + ], + "thresholds": { + "mode": "absolute", + "steps": [ + + ] + }, + "unit": "none" + } + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 8, + "y": 0 + }, + "id": 4, + "links": [ + + ], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } + }, + "pluginVersion": "7", + "targets": [ + { + "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "title": "Running Container", + "transparent": false, + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "links": [ + + ], + "mappings": [ + + ], + "thresholds": { + "mode": "absolute", + "steps": [ + + ] + }, + "unit": "none" + } + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 12, + "y": 0 + }, + "id": 5, + "links": [ + + ], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } + }, + "pluginVersion": "7", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "title": "Actual Volume Count", + "transparent": false, + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "links": [ + + ], + "mappings": [ + + ], + "thresholds": { + "mode": "absolute", + "steps": [ + + ] + }, + "unit": "none" + } + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 16, + "y": 0 + }, + "id": 6, + "links": [ + + ], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } + }, + "pluginVersion": "7", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "title": "Desired Volume Count", + "transparent": false, + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "links": [ + + ], + "mappings": [ + + ], + "thresholds": { + "mode": "absolute", + "steps": [ + + ] + }, + "unit": "none" + } + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 20, + "y": 0 + }, + "id": 7, + "links": [ + + ], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + } + }, + "pluginVersion": "7", + "targets": [ + { + "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "title": "Config Error Count", + "transparent": false, + "type": "stat" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 7 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (operation_type, instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_type}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 7 + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_type}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Error Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_type}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation duration 99th quantile", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 21 + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} pod", + "refId": "A" + }, + { + "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 21 + }, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} pod", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 28 + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_name}} {{volume_plugin}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 28 + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_name}} {{volume_plugin}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Error Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 35 + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_name}} {{volume_plugin}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Duration 99th quantile", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 42 + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{operation_type}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager operation rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 42 + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{operation_type}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager 99th quantile", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Pod lifecycle event generator", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 49 + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 49 + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist interval", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 20, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 63 + }, + "id": 21, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 70 + }, + "id": 22, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}} {{verb}} {{url}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Request duration 99th quantile", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 77 + }, + "id": 23, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 77 + }, + "id": 24, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 77 + }, + "id": 25, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } ], "refresh": "10s", "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - }, - "id": 2, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Running Kubelets", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 3, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": "", - "title": "Running Pods", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 4, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": "", - "title": "Running Container", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 5, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": "", - "title": "Actual Volume Count", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 6, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": "", - "title": "Desired Volume Count", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 7, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": "", - "title": "Config Error Count", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (operation_type, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_type}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_type}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation Error Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_type}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation duration 99th quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} pod", - "refId": "A" - }, - { - "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} worker", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pod Start Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} pod", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} worker", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pod Start Duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_name}} {{volume_plugin}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_name}} {{volume_plugin}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Error Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_name}} {{volume_plugin}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Duration 99th quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 16, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{operation_type}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Cgroup manager operation rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 17, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{operation_type}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Cgroup manager 99th quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Pod lifecycle event generator", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist interval", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 21, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[5m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{verb}} {{url}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Request duration 99th quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 23, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 24, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 25, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } ], "schemaVersion": 14, "style": "dark", @@ -33292,31 +33007,31 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} e2e", + "legendFormat": "{{cluster}} {{instance}} e2e", "refId": "A" }, { - "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} binding", + "legendFormat": "{{cluster}} {{instance}} binding", "refId": "B" }, { - "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} scheduling algorithm", + "legendFormat": "{{cluster}} {{instance}} scheduling algorithm", "refId": "C" }, { - "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (instance)", + "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} volume", + "legendFormat": "{{cluster}} {{instance}} volume", "refId": "D" } ], @@ -33406,31 +33121,31 @@ items: "steppedLine": false, "targets": [ { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} e2e", + "legendFormat": "{{cluster}} {{instance}} e2e", "refId": "A" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} binding", + "legendFormat": "{{cluster}} {{instance}} binding", "refId": "B" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} scheduling algorithm", + "legendFormat": "{{cluster}} {{instance}} scheduling algorithm", "refId": "C" }, { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (instance, le))", + "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}} volume", + "legendFormat": "{{cluster}} {{instance}} volume", "refId": "D" } ], diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 0434a676..203e2c34 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -18,7 +18,7 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping summary: Pod is crash looping. expr: | - rate(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[10m]) * 60 * 5 > 0 + increase(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[10m]) > 0 for: 15m labels: severity: warning @@ -1199,11 +1199,11 @@ spec: rules: - expr: | sum by (cluster, namespace, pod, container) ( - rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}[5m]) + irate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}[5m]) ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate + record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate - expr: | container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, From 88034c4c419d065bdba51d8939516720e454d996 Mon Sep 17 00:00:00 2001 From: Adin Hodovic Date: Mon, 14 Jun 2021 01:07:18 +0200 Subject: [PATCH 300/388] jsonnet/platforms: Import managed-cluster addon for the EKS platform --- jsonnet/kube-prometheus/platforms/eks.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index 9fa55750..87e70f4f 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -1,4 +1,4 @@ -{ +(import '../addons/managed-cluster.libsonnet') + { values+:: { eks: { minimumAvailableIPs: 10, From d6201759b842cbcd464daf67a8ae71928e9554c4 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 14 Jun 2021 13:50:57 +0000 Subject: [PATCH 301/388] [bot] Automated version update --- jsonnet/kube-prometheus/versions.json | 2 +- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 ++++++++++----------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- 7 files changed, 32 insertions(+), 32 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index c7578769..ab215a71 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,7 +1,7 @@ { "alertmanager": "0.22.2", "blackboxExporter": "0.19.0", - "grafana": "8.0.1", + "grafana": "8.0.2", "kubeStateMetrics": "2.1.0", "nodeExporter": "1.1.2", "prometheus": "2.27.1", diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 1db54e1b..e1fa5d02 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index af273df8..3a586a49 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -20850,7 +20850,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22303,7 +22303,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24028,7 +24028,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -24981,7 +24981,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -25961,7 +25961,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26941,7 +26941,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27507,7 +27507,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -28724,7 +28724,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30383,7 +30383,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31599,7 +31599,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -32845,7 +32845,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -33934,7 +33934,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35361,7 +35361,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index aa5e8a47..ff892e04 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index c1fd10a7..8ca888b0 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: 597a279280c5743c23dd2fe4fbcac7b8 + checksum/grafana-datasources: fc59858bc9ee7060feedd9ef9ab1f622 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 spec: containers: - env: [] - image: grafana/grafana:8.0.1 + image: grafana/grafana:8.0.2 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index d7516c52..c72c926b 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 9b1a5cbf..b8f635da 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.1 + app.kubernetes.io/version: 8.0.2 name: grafana namespace: monitoring spec: From 253a8ff2d65ad7d25e9f624f940685d836472952 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 14 Jun 2021 21:55:40 +0200 Subject: [PATCH 302/388] hack: remove unused directory --- hack/example-service-monitoring/deploy | 9 --------- hack/example-service-monitoring/teardown | 9 --------- hack/jsonnet-docker-image | 0 3 files changed, 18 deletions(-) delete mode 100755 hack/example-service-monitoring/deploy delete mode 100755 hack/example-service-monitoring/teardown delete mode 100644 hack/jsonnet-docker-image diff --git a/hack/example-service-monitoring/deploy b/hack/example-service-monitoring/deploy deleted file mode 100755 index 0c7cd7c1..00000000 --- a/hack/example-service-monitoring/deploy +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash -# exit immediately when a command fails -set -e -# only exit with zero if all commands of the pipeline exit successfully -set -o pipefail -# error on unset variables -set -u - -kubectl apply -f examples/example-app diff --git a/hack/example-service-monitoring/teardown b/hack/example-service-monitoring/teardown deleted file mode 100755 index 1a49f462..00000000 --- a/hack/example-service-monitoring/teardown +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash -# exit immediately when a command fails -set -e -# only exit with zero if all commands of the pipeline exit successfully -set -o pipefail -# error on unset variables -set -u - -kubectl delete -f examples/example-app diff --git a/hack/jsonnet-docker-image b/hack/jsonnet-docker-image deleted file mode 100644 index e69de29b..00000000 From 6dc90593f90cc5c0dbe566ca555dc11f7193ced6 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 14 Jun 2021 22:47:22 +0200 Subject: [PATCH 303/388] scripts: move test.sh script into scripts dir --- Makefile | 2 +- test.sh => scripts/test.sh | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) rename test.sh => scripts/test.sh (80%) diff --git a/Makefile b/Makefile index 5297661b..3b463b2d 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ lint: $(JSONNETLINT_BIN) vendor .PHONY: test test: $(JB_BIN) $(JB_BIN) install - ./test.sh + ./scripts/test.sh .PHONY: test-e2e test-e2e: diff --git a/test.sh b/scripts/test.sh similarity index 80% rename from test.sh rename to scripts/test.sh index 58b06fe8..6774c63a 100755 --- a/test.sh +++ b/scripts/test.sh @@ -5,6 +5,8 @@ set -o pipefail # Make sure to use project tooling PATH="$(pwd)/tmp/bin:${PATH}" +TESTFILE="$(pwd)/tmp/test.jsonnet" +mkdir -p "$(pwd)/tmp" for i in examples/jsonnet-snippets/*.jsonnet; do [ -f "$i" ] || break @@ -14,13 +16,13 @@ for i in examples/jsonnet-snippets/*.jsonnet; do snippet="local kp = $fileContent; $( "test.jsonnet" + echo "${snippet}" > "${TESTFILE}" echo "\`\`\`" echo "${snippet}" echo "\`\`\`" echo "" - jsonnet -J vendor "test.jsonnet" > /dev/null - rm -rf "test.jsonnet" + jsonnet -J vendor "${TESTFILE}" > /dev/null + rm -rf "${TESTFILE}" done for i in examples/*.jsonnet; do From b7ac30704e57fa47475cdd806a9eb094e6358023 Mon Sep 17 00:00:00 2001 From: ArthurSens Date: Mon, 14 Jun 2021 23:57:56 +0000 Subject: [PATCH 304/388] Run k3s inside gitpod and deploy kube-prometheus. Signed-off-by: ArthurSens --- .gitignore | 2 ++ .gitpod.yml | 23 ++++++++++++++- .gitpod/deploy-kube-prometheus.sh | 16 ++++++++++ .gitpod/prepare-k3s.sh | 49 +++++++++++++++++++++++++++++++ .gitpod/prepare-rootfs.sh | 48 ++++++++++++++++++++++++++++++ .gitpod/qemu.sh | 14 +++++++++ .gitpod/scp.sh | 3 ++ .gitpod/ssh.sh | 3 ++ 8 files changed, 157 insertions(+), 1 deletion(-) create mode 100755 .gitpod/deploy-kube-prometheus.sh create mode 100755 .gitpod/prepare-k3s.sh create mode 100755 .gitpod/prepare-rootfs.sh create mode 100755 .gitpod/qemu.sh create mode 100755 .gitpod/scp.sh create mode 100755 .gitpod/ssh.sh diff --git a/.gitignore b/.gitignore index 42cf6651..a82ceced 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ vendor/ ./auth .swp crdschemas/ + +.gitpod/_output/ \ No newline at end of file diff --git a/.gitpod.yml b/.gitpod.yml index 1ec86098..936bc53a 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -1,4 +1,5 @@ - +image: gitpod/workspace-full +checkoutLocation: gitpod-k3s tasks: - init: | make --always-make @@ -21,6 +22,26 @@ tasks: fi EOF chmod +x ${PWD}/.git/hooks/pre-commit + - name: run kube-prometheus + command: | + .gitpod/prepare-k3s.sh + .gitpod/deploy-kube-prometheus.sh + - name: kernel dev environment + init: | + sudo apt update -y + sudo apt install qemu qemu-system-x86 linux-image-$(uname -r) libguestfs-tools sshpass netcat -y + sudo curl -o /usr/bin/kubectl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + sudo chmod +x /usr/bin/kubectl + .gitpod/prepare-rootfs.sh + command: | + .gitpod/qemu.sh +ports: + - port: 3000 + onOpen: open-browser + - port: 9090 + onOpen: open-browser + - port: 9093 + onOpen: open-browser vscode: extensions: - heptio.jsonnet@0.1.0:woEDU5N62LRdgdz0g/I6sQ== \ No newline at end of file diff --git a/.gitpod/deploy-kube-prometheus.sh b/.gitpod/deploy-kube-prometheus.sh new file mode 100755 index 00000000..fdd9c1d2 --- /dev/null +++ b/.gitpod/deploy-kube-prometheus.sh @@ -0,0 +1,16 @@ +kubectl apply -f manifests/setup + +# Safety wait for CRDs to be working +sleep 30 + +kubectl apply -f manifests/ + +kubectl rollout status -n monitoring daemonset node-exporter +kubectl rollout status -n monitoring statefulset alertmanager-main +kubectl rollout status -n monitoring statefulset prometheus-k8s +kubectl rollout status -n monitoring deployment grafana +kubectl rollout status -n monitoring deployment kube-state-metrics + +kubectl port-forward -n monitoring svc/grafana 3000 > /dev/null 2>&1 & +kubectl port-forward -n monitoring svc/alertmanager-main 9093 > /dev/null 2>&1 & +kubectl port-forward -n monitoring svc/prometheus-k8s 9090 > /dev/null 2>&1 & \ No newline at end of file diff --git a/.gitpod/prepare-k3s.sh b/.gitpod/prepare-k3s.sh new file mode 100755 index 00000000..ccfd658a --- /dev/null +++ b/.gitpod/prepare-k3s.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +rootfslock="${script_dirname}/_output/rootfs/rootfs-ready.lock" +k3sreadylock="${script_dirname}/_output/rootfs/k3s-ready.lock" + +if test -f "${k3sreadylock}"; then + exit 0 +fi + +cd $script_dirname + +function waitssh() { + while ! nc -z 127.0.0.1 2222; do + sleep 0.1 + done + ./ssh.sh "whoami" &>/dev/null + if [ $? -ne 0 ]; then + sleep 1 + waitssh + fi +} + +function waitrootfs() { + while ! test -f "${rootfslock}"; do + sleep 0.1 + done +} + +echo "🔥 Installing everything, this will be done only one time per workspace." + +echo "Waiting for the rootfs to become available, it can take a while, open the terminal #2 for progress" +waitrootfs +echo "✅ rootfs available" + +echo "Waiting for the ssh server to become available, it can take a while, after this k3s is getting installed" +waitssh +echo "✅ ssh server available" + +./ssh.sh "curl -sfL https://get.k3s.io | sh -" + +mkdir -p ~/.kube +./scp.sh root@127.0.0.1:/etc/rancher/k3s/k3s.yaml ~/.kube/config + +echo "✅ k3s server is ready" +touch "${k3sreadylock}" + +# safety wait for cluster availability +sleep 30s \ No newline at end of file diff --git a/.gitpod/prepare-rootfs.sh b/.gitpod/prepare-rootfs.sh new file mode 100755 index 00000000..c67e9a77 --- /dev/null +++ b/.gitpod/prepare-rootfs.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +set -euo pipefail + +img_url="https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64.tar.gz" + +script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +outdir="${script_dirname}/_output/rootfs" + +rm -Rf $outdir +mkdir -p $outdir + +curl -L -o "${outdir}/rootfs.tar.gz" $img_url + +cd $outdir + +tar -xvf rootfs.tar.gz + +qemu-img resize hirsute-server-cloudimg-amd64.img +20G + +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'resize2fs /dev/sda' + +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --root-password password:root + +netconf=" +network: + version: 2 + renderer: networkd + ethernets: + enp0s3: + dhcp4: yes +" + +# networking setup +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "echo '${netconf}' > /etc/netplan/01-net.yaml" + +# copy kernel modules +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --copy-in /lib/modules/$(uname -r):/lib/modules + +# ssh +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'apt remove openssh-server -y && apt install openssh-server -y' +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config" +sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config" + +# mark as ready +touch rootfs-ready.lock + +echo "k3s development environment is ready" diff --git a/.gitpod/qemu.sh b/.gitpod/qemu.sh new file mode 100755 index 00000000..f4256439 --- /dev/null +++ b/.gitpod/qemu.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -xeuo pipefail + +script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +outdir="${script_dirname}/_output" + +sudo qemu-system-x86_64 -kernel "/boot/vmlinuz" \ +-boot c -m 3073M -hda "${outdir}/rootfs/hirsute-server-cloudimg-amd64.img" \ +-net user \ +-smp 8 \ +-append "root=/dev/sda rw console=ttyS0,115200 acpi=off nokaslr" \ +-nic user,hostfwd=tcp::2222-:22,hostfwd=tcp::6443-:6443 \ +-serial mon:stdio -display none \ No newline at end of file diff --git a/.gitpod/scp.sh b/.gitpod/scp.sh new file mode 100755 index 00000000..2295c3c0 --- /dev/null +++ b/.gitpod/scp.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sshpass -p 'root' scp -o StrictHostKeychecking=no -P 2222 $@ \ No newline at end of file diff --git a/.gitpod/ssh.sh b/.gitpod/ssh.sh new file mode 100755 index 00000000..b4d2ca8c --- /dev/null +++ b/.gitpod/ssh.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sshpass -p 'root' ssh -o StrictHostKeychecking=no -p 2222 root@127.0.0.1 "$@" \ No newline at end of file From db6a5131903106538ec682491d0d4a3d21ec6c35 Mon Sep 17 00:00:00 2001 From: Sang Le Date: Wed, 16 Jun 2021 13:06:32 +1000 Subject: [PATCH 305/388] Fix ingress rules for api networking.k8s.io/v1 --- examples/ingress.jsonnet | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/examples/ingress.jsonnet b/examples/ingress.jsonnet index a2e26cd7..09711a0e 100644 --- a/examples/ingress.jsonnet +++ b/examples/ingress.jsonnet @@ -54,10 +54,14 @@ local kp = host: 'alertmanager.example.com', http: { paths: [{ + path: '/', + pathType: 'Prefix', backend: { service: { name: 'alertmanager-main', - port: 'web', + port: { + name: 'web' + }, }, }, }], @@ -71,10 +75,14 @@ local kp = host: 'grafana.example.com', http: { paths: [{ + path: '/', + pathType: 'Prefix', backend: { service: { name: 'grafana', - port: 'http', + port: { + name: 'http' + }, }, }, }], @@ -88,10 +96,14 @@ local kp = host: 'prometheus.example.com', http: { paths: [{ + path: '/', + pathType: 'Prefix', backend: { service: { name: 'prometheus-k8s', - port: 'web', + port: { + name: 'web' + }, }, }, }], From 4ea366eef75bfd371fa5618da63eba491ff0df00 Mon Sep 17 00:00:00 2001 From: Matthias Loibl Date: Wed, 16 Jun 2021 12:55:51 +0200 Subject: [PATCH 306/388] Fix name for blackbox-exporter PodSecurityPolicy --- .../kube-prometheus/addons/podsecuritypolicies.libsonnet | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet index 838db3bf..61439b59 100644 --- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet +++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet @@ -117,7 +117,11 @@ local restrictedPodSecurityPolicy = { }, } else - {}; + { + metadata+: { + name: 'blackbox-exporter-psp', + }, + }; restrictedPodSecurityPolicy + blackboxExporterPspPrivileged, }, From 4e43a1e16e3b064e2fad6ac48922674340099f53 Mon Sep 17 00:00:00 2001 From: Sang Le Date: Thu, 17 Jun 2021 08:19:23 +1000 Subject: [PATCH 307/388] Fix ingress rules for api networking.k8s.io/v1 - format code --- examples/ingress.jsonnet | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/ingress.jsonnet b/examples/ingress.jsonnet index 09711a0e..b1197c5d 100644 --- a/examples/ingress.jsonnet +++ b/examples/ingress.jsonnet @@ -60,7 +60,7 @@ local kp = service: { name: 'alertmanager-main', port: { - name: 'web' + name: 'web', }, }, }, @@ -81,7 +81,7 @@ local kp = service: { name: 'grafana', port: { - name: 'http' + name: 'http', }, }, }, @@ -102,7 +102,7 @@ local kp = service: { name: 'prometheus-k8s', port: { - name: 'web' + name: 'web', }, }, }, From ffea8f498e6d76a847fa547b605a9e8534795b7c Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 18 Jun 2021 13:50:44 +0000 Subject: [PATCH 308/388] [bot] Automated version update --- jsonnet/kube-prometheus/versions.json | 2 +- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 ++++++++++----------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- 7 files changed, 32 insertions(+), 32 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index ab215a71..91d36db7 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,7 +1,7 @@ { "alertmanager": "0.22.2", "blackboxExporter": "0.19.0", - "grafana": "8.0.2", + "grafana": "8.0.3", "kubeStateMetrics": "2.1.0", "nodeExporter": "1.1.2", "prometheus": "2.27.1", diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index e1fa5d02..de658ba8 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 3a586a49..ecab2f6a 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -20850,7 +20850,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22303,7 +22303,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24028,7 +24028,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -24981,7 +24981,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -25961,7 +25961,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26941,7 +26941,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27507,7 +27507,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -28724,7 +28724,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30383,7 +30383,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31599,7 +31599,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -32845,7 +32845,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -33934,7 +33934,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35361,7 +35361,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index ff892e04..9e95bdf4 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 8ca888b0..5b954a4b 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: fc59858bc9ee7060feedd9ef9ab1f622 + checksum/grafana-datasources: 94437af43b4bb589dd53fbb6ce41aa2b labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 spec: containers: - env: [] - image: grafana/grafana:8.0.2 + image: grafana/grafana:8.0.3 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index c72c926b..2658ce05 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index b8f635da..a3302cc7 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.2 + app.kubernetes.io/version: 8.0.3 name: grafana namespace: monitoring spec: From 3a4e292aabca754ac565ad04f031f455cb852d3c Mon Sep 17 00:00:00 2001 From: Philip Gough Date: Tue, 22 Jun 2021 11:11:40 +0100 Subject: [PATCH 309/388] Sync with kubernetes-mixin --- jsonnetfile.lock.json | 4 +- manifests/grafana-dashboardDefinitions.yaml | 18 ++++----- manifests/kubernetes-prometheusRule.yaml | 42 ++++++++++++++++----- 3 files changed, 44 insertions(+), 20 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 80bacaa7..6c7d433c 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "8524aa43d49914b170b84816fc182319da04a167", - "sum": "J06UiBvcfpRzLM5VbLRAhP39Zaz+EKguJ5sSTBDeygs=" + "version": "e0dc3563dcbf2e54e0ffe8e83f3f51b237ef33be", + "sum": "egi2xHFco6VkCxettVvAju/yrsGnB3AFoPpCGKfWhtU=" }, { "source": { diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index ecab2f6a..e0a6ab56 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -5602,7 +5602,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", + "expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -5854,7 +5854,7 @@ items: "steppedLine": false, "targets": [ { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", + "expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", "format": "time_series", "instant": true, "intervalFactor": 2, @@ -6258,7 +6258,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6267,7 +6267,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6276,7 +6276,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6676,7 +6676,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6685,7 +6685,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6694,7 +6694,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, @@ -6703,7 +6703,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", "format": "table", "instant": true, "intervalFactor": 2, diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 203e2c34..208116ff 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -19,6 +19,8 @@ spec: summary: Pod is crash looping. expr: | increase(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[10m]) > 0 + and + sum without (phase) (kube_pod_status_phase{phase!="Running",job="kube-state-metrics"} == 1) for: 15m labels: severity: warning @@ -214,19 +216,19 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch summary: HPA has not matched descired number of replicas. expr: | - (kube_hpa_status_desired_replicas{job="kube-state-metrics"} + (kube_horizontalpodautoscaler_status_desired_replicas{job="kube-state-metrics"} != - kube_hpa_status_current_replicas{job="kube-state-metrics"}) + kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics"}) and - (kube_hpa_status_current_replicas{job="kube-state-metrics"} + (kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics"} > - kube_hpa_spec_min_replicas{job="kube-state-metrics"}) + kube_horizontalpodautoscaler_spec_min_replicas{job="kube-state-metrics"}) and - (kube_hpa_status_current_replicas{job="kube-state-metrics"} + (kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics"} < - kube_hpa_spec_max_replicas{job="kube-state-metrics"}) + kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics"}) and - changes(kube_hpa_status_current_replicas{job="kube-state-metrics"}[15m]) == 0 + changes(kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics"}[15m]) == 0 for: 15m labels: severity: warning @@ -236,9 +238,9 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout summary: HPA is running at max replicas expr: | - kube_hpa_status_current_replicas{job="kube-state-metrics"} + kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics"} == - kube_hpa_spec_max_replicas{job="kube-state-metrics"} + kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics"} for: 15m labels: severity: warning @@ -1250,6 +1252,28 @@ spec: ) ) record: namespace_cpu:kube_pod_container_resource_requests:sum + - expr: | + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace_memory:kube_pod_container_resource_limits:sum + - expr: | + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace_cpu:kube_pod_container_resource_limits:sum - expr: | max by (cluster, namespace, workload, pod) ( label_replace( From 0ff173efea2cd5c940bbe34b53a5b950021b2cbd Mon Sep 17 00:00:00 2001 From: fpetkovski Date: Tue, 22 Jun 2021 10:40:34 +0200 Subject: [PATCH 310/388] jsonnet: disable insecure cypher suites for prometheus-adapter Running sslscan against the prometheus adapter secure port reports two insecure SSL ciphers, ECDHE-RSA-DES-CBC3-SHA and DES-CBC3-SHA. This commit removes those ciphers from the list. Signed-off-by: fpetkovski --- .../components/prometheus-adapter.libsonnet | 18 ++++++++++++++++++ manifests/prometheus-adapter-deployment.yaml | 1 + 2 files changed, 19 insertions(+) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 8312183c..9a3144b0 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -53,6 +53,23 @@ local defaults = { window: '5m', }, }, + tlsCipherSuites: [ + 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', + 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305', + 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_AES_128_GCM_SHA256', + 'TLS_RSA_WITH_AES_256_GCM_SHA384', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + ], }; function(params) { @@ -145,6 +162,7 @@ function(params) { '--metrics-relist-interval=1m', '--prometheus-url=' + pa._config.prometheusURL, '--secure-port=6443', + '--tls-cipher-suites=' + std.join(',', pa._config.tlsCipherSuites), ], ports: [{ containerPort: 6443 }], volumeMounts: [ diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index 787e18fb..475eaf53 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -35,6 +35,7 @@ spec: - --metrics-relist-interval=1m - --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/ - --secure-port=6443 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA image: directxman12/k8s-prometheus-adapter:v0.8.4 name: prometheus-adapter ports: From 0959155a1c67790edf55e4b19052e4fc3769116a Mon Sep 17 00:00:00 2001 From: fpetkovski Date: Tue, 22 Jun 2021 16:27:06 +0200 Subject: [PATCH 311/388] jsonnet: update downstream dependencies This commit updates all downstream dependencies Signed-off-by: fpetkovski --- jsonnetfile.lock.json | 30 ++--- manifests/alertmanager-prometheusRule.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 8 ++ manifests/prometheus-prometheusRule.yaml | 10 ++ ...erator-0probeCustomResourceDefinition.yaml | 3 + ...r-0prometheusCustomResourceDefinition.yaml | 123 +++++++++++++++++- ...rometheusruleCustomResourceDefinition.yaml | 2 +- ...ervicemonitorCustomResourceDefinition.yaml | 8 +- 8 files changed, 161 insertions(+), 25 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 6c7d433c..d5db3120 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "7a7b668edb7ea4087fab00c3b3392202584b5fcf", + "version": "556447683112b6ccc00b27a1bd0d0a4edc361692", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "ab47cabd71f0318fbda8efbbce0b4af074970a4e", + "version": "9ed8c7b79694711403fc353a3e3c46acb762a1e5", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "faf65d6fe38b2fd279b60e2f0581b2d0cb878d01", + "version": "e0dc3563dcbf2e54e0ffe8e83f3f51b237ef33be", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "c36d9c6adca9b61b33398f6bcf06122564da2f95", + "version": "d94da5292d7e213c5b2f3f508d162e6044a68ca9", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "c36d9c6adca9b61b33398f6bcf06122564da2f95", + "version": "d94da5292d7e213c5b2f3f508d162e6044a68ca9", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "e5797e3d1c7fe50b99d9b8e8006ad0416820b5c9", + "version": "1c35faa561f2557fa156438c13c5763d3b6ac6c4", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "e5797e3d1c7fe50b99d9b8e8006ad0416820b5c9", - "sum": "1bEFcCwj8VP9lh1GG76M+uHc0975rolxA4YezwXaiwk=" + "version": "1c35faa561f2557fa156438c13c5763d3b6ac6c4", + "sum": "eHJp7oFWvBEsSmwoRML356DLK80n7rRt8XKRZ+YawvQ=" }, { "source": { @@ -109,8 +109,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "8598683b2461fb68e1921735c20163c4c784f9b6", - "sum": "YIWuR6x64SRQSCr8tuuGN1cc0TK5HGR0HWvgot3fc6k=", + "version": "29fcb0b7fb8af519fa6c08cfd545d401c98d94e1", + "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, { @@ -120,7 +120,7 @@ "subdir": "docs/node-mixin" } }, - "version": "220aa5b8893c599c624bbdba2f59ac1ed473a4ff", + "version": "8edd27baaf0cd4e443ab556329fa0f8c3b2b02a0", "sum": "os3VfjBdFdDaTYzI+A/RahIhQcgQ7KoaLL68s1kiCbA=" }, { @@ -130,8 +130,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "ef584a9df6b4d5b360aa99ddee605b9b92f5ad45", - "sum": "Va7tcAcpgjCQjFoChBUlseoPoqQoo4mGoT70Kebep9Q=", + "version": "4a5aef0495a08032f4369804266b357773b0a009", + "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, { @@ -141,8 +141,8 @@ "subdir": "mixin" } }, - "version": "4e74c4ba0b6c2b4c34b5ca9cabd14e1a70232902", - "sum": "saJz+8pxFRq4oS8H5fckUOBETHYcOdoFzFtgueoRQcU=", + "version": "7a90505d8f06efd6445dba94174695d4dba05393", + "sum": "IS62r3fSx0evbBhH0QqKUW+4TAMOHpzbsW+v9nw/SNM=", "name": "thanos-mixin" }, { diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index 83eee474..d6321b95 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -37,7 +37,7 @@ spec: max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m]) < on (namespace,service) group_left count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="alertmanager-main",namespace="monitoring"}[5m])) - for: 10m + for: 15m labels: severity: critical - alert: AlertmanagerFailedToSendAlerts diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index e0a6ab56..8253c14c 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -30942,6 +30942,14 @@ items: "stack": true, "steppedLine": false, "targets": [ + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "exceeded body size limit: {{job}}", + "legendLink": null, + "step": 10 + }, { "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))", "format": "time_series", diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 7cdb2d9c..7a22a8c7 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -221,6 +221,16 @@ spec: for: 15m labels: severity: warning + - alert: PrometheusTargetSyncFailure + annotations: + description: '{{ printf "%.0f" $value }} targets in Prometheus {{$labels.namespace}}/{{$labels.pod}} have failed to sync because invalid configuration was supplied.' + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustargetsyncfailure + summary: Prometheus has failed to sync targets. + expr: | + increase(prometheus_target_sync_failed_total{job="prometheus-k8s",namespace="monitoring"}[30m]) > 0 + for: 5m + labels: + severity: critical - alert: PrometheusErrorSendingAlertsToAnyAlertmanager annotations: description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index d6a8acd9..0d36514d 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -96,6 +96,9 @@ spec: path: description: Path to collect metrics from. Defaults to `/probe`. type: string + proxyUrl: + description: Optional ProxyURL. + type: string scheme: description: HTTP scheme to use for scraping. Defaults to `http`. type: string diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 23816577..d327a717 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -1470,7 +1470,7 @@ spec: type: string type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `ProbeConfig` object) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above)." type: string enforcedSampleLimit: description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. @@ -1481,7 +1481,7 @@ spec: format: int64 type: integer evaluationInterval: - description: Interval between consecutive evaluations. + description: 'Interval between consecutive evaluations. Default: `1m`' type: string externalLabels: additionalProperties: @@ -1508,7 +1508,7 @@ spec: type: object type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: description: A single application container that you want to run within a pod. properties: @@ -2951,7 +2951,7 @@ spec: type: object type: object scrapeInterval: - description: Interval between consecutive scrapes. + description: 'Interval between consecutive scrapes. Default: `1m`' type: string scrapeTimeout: description: Number of seconds to wait for target to respond before erroring. @@ -3432,6 +3432,9 @@ spec: objectStorageConfigFile: description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. type: string + readyTimeout: + description: ReadyTimeout is the maximum time Thanos sidecar will wait for Prometheus to start. Eg 10m + type: string resources: description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set properties: @@ -4399,6 +4402,118 @@ spec: pageTitle: description: The prometheus web page title type: string + tlsConfig: + description: WebTLSConfig defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + maxVersion: + description: Maximum TLS version that is acceptable. Defaults to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object type: object type: object status: diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml index ccd8efbf..e537e2fd 100644 --- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml @@ -43,7 +43,7 @@ spec: type: string rules: items: - description: Rule describes an alerting or recording rule. + description: 'Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule' properties: alert: type: string diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 4ae0a59d..60543cc3 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -293,10 +293,10 @@ spec: type: object type: array jobLabel: - description: The label to use to retrieve the job name from. + description: "Chooses the label of the Kubernetes `Endpoints`. Its value will be used for the `job`-label's value of the created metrics. \n Default & fallback value: the name of the respective Kubernetes `Endpoint`." type: string namespaceSelector: - description: Selector to select which namespaces the Endpoints objects are discovered from. + description: Selector to select which namespaces the Kubernetes Endpoints objects are discovered from. properties: any: description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. @@ -308,7 +308,7 @@ spec: type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + description: PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics. items: type: string type: array @@ -347,7 +347,7 @@ spec: type: object type: object targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service onto the target. + description: TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics. All labels set in `selector.matchLabels` are automatically transferred. items: type: string type: array From 86b1207e1b8856691f50c5c287f044c19193d858 Mon Sep 17 00:00:00 2001 From: fpetkovski Date: Wed, 23 Jun 2021 14:24:29 +0200 Subject: [PATCH 312/388] jsonnet: update alertmanager branch to main Alertmanager changed its default branch to main. This commit updates the alertmanager branch to track the new default. Signed-off-by: fpetkovski --- jsonnet/kube-prometheus/jsonnetfile.json | 2 +- jsonnetfile.lock.json | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 9a0ae384..232ef3f1 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -91,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "master", + "version": "main", "name": "alertmanager" }, { diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index d5db3120..08a0ff19 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "9ed8c7b79694711403fc353a3e3c46acb762a1e5", + "version": "054a2cecd449b88582386cd12a5865daca10439e", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "29fcb0b7fb8af519fa6c08cfd545d401c98d94e1", + "version": "fd0929ba9fc58737a9c91f24771862692fa72d17", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,7 +120,7 @@ "subdir": "docs/node-mixin" } }, - "version": "8edd27baaf0cd4e443ab556329fa0f8c3b2b02a0", + "version": "90d469805ac04cf1be31fdb50fcd895146332e92", "sum": "os3VfjBdFdDaTYzI+A/RahIhQcgQ7KoaLL68s1kiCbA=" }, { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "4a5aef0495a08032f4369804266b357773b0a009", + "version": "d8219f29f4fec899edde3d3055acf3013dc3f77a", "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, @@ -141,8 +141,8 @@ "subdir": "mixin" } }, - "version": "7a90505d8f06efd6445dba94174695d4dba05393", - "sum": "IS62r3fSx0evbBhH0QqKUW+4TAMOHpzbsW+v9nw/SNM=", + "version": "8f5021166d21005f9a63c3c44fd876113fd0c05d", + "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, { From d0e21f34e59fc1f6478fa9f45617080a8be1a5dd Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 23 Jun 2021 13:41:46 +0000 Subject: [PATCH 313/388] [bot] Automated version update --- jsonnet/kube-prometheus/versions.json | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- manifests/prometheus-podDisruptionBudget.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 ++++---- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- manifests/prometheus-roleBindingSpecificNamespaces.yaml | 6 +++--- manifests/prometheus-roleConfig.yaml | 2 +- manifests/prometheus-roleSpecificNamespaces.yaml | 6 +++--- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- 13 files changed, 20 insertions(+), 20 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 91d36db7..ae5b5d12 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -4,7 +4,7 @@ "grafana": "8.0.3", "kubeStateMetrics": "2.1.0", "nodeExporter": "1.1.2", - "prometheus": "2.27.1", + "prometheus": "2.28.0", "prometheusAdapter": "0.8.4", "prometheusOperator": "0.48.1", "kubeRbacProxy": "0.10.0", diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index c5e16e28..a0d4a4bc 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index 005c88a0..17efd849 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml index 60ad50d1..f45a5ebc 100644 --- a/manifests/prometheus-podDisruptionBudget.yaml +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index b51c1a5c..54ca05d1 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 prometheus: k8s name: k8s namespace: monitoring @@ -18,7 +18,7 @@ spec: port: web enableFeatures: [] externalLabels: {} - image: quay.io/prometheus/prometheus:v2.27.1 + image: quay.io/prometheus/prometheus:v2.28.0 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -47,4 +47,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.27.1 + version: 2.28.0 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 7a22a8c7..0c626bcf 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index 69ef11f3..aea532dc 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index 7472dfef..7b0bd525 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index b7cabcf8..67350543 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index 3cf7ed46..cce44a1e 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: default rules: @@ -44,7 +44,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: kube-system rules: @@ -81,7 +81,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 78f4d825..4e870635 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index e3eb002a..d0a2aac4 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index 076bbb22..bbbc2473 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.27.1 + app.kubernetes.io/version: 2.28.0 name: prometheus-k8s namespace: monitoring spec: From d9fc85c0bbb710c0aee7dab2caed19be2a5319e4 Mon Sep 17 00:00:00 2001 From: fpetkovski Date: Tue, 22 Jun 2021 16:54:30 +0200 Subject: [PATCH 314/388] .github/workflows: automatically update jsonnet dependencies This commit extends the versions github workflow to automatically update jsonnet dependencies when the jsonnet code in upstream repositories changes. --- .github/workflows/versions.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 82944a7e..3107c0db 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -17,14 +17,26 @@ jobs: # Write to temporary file to make update atomic scripts/generate-versions.sh > /tmp/versions.json mv /tmp/versions.json jsonnet/kube-prometheus/versions.json + - name: Install jsonnet bundler + run: | + go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb + - name: Update jsonnet dependencies + run: | + jb update make --always-make generate + + # Reset jsonnetfile.lock.json if no dependencies were updated + changedFiles=$(git diff --name-only | grep -v 'jsonnetfile.lock.json') + if [[ $changedFiles == "" ]]; then + git checkout -- jsonnetfile.lock.json; + fi - name: Create Pull Request uses: peter-evans/create-pull-request@v3 with: commit-message: "[bot] Automated version update" title: "[bot] Automated version update" body: | - This is an automated version update performed from CI on behalf of @paulfantom. + This is an automated version and jsonnet dependencies update performed from CI on behalf of @paulfantom. Configuration of the workflow is located in `.github/workflows/versions.yaml` team-reviewers: kube-prometheus-reviewers From 321fa1391c98cb528f74343b54ed9c54332749b3 Mon Sep 17 00:00:00 2001 From: fpetkovski Date: Fri, 25 Jun 2021 11:33:10 +0200 Subject: [PATCH 315/388] .github/workflows: Update versions schedule to run each Monday --- .github/workflows/versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 82944a7e..4ada34f4 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -2,7 +2,7 @@ name: Upgrade to latest versions on: schedule: - - cron: '37 13 * * *' + - cron: '37 13 * * 1' jobs: versions: runs-on: ubuntu-latest From 654aa9bfacdd76149c67b601bc926607b668c42f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 29 Jun 2021 10:08:20 +0200 Subject: [PATCH 316/388] scripts: use newer version when generating --- scripts/generate-versions.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/scripts/generate-versions.sh b/scripts/generate-versions.sh index c20a1881..05c48a63 100755 --- a/scripts/generate-versions.sh +++ b/scripts/generate-versions.sh @@ -23,12 +23,19 @@ get_current_version() { get_version() { component="${1}" v="$(get_latest_version "${component}")" - + + component="$(convert_to_camel_case "$(echo "${component}" | sed 's/^.*\///')")" + cv="$(get_current_version "${component}")" + # Advanced AI heurestics to filter out common patterns suggesting new version is not stable /s if [[ "$v" == "" ]] || [[ "$v" == *"alpha"* ]] || [[ "$v" == *"beta"* ]] || [[ "$v" == *"rc"* ]] || [[ "$v" == *"helm"* ]]; then - component="$(convert_to_camel_case "$(echo "${component}" | sed 's/^.*\///')")" - v="$(get_current_version "${component}")" + echo "$cv" + return fi + + # Use higher version from new version and current version + v=$(printf '%s\n' "$v" "$cv" | sort -r | head -n1) + echo "$v" } From 0280f4ddf9bec5f73aebc461760ac96ce2ab8a16 Mon Sep 17 00:00:00 2001 From: Sunil Thaha Date: Thu, 24 Jun 2021 16:52:29 +1000 Subject: [PATCH 317/388] jsonnet: kube-prometheus adapt to changes to veth interfaces names With OVN, the container veth network interface names that used to start with `veth` has now changed to `{15}@if`(see Related Links below). This patch adapts to the new change introduced in ovn and ignores the network interfaces that match `[a-z0-9]{15}@if\d+` in addition to those starting with `veth` Related Links: - https://github.com/openshift/ovn-kubernetes/blob/master/go-controller/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go#L107 - https://github.com/openshift/ovn-kubernetes/blob/master/go-controller/pkg/cni/helper_linux.go#L148 Signed-off-by: Sunil Thaha --- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 7 +++++-- manifests/node-exporter-daemonset.yaml | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 30c8173b..df0a2f20 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -175,8 +175,11 @@ function(params) { '--no-collector.wifi', '--no-collector.hwmon', '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)', - '--collector.netclass.ignored-devices=^(veth.*)$', - '--collector.netdev.device-exclude=^(veth.*)$', + // NOTE: ignore veth network interface associated with containers. + // OVN renames veth.* to @if where X is /sys/class/net//ifindex + // thus [a-z0-9] regex below + '--collector.netclass.ignored-devices=^(veth.*|[a-z0-9]+@if\\d+)$', + '--collector.netdev.device-exclude=^(veth.*|[a-z0-9]+@if\\d+)$', ], volumeMounts: [ { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 4fe4d68e..10b6b2c2 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -30,8 +30,8 @@ spec: - --no-collector.wifi - --no-collector.hwmon - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - - --collector.netclass.ignored-devices=^(veth.*)$ - - --collector.netdev.device-exclude=^(veth.*)$ + - --collector.netclass.ignored-devices=^(veth.*|[a-z0-9]+@if\d+)$ + - --collector.netdev.device-exclude=^(veth.*|[a-z0-9]+@if\d+)$ image: quay.io/prometheus/node-exporter:v1.1.2 name: node-exporter resources: From 86d8ed00049aed4fc4b254c50132b71d1479ed8d Mon Sep 17 00:00:00 2001 From: Sunil Thaha Date: Thu, 1 Jul 2021 12:04:45 +1000 Subject: [PATCH 318/388] Fix make manifests not building every time Make target `manifests` has a dependency on build.sh which if untouched wouldn't generate the manifests after the first run. This patch fixes it by removing the `build.sh` dependency Signed-off-by: Sunil Thaha --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 3b463b2d..23d3c233 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ generate: manifests **.md **.md: $(EMBEDMD_BIN) $(shell find examples) build.sh example.jsonnet $(EMBEDMD_BIN) -w `find . -name "*.md" | grep -v vendor` -manifests: examples/kustomize.jsonnet $(GOJSONTOYAML_BIN) vendor build.sh +manifests: examples/kustomize.jsonnet $(GOJSONTOYAML_BIN) vendor ./build.sh $< vendor: $(JB_BIN) jsonnetfile.json jsonnetfile.lock.json @@ -36,7 +36,7 @@ vendor: $(JB_BIN) jsonnetfile.json jsonnetfile.lock.json $(JB_BIN) install crdschemas: vendor - ./scripts/generate-schemas.sh + ./scripts/generate-schemas.sh .PHONY: validate validate: crdschemas manifests $(KUBECONFORM_BIN) From fadb829b2812ee31f90dd04c76b7f7bb707977e1 Mon Sep 17 00:00:00 2001 From: Paul Sweeney Date: Thu, 1 Jul 2021 15:21:09 +0100 Subject: [PATCH 319/388] add example release-0.3 to release-0.8 migration to docs --- docs/migration-example/my.release-0.3.jsonnet | 327 ++++++++++++++++++ docs/migration-example/my.release-0.8.jsonnet | 327 ++++++++++++++++++ docs/migration-example/readme.md | 250 +++++++++++++ docs/migration-guide.md | 4 + 4 files changed, 908 insertions(+) create mode 100644 docs/migration-example/my.release-0.3.jsonnet create mode 100644 docs/migration-example/my.release-0.8.jsonnet create mode 100644 docs/migration-example/readme.md diff --git a/docs/migration-example/my.release-0.3.jsonnet b/docs/migration-example/my.release-0.3.jsonnet new file mode 100644 index 00000000..6de7c990 --- /dev/null +++ b/docs/migration-example/my.release-0.3.jsonnet @@ -0,0 +1,327 @@ +# Has the following customisations +# Custom alert manager config +# Ingresses for the alert manager, prometheus and grafana +# Grafana admin user password +# Custom prometheus rules +# Custom grafana dashboards +# Custom prometheus config - Data retention, memory, etc. +# Node exporter role and role binding so we can use a PSP for the node exporter + + + +# External variables +# See https://jsonnet.org/learning/tutorial.html +local cluster_identifier = std.extVar('cluster_identifier'); +local etcd_ip = std.extVar('etcd_ip'); +local etcd_tls_ca = std.extVar('etcd_tls_ca'); +local etcd_tls_cert = std.extVar('etcd_tls_cert'); +local etcd_tls_key = std.extVar('etcd_tls_key'); +local grafana_admin_password = std.extVar('grafana_admin_password'); +local prometheus_data_retention_period = std.extVar('prometheus_data_retention_period'); +local prometheus_request_memory = std.extVar('prometheus_request_memory'); + + +# Derived variables +local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local'; +local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local'; +local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local'; + + +# Imports +local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; +local ingress = k.extensions.v1beta1.ingress; +local ingressRule = ingress.mixin.spec.rulesType; +local ingressRuleHttpPath = ingressRule.mixin.http.pathsType; +local ingressTls = ingress.mixin.spec.tlsType; +local role = k.rbac.v1.role; +local roleBinding = k.rbac.v1.roleBinding; +local roleRulesType = k.rbac.v1.role.rulesType; + + +local kp = + (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') + + (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + + + { + _config+:: { + # Override namespace + namespace: 'monitoring', + + + + + + + + + # Override alert manager config + # See https://github.com/coreos/kube-prometheus/tree/master/examples/alertmanager-config-external.jsonnet + alertmanager+: { + config: importstr 'alertmanager.yaml', + }, + + # Override etcd config + # See https://github.com/coreos/kube-prometheus/blob/master/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet + # See https://github.com/coreos/kube-prometheus/blob/master/examples/etcd-skip-verify.jsonnet + etcd+:: { + clientCA: etcd_tls_ca, + clientCert: etcd_tls_cert, + clientKey: etcd_tls_key, + ips: [ etcd_ip ], + }, + + # Override grafana config + # anonymous access + # See http://docs.grafana.org/installation/configuration/ + # See http://docs.grafana.org/auth/overview/#anonymous-authentication + # admin_password + # See http://docs.grafana.org/installation/configuration/#admin-password + grafana+:: { + config: { + sections: { + 'auth.anonymous': { + enabled: true + }, + security: { + admin_password: grafana_admin_password + }, + }, + }, + + + + }, + }, + + # Additional grafana dashboards + grafanaDashboards+:: { + 'my-specific.json': (import 'my-grafana-dashboard-definitions.json'), + }, + + # Alert manager needs an externalUrl + alertmanager+:: { + alertmanager+: { + spec+: { + # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md + externalUrl: 'https://' + alert_manager_host, + }, + }, + }, + + + # Add additional ingresses + # See https://github.com/coreos/kube-prometheus/tree/master/examples/ingress.jsonnet + ingress+:: { + alertmanager: + ingress.new() + + + + ingress.mixin.metadata.withName('alertmanager') + + ingress.mixin.metadata.withNamespace($._config.namespace) + + ingress.mixin.metadata.withAnnotations({ + 'kubernetes.io/ingress.class': 'nginx-api', + }) + + + ingress.mixin.spec.withRules( + ingressRule.new() + + ingressRule.withHost(alert_manager_host) + + ingressRule.mixin.http.withPaths( + ingressRuleHttpPath.new() + + + + + + ingressRuleHttpPath.mixin.backend.withServiceName('alertmanager-operated') + + + ingressRuleHttpPath.mixin.backend.withServicePort(9093) + ), + ) + + + + # Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard + # secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 + ingress.mixin.spec.withTls( + ingressTls.new() + + ingressTls.withHosts(alert_manager_host) + ), + + + grafana: + ingress.new() + + + + ingress.mixin.metadata.withName('grafana') + + ingress.mixin.metadata.withNamespace($._config.namespace) + + ingress.mixin.metadata.withAnnotations({ + 'kubernetes.io/ingress.class': 'nginx-api', + }) + + + ingress.mixin.spec.withRules( + ingressRule.new() + + ingressRule.withHost(grafana_host) + + ingressRule.mixin.http.withPaths( + ingressRuleHttpPath.new() + + + + + + ingressRuleHttpPath.mixin.backend.withServiceName('grafana') + + + ingressRuleHttpPath.mixin.backend.withServicePort(3000) + ), + ) + + + + # Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard + # secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 + ingress.mixin.spec.withTls( + ingressTls.new() + + ingressTls.withHosts(grafana_host) + ), + + + prometheus: + ingress.new() + + + + ingress.mixin.metadata.withName('prometheus') + + ingress.mixin.metadata.withNamespace($._config.namespace) + + ingress.mixin.metadata.withAnnotations({ + 'kubernetes.io/ingress.class': 'nginx-api', + }) + + ingress.mixin.spec.withRules( + ingressRule.new() + + + ingressRule.withHost(prometheus_host) + + ingressRule.mixin.http.withPaths( + ingressRuleHttpPath.new() + + + + + + ingressRuleHttpPath.mixin.backend.withServiceName('prometheus-operated') + + + ingressRuleHttpPath.mixin.backend.withServicePort(9090) + ), + ) + + + + # Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard + # secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 + ingress.mixin.spec.withTls( + ingressTls.new() + + ingressTls.withHosts(prometheus_host) + ), + }, + + + # Node exporter PSP role and role binding + # Add a new top level field for this, the "node-exporter" PSP already exists, so not defining here just referencing + # See https://github.com/coreos/prometheus-operator/issues/787 + nodeExporterPSP: { + role: + role.new() + + + + role.mixin.metadata.withName('node-exporter-psp') + + role.mixin.metadata.withNamespace($._config.namespace) + + role.withRules([ + roleRulesType.new() + + roleRulesType.withApiGroups(['policy']) + + roleRulesType.withResources(['podsecuritypolicies']) + + roleRulesType.withVerbs(['use']) + + roleRulesType.withResourceNames(['node-exporter']) + ]), + + roleBinding: + roleBinding.new() + + roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + + + + roleBinding.mixin.metadata.withName('node-exporter-psp') + + roleBinding.mixin.metadata.withNamespace($._config.namespace) + + + + + roleBinding.mixin.roleRef.withName('node-exporter-psp') + + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + + + + roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'node-exporter' }]), + + + }, + + + # Prometheus needs some extra custom config + prometheus+:: { + prometheus+: { + spec+: { + # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + externalLabels: { + cluster: cluster_identifier, + }, + # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md + externalUrl: 'https://' + prometheus_host, + # Override reuest memory + resources: { + requests: { + memory: prometheus_request_memory, + }, + }, + # Override data retention period + retention: prometheus_data_retention_period, + }, + }, + }, + + + # Additional prometheus rules + # See https://github.com/coreos/kube-prometheus/docs/developing-prometheus-rules-and-grafana-dashboards.md + # cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json + prometheusRules+:: { + + + + + + + + + + + + + + + groups+: import 'my-prometheus-rules.json', + + + }, + }; + + +# Render +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + + + + + + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + + + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + + +{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['node-exporter-psp-' + name]: kp.nodeExporterPSP[name] for name in std.objectFields(kp.nodeExporterPSP) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + diff --git a/docs/migration-example/my.release-0.8.jsonnet b/docs/migration-example/my.release-0.8.jsonnet new file mode 100644 index 00000000..2902590f --- /dev/null +++ b/docs/migration-example/my.release-0.8.jsonnet @@ -0,0 +1,327 @@ +# Has the following customisations +# Custom alert manager config +# Ingresses for the alert manager, prometheus and grafana +# Grafana admin user password +# Custom prometheus rules +# Custom grafana dashboards +# Custom prometheus config - Data retention, memory, etc. +# Node exporter role and role binding so we can use a PSP for the node exporter + +# for help with expected content, see https://github.com/thaum-xyz/ankhmorpork + +# External variables +# See https://jsonnet.org/learning/tutorial.html +local cluster_identifier = std.extVar('cluster_identifier'); +local etcd_ip = std.extVar('etcd_ip'); +local etcd_tls_ca = std.extVar('etcd_tls_ca'); +local etcd_tls_cert = std.extVar('etcd_tls_cert'); +local etcd_tls_key = std.extVar('etcd_tls_key'); +local grafana_admin_password = std.extVar('grafana_admin_password'); +local prometheus_data_retention_period = std.extVar('prometheus_data_retention_period'); +local prometheus_request_memory = std.extVar('prometheus_request_memory'); + + +# Derived variables +local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local'; +local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local'; +local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local'; + + +# ksonnet no longer required + + + + + + + + + + +local kp = + (import 'kube-prometheus/main.libsonnet') + + # kubeadm now achieved by setting platform value - see 9 lines below + (import 'kube-prometheus/addons/static-etcd.libsonnet') + + (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + + # Add kubeadm platform-specific items, + # including kube-contoller-manager and kube-scheduler discovery + kubePrometheus+: { + platform: 'kubeadm' + }, + + # Override alert manager config + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/alertmanager-config-external.jsonnet + alertmanager+: { + config: importstr 'alertmanager.yaml', + }, + + # Override etcd config + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/etcd-skip-verify.jsonnet + etcd+:: { + clientCA: etcd_tls_ca, + clientCert: etcd_tls_cert, + clientKey: etcd_tls_key, + ips: [ etcd_ip ], + }, + + # Override grafana config + # anonymous access + # See http://docs.grafana.org/installation/configuration/ + # See http://docs.grafana.org/auth/overview/#anonymous-authentication + # admin_password + # See http://docs.grafana.org/installation/configuration/#admin-password + grafana+:: { + config: { + sections: { + 'auth.anonymous': { + enabled: true + }, + security: { + admin_password: grafana_admin_password + }, + }, + }, + # Additional grafana dashboards + dashboards+:: { + 'my-specific.json': (import 'my-grafana-dashboard-definitions.json'), + } + }, + }, + + + + + + # Alert manager needs an externalUrl + alertmanager+:: { + alertmanager+: { + spec+: { + + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md + externalUrl: 'https://' + alert_manager_host, + }, + }, + }, + + + # Add additional ingresses + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/ingress.jsonnet + ingress+:: { + 'alertmanager': { + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: 'alertmanager', + namespace: $.values.common.namespace, + annotations: { + 'kubernetes.io/ingress.class': 'nginx-api', + }, + }, + spec: { + rules: [{ + host: alert_manager_host, + http: { + paths: [{ + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: 'alertmanager-operated', + port: { + number: 9093, + }, + }, + }, + }], + }, + }], + tls: [{ + + hosts: [alert_manager_host], + }], + }, + }, + 'grafana': { + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: 'grafana', + namespace: $.values.common.namespace, + annotations: { + 'kubernetes.io/ingress.class': 'nginx-api', + }, + }, + spec: { + rules: [{ + host: grafana_host, + http: { + paths: [{ + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: 'grafana', + port: { + number: 3000, + }, + }, + }, + }], + }, + }], + tls: [{ + + hosts: [grafana_host], + }], + }, + }, + 'prometheus': { + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: 'prometheus', + namespace: $.values.common.namespace, + annotations: { + 'kubernetes.io/ingress.class': 'nginx-api', + }, + }, + spec: { + rules: [{ + host: prometheus_host, + http: { + paths: [{ + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: 'prometheus-operated', + port: { + number: 9090, + }, + }, + }, + }], + }, + }], + tls: [{ + + hosts: [prometheus_host], + }], + }, + }, + }, + + + # Node exporter PSP role and role binding + nodeExporter+: { + 'psp-role'+: { + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'Role', + metadata: { + name: 'node-exporter-psp', + namespace: $.values.common.namespace, + }, + rules: [{ + apiGroups: ['policy'], + resources: ['podsecuritypolicies'], + verbs: ['use'] + resourceNames: ['node-exporter'] + }], + }, + 'psp-rolebinding'+: { + + apiVersion: 'rbac.authorization.k8s.io/v1', + kind: 'RoleBinding', + metadata: { + name: 'node-exporter-psp', + namespace: $.values.common.namespace, + }, + roleRef: { + apiGroup: 'rbac.authorization.k8s.io', + name: 'node-exporter-psp', + kind: 'Role', + }, + subjects: [{ + kind: 'ServiceAccount', + name: 'node-exporter' + }], + }, + }, + + # Prometheus needs some extra custom config + prometheus+:: { + prometheus+: { + spec+: { + + externalLabels: { + cluster: cluster_identifier, + }, + + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md + externalUrl: 'https://' + prometheus_host, + # Override reuest memory + resources: { + requests: { + memory: prometheus_request_memory, + }, + }, + # Override data retention period + retention: prometheus_data_retention_period, + }, + }, + }, + + + # Additional prometheus rules + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/developing-prometheus-rules-and-grafana-dashboards.md#pre-rendered-rules + # cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json + prometheusMe: { + rules: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + labels: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + 'prometheus': 'k8s', + 'role': 'alert-rules' + }, + }, + spec: { + groups: import 'my-prometheus-rules.json', + }, + }, + }, + }; + + +# Render +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } ++ { ['prometheus-my-' + name]: kp.prometheusMe[name] for name in std.objectFields(kp.prometheusMe) } diff --git a/docs/migration-example/readme.md b/docs/migration-example/readme.md new file mode 100644 index 00000000..0db29d74 --- /dev/null +++ b/docs/migration-example/readme.md @@ -0,0 +1,250 @@ +## Example of conversion of a legacy my.jsonnet file + +An example conversion of a legacy custom jsonnet file to release-0.8 +format can be seen by viewing and comparing this +[release-0.3 jsonnet file](./my.release-0.3.jsonnet) (when the github +repo was under `https://github.com/coreos/kube-prometheus...`) +and the corresponding [release-0.8 jsonnet file](./my.release-0.8.jsonnet). + +These two files have had necessary blank lines added so that they +can be compared side-by-side and line-by-line on screen. + +The conversion covers both the change of stopping using ksonnet after +release-0.3 and also the major migration after release-0.7 as described in +[migration-guide.md](../migration-guide.md) + +The sample files are intended as an example of format conversion and +not necessarily best practice for the files in release-0.3 or release-0.8. + +Below are three sample extracts of the conversion as an indication of the +changes required. + + + + + + + + + +
release-0.3 release-0.8
+ +```jsonnet +local kp = + (import 'kube-prometheus/kube-prometheus.libsonnet') + + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') + + (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + + + { + _config+:: { + # Override namespace + namespace: 'monitoring', + + + + + + + +``` + + + +```jsonnet +local kp = + (import 'kube-prometheus/main.libsonnet') + + # kubeadm now achieved by setting platform value - see 9 lines below + (import 'kube-prometheus/addons/static-etcd.libsonnet') + + (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') + + { + values+:: { + common+: { + namespace: 'monitoring', + }, + + # Add kubeadm platform-specific items, + # including kube-contoller-manager and kube-scheduler discovery + kubePrometheus+: { + platform: 'kubeadm' + }, +``` + +
+ + + + + + + + + +
release-0.3 release-0.8
+ +```jsonnet + # Add additional ingresses + # See https://github.com/coreos/kube-prometheus/... + # tree/master/examples/ingress.jsonnet + ingress+:: { + alertmanager: + ingress.new() + + + + ingress.mixin.metadata.withName('alertmanager') + + ingress.mixin.metadata.withNamespace($._config.namespace) + + ingress.mixin.metadata.withAnnotations({ + 'kubernetes.io/ingress.class': 'nginx-api', + }) + + + ingress.mixin.spec.withRules( + ingressRule.new() + + ingressRule.withHost(alert_manager_host) + + ingressRule.mixin.http.withPaths( + ingressRuleHttpPath.new() + + + + + + ingressRuleHttpPath.mixin.backend + .withServiceName('alertmanager-operated') + + ingressRuleHttpPath.mixin.backend.withServicePort(9093) + ), + ) + + # Note we do not need a TLS secretName here as we are going to use the + # nginx-ingress default secret which is a wildcard + # secretName would need to be in the same namespace at this time, + # see https://github.com/kubernetes/ingress-nginx/issues/2371 + ingress.mixin.spec.withTls( + ingressTls.new() + + ingressTls.withHosts(alert_manager_host) + ), + + +``` + + + +```jsonnet + # Add additional ingresses + # See https://github.com/prometheus-operator/kube-prometheus/... + # blob/main/examples/ingress.jsonnet + ingress+:: { + 'alertmanager': { + apiVersion: 'networking.k8s.io/v1', + kind: 'Ingress', + metadata: { + name: 'alertmanager', + namespace: $.values.common.namespace, + annotations: { + 'kubernetes.io/ingress.class': 'nginx-api', + }, + }, + spec: { + rules: [{ + host: alert_manager_host, + http: { + paths: [{ + path: '/', + pathType: 'Prefix', + backend: { + service: { + name: 'alertmanager-operated', + port: { + number: 9093, + }, + }, + }, + }], + }, + }], + tls: [{ + + hosts: [alert_manager_host], + }], + }, + }, +``` + +
+ + + + + + + + + +
release-0.3 release-0.8
+ +```jsonnet + # Additional prometheus rules + # See https://github.com/coreos/kube-prometheus/docs/... + # developing-prometheus-rules-and-grafana-dashboards.md + # + # cat my-prometheus-rules.yaml | \ + # gojsontoyaml -yamltojson | \ + # jq . > my-prometheus-rules.json + prometheusRules+:: { + + + + + + + + + + + + + + + groups+: import 'my-prometheus-rules.json', + + + }, + }; + + + + +``` + + + +```jsonnet + # Additional prometheus rules + # See https://github.com/prometheus-operator/kube-prometheus/blob/main/... + # docs/developing-prometheus-rules-and-grafana-dashboards.md... + # #pre-rendered-rules + # cat my-prometheus-rules.yaml | \ + # gojsontoyaml -yamltojson | \ + # jq . > my-prometheus-rules.json + prometheusMe: { + rules: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'my-prometheus-rule', + namespace: $.values.common.namespace, + labels: { + 'app.kubernetes.io/name': 'kube-prometheus', + 'app.kubernetes.io/part-of': 'kube-prometheus', + 'prometheus': 'k8s', + 'role': 'alert-rules' + }, + }, + spec: { + groups: import 'my-prometheus-rules.json', + }, + }, + }, + }; + +... + ++ { ['prometheus-my-' + name]: kp.prometheusMe[name] for name in std.objectFields(kp.prometheusMe) } +``` + +
diff --git a/docs/migration-guide.md b/docs/migration-guide.md index f01434cf..a33a8b61 100644 --- a/docs/migration-guide.md +++ b/docs/migration-guide.md @@ -61,6 +61,10 @@ This results in creating multiple `PrometheusRule` objects instead of having one All examples from `examples/` directory were adapted to the new codebase. [Please take a look at them for guideance](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples) +## Legacy migration + +An example of conversion of a legacy release-0.3 my.jsonnet file to release-0.8 can be found in [migration-example](./migration-example) + ## Advanced usage examples For more advanced usage examples you can take a look at those two, open to public, implementations: From e38bc756a45773273b6c2c3022f709885607a984 Mon Sep 17 00:00:00 2001 From: Philip Gough Date: Mon, 5 Jul 2021 09:56:28 +0100 Subject: [PATCH 320/388] ci: Harden action to wait for kind cluster readiness --- .github/workflows/ci.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bc8418b5..1dae051b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -63,13 +63,9 @@ jobs: with: version: ${{ env.kind-version }} image: ${{ matrix.kind-image }} + wait: 300s - name: Wait for cluster to finish bootstraping - run: | - until [ "$(kubectl get pods --all-namespaces --no-headers | grep -cEv '([0-9]+)/\1')" -eq 0 ]; do - sleep 5s - done - kubectl cluster-info - kubectl get pods -A + run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s - name: Create kube-prometheus stack run: | kubectl create -f manifests/setup From e77664f3252d846421fbc66a6e10826c42ccbb56 Mon Sep 17 00:00:00 2001 From: Paul Sweeney Date: Mon, 5 Jul 2021 11:43:51 +0100 Subject: [PATCH 321/388] Update docs/migration-example/my.release-0.8.jsonnet - typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Paweł Krupa --- docs/migration-example/my.release-0.8.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/migration-example/my.release-0.8.jsonnet b/docs/migration-example/my.release-0.8.jsonnet index 2902590f..e3c5a733 100644 --- a/docs/migration-example/my.release-0.8.jsonnet +++ b/docs/migration-example/my.release-0.8.jsonnet @@ -231,7 +231,7 @@ local kp = rules: [{ apiGroups: ['policy'], resources: ['podsecuritypolicies'], - verbs: ['use'] + verbs: ['use'], resourceNames: ['node-exporter'] }], }, From 8812e45501bff47ece13cd286a41c9daa8e2119e Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 30 Jun 2021 16:53:02 +0200 Subject: [PATCH 322/388] jsonnet: readjust prometheus-adapter intervals Previously, prometheus-adapter configuration wasn't taking into account the scrape interval of kubelet, node-exporter and windows-exporter leading to getting non fresh results, and even negative results from the CPU queries when the irate() function was extrapolating data. To fix that, we want to set the interval used in the irate() function in the CPU queries to 4x scrape interval in order to extrapolate data between the last two scrapes. This will improve the freshness of the cpu usage exposed and prevent incorrect extrapolations. Signed-off-by: Damien Grisonnet --- .../components/prometheus-adapter.libsonnet | 15 +++++++++++++-- jsonnet/kube-prometheus/lib/utils.libsonnet | 7 +++++++ jsonnet/kube-prometheus/main.libsonnet | 6 ++++++ manifests/prometheus-adapter-configMap.yaml | 6 ++++-- 4 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 jsonnet/kube-prometheus/lib/utils.libsonnet diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 8312183c..eb708c0d 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -22,13 +22,24 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) }, + // Default range intervals are equal to 4 times the default scrape interval. + // This is done in order to follow Prometheus rule of thumb with irate(). + rangeIntervals: { + kubelet: '4m', + nodeExporter: '4m', + windowsExporter: '4m', + }, prometheusURL: error 'must provide prometheusURL', config: { resourceRules: { cpu: { - containerQuery: 'sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[5m])) by (<<.GroupBy>>)', - nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)', + containerQuery: ||| + sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[%(kubelet)s])) by (<<.GroupBy>>) + ||| % $.rangeIntervals, + nodeQuery: ||| + sum(1 - irate(node_cpu_seconds_total{mode="idle"}[%(nodeExporter)s]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[%(windowsExporter)s])) by (<<.GroupBy>>) + ||| % $.rangeIntervals, resources: { overrides: { node: { resource: 'node' }, diff --git a/jsonnet/kube-prometheus/lib/utils.libsonnet b/jsonnet/kube-prometheus/lib/utils.libsonnet new file mode 100644 index 00000000..b5d29825 --- /dev/null +++ b/jsonnet/kube-prometheus/lib/utils.libsonnet @@ -0,0 +1,7 @@ +{ + // rangeInterval takes a scrape interval and convert its to a range interval + // following Prometheus rule of thumb for rate() and irate(). + rangeInterval(i='1m'): + local interval = std.parseInt(std.substr(i, 0, std.length(i) - 1)); + interval * 4 + i[std.length(i) - 1], +} diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index e1dc0b59..903c44b3 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -11,6 +11,8 @@ local prometheus = import './components/prometheus.libsonnet'; local platformPatch = import './platforms/platforms.libsonnet'; +local utils = import './lib/utils.libsonnet'; + { // using `values` as this is similar to helm values:: { @@ -97,6 +99,10 @@ local platformPatch = import './platforms/platforms.libsonnet'; version: $.values.common.versions.prometheusAdapter, image: $.values.common.images.prometheusAdapter, prometheusURL: 'http://prometheus-' + $.values.prometheus.name + '.' + $.values.common.namespace + '.svc.cluster.local:9090/', + rangeIntervals+: { + kubelet: utils.rangeInterval($.kubernetesControlPlane.serviceMonitorKubelet.spec.endpoints[0].interval), + nodeExporter: utils.rangeInterval($.nodeExporter.serviceMonitor.spec.endpoints[0].interval), + }, }, prometheusOperator: { namespace: $.values.common.namespace, diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index 64ee1079..899a0e7e 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -4,8 +4,10 @@ data: "resourceRules": "cpu": "containerLabel": "container" - "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)" - "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode=\"idle\", job=\"windows-exporter\",<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)" + "containerQuery": | + sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[120s])) by (<<.GroupBy>>) + "nodeQuery": | + sum(1 - irate(node_cpu_seconds_total{mode="idle"}[60s]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[4m])) by (<<.GroupBy>>) "resources": "overrides": "namespace": From b9563b9c2d3015cb2d2c031675763c80301a61b1 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 5 Jul 2021 15:29:45 +0200 Subject: [PATCH 323/388] jsonnet: improve adapter queries readability Signed-off-by: Damien Grisonnet --- .../components/prometheus-adapter.libsonnet | 39 +++++++++++++++++-- manifests/prometheus-adapter-configMap.yaml | 37 ++++++++++++++++-- 2 files changed, 68 insertions(+), 8 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index eb708c0d..864178c4 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -35,10 +35,26 @@ local defaults = { resourceRules: { cpu: { containerQuery: ||| - sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[%(kubelet)s])) by (<<.GroupBy>>) + sum by (<<.GroupBy>>) ( + irate ( + container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[%(kubelet)s] + ) + ) ||| % $.rangeIntervals, nodeQuery: ||| - sum(1 - irate(node_cpu_seconds_total{mode="idle"}[%(nodeExporter)s]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[%(windowsExporter)s])) by (<<.GroupBy>>) + sum by (<<.GroupBy>>) ( + 1 - irate( + node_cpu_seconds_total{mode="idle"}[%(nodeExporter)s] + ) + * on(namespace, pod) group_left(node) ( + node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>} + ) + ) + or sum by (<<.GroupBy>>) ( + 1 - irate( + windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[%(windowsExporter)s] + ) + ) ||| % $.rangeIntervals, resources: { overrides: { @@ -50,8 +66,23 @@ local defaults = { containerLabel: 'container', }, memory: { - containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)', - nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum(windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} - windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', + containerQuery: ||| + sum by (<<.GroupBy>>) ( + container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""} + ) + |||, + nodeQuery: ||| + sum by (<<.GroupBy>>) ( + node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} + - + node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>} + ) + or sum by (<<.GroupBy>>) ( + windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} + - + windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>} + ) + |||, resources: { overrides: { instance: { resource: 'node' }, diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index 899a0e7e..bd6de899 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -5,9 +5,25 @@ data: "cpu": "containerLabel": "container" "containerQuery": | - sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[120s])) by (<<.GroupBy>>) + sum by (<<.GroupBy>>) ( + irate ( + container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[120s] + ) + ) "nodeQuery": | - sum(1 - irate(node_cpu_seconds_total{mode="idle"}[60s]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum (1- irate(windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[4m])) by (<<.GroupBy>>) + sum by (<<.GroupBy>>) ( + 1 - irate( + node_cpu_seconds_total{mode="idle"}[60s] + ) + * on(namespace, pod) group_left(node) ( + node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>} + ) + ) + or sum by (<<.GroupBy>>) ( + 1 - irate( + windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[4m] + ) + ) "resources": "overrides": "namespace": @@ -18,8 +34,21 @@ data: "resource": "pod" "memory": "containerLabel": "container" - "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)" - "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>) or sum(windows_cs_physical_memory_bytes{job=\"windows-exporter\",<<.LabelMatchers>>} - windows_memory_available_bytes{job=\"windows-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)" + "containerQuery": | + sum by (<<.GroupBy>>) ( + container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""} + ) + "nodeQuery": | + sum by (<<.GroupBy>>) ( + node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} + - + node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>} + ) + or sum by (<<.GroupBy>>) ( + windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} + - + windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>} + ) "resources": "overrides": "instance": From f95eaf85980d120c47078c97e3e8de99895e0332 Mon Sep 17 00:00:00 2001 From: Paul Sweeney Date: Tue, 6 Jul 2021 11:19:33 +0100 Subject: [PATCH 324/388] make fmt corrections to migration examples --- docs/migration-example/my.release-0.3.jsonnet | 141 +++++++----------- docs/migration-example/my.release-0.8.jsonnet | 117 +++++++-------- 2 files changed, 108 insertions(+), 150 deletions(-) diff --git a/docs/migration-example/my.release-0.3.jsonnet b/docs/migration-example/my.release-0.3.jsonnet index 6de7c990..a6a87818 100644 --- a/docs/migration-example/my.release-0.3.jsonnet +++ b/docs/migration-example/my.release-0.3.jsonnet @@ -1,16 +1,15 @@ -# Has the following customisations -# Custom alert manager config -# Ingresses for the alert manager, prometheus and grafana -# Grafana admin user password -# Custom prometheus rules -# Custom grafana dashboards -# Custom prometheus config - Data retention, memory, etc. -# Node exporter role and role binding so we can use a PSP for the node exporter +// Has the following customisations +// Custom alert manager config +// Ingresses for the alert manager, prometheus and grafana +// Grafana admin user password +// Custom prometheus rules +// Custom grafana dashboards +// Custom prometheus config - Data retention, memory, etc. +// Node exporter role and role binding so we can use a PSP for the node exporter - -# External variables -# See https://jsonnet.org/learning/tutorial.html +// External variables +// See https://jsonnet.org/learning/tutorial.html local cluster_identifier = std.extVar('cluster_identifier'); local etcd_ip = std.extVar('etcd_ip'); local etcd_tls_ca = std.extVar('etcd_tls_ca'); @@ -21,13 +20,13 @@ local prometheus_data_retention_period = std.extVar('prometheus_data_retention_p local prometheus_request_memory = std.extVar('prometheus_request_memory'); -# Derived variables +// Derived variables local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local'; local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local'; local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local'; -# Imports +// Imports local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet'; local ingress = k.extensions.v1beta1.ingress; local ingressRule = ingress.mixin.spec.rulesType; @@ -41,78 +40,71 @@ local roleRulesType = k.rbac.v1.role.rulesType; local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') + - (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + + (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + { _config+:: { - # Override namespace + // Override namespace namespace: 'monitoring', - - - - - - - # Override alert manager config - # See https://github.com/coreos/kube-prometheus/tree/master/examples/alertmanager-config-external.jsonnet + // Override alert manager config + // See https://github.com/coreos/kube-prometheus/tree/master/examples/alertmanager-config-external.jsonnet alertmanager+: { config: importstr 'alertmanager.yaml', }, - # Override etcd config - # See https://github.com/coreos/kube-prometheus/blob/master/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet - # See https://github.com/coreos/kube-prometheus/blob/master/examples/etcd-skip-verify.jsonnet + // Override etcd config + // See https://github.com/coreos/kube-prometheus/blob/master/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet + // See https://github.com/coreos/kube-prometheus/blob/master/examples/etcd-skip-verify.jsonnet etcd+:: { clientCA: etcd_tls_ca, clientCert: etcd_tls_cert, clientKey: etcd_tls_key, - ips: [ etcd_ip ], + ips: [etcd_ip], }, - # Override grafana config - # anonymous access - # See http://docs.grafana.org/installation/configuration/ - # See http://docs.grafana.org/auth/overview/#anonymous-authentication - # admin_password - # See http://docs.grafana.org/installation/configuration/#admin-password + // Override grafana config + // anonymous access + // See http://docs.grafana.org/installation/configuration/ + // See http://docs.grafana.org/auth/overview/#anonymous-authentication + // admin_password + // See http://docs.grafana.org/installation/configuration/#admin-password grafana+:: { config: { sections: { 'auth.anonymous': { - enabled: true + enabled: true, }, security: { - admin_password: grafana_admin_password + admin_password: grafana_admin_password, }, }, }, - }, }, - # Additional grafana dashboards + // Additional grafana dashboards grafanaDashboards+:: { 'my-specific.json': (import 'my-grafana-dashboard-definitions.json'), }, - # Alert manager needs an externalUrl + // Alert manager needs an externalUrl alertmanager+:: { alertmanager+: { spec+: { - # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md + // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md externalUrl: 'https://' + alert_manager_host, }, }, }, - # Add additional ingresses - # See https://github.com/coreos/kube-prometheus/tree/master/examples/ingress.jsonnet + // Add additional ingresses + // See https://github.com/coreos/kube-prometheus/tree/master/examples/ingress.jsonnet ingress+:: { alertmanager: ingress.new() + @@ -131,8 +123,6 @@ local kp = ingressRuleHttpPath.new() + - - ingressRuleHttpPath.mixin.backend.withServiceName('alertmanager-operated') + ingressRuleHttpPath.mixin.backend.withServicePort(9093) @@ -140,8 +130,8 @@ local kp = ) + - # Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard - # secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 + // Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard + // secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 ingress.mixin.spec.withTls( ingressTls.new() + ingressTls.withHosts(alert_manager_host) @@ -165,8 +155,6 @@ local kp = ingressRuleHttpPath.new() + - - ingressRuleHttpPath.mixin.backend.withServiceName('grafana') + ingressRuleHttpPath.mixin.backend.withServicePort(3000) @@ -174,8 +162,8 @@ local kp = ) + - # Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard - # secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 + // Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard + // secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 ingress.mixin.spec.withTls( ingressTls.new() + ingressTls.withHosts(grafana_host) @@ -199,17 +187,15 @@ local kp = ingressRuleHttpPath.new() + - - ingressRuleHttpPath.mixin.backend.withServiceName('prometheus-operated') + ingressRuleHttpPath.mixin.backend.withServicePort(9090) ), ) + - - # Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard - # secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 + + // Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard + // secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371 ingress.mixin.spec.withTls( ingressTls.new() + ingressTls.withHosts(prometheus_host) @@ -217,9 +203,9 @@ local kp = }, - # Node exporter PSP role and role binding - # Add a new top level field for this, the "node-exporter" PSP already exists, so not defining here just referencing - # See https://github.com/coreos/prometheus-operator/issues/787 + // Node exporter PSP role and role binding + // Add a new top level field for this, the "node-exporter" PSP already exists, so not defining here just referencing + // See https://github.com/coreos/prometheus-operator/issues/787 nodeExporterPSP: { role: role.new() + @@ -232,7 +218,7 @@ local kp = roleRulesType.withApiGroups(['policy']) + roleRulesType.withResources(['podsecuritypolicies']) + roleRulesType.withVerbs(['use']) + - roleRulesType.withResourceNames(['node-exporter']) + roleRulesType.withResourceNames(['node-exporter']), ]), roleBinding: @@ -244,7 +230,6 @@ local kp = roleBinding.mixin.metadata.withNamespace($._config.namespace) + - roleBinding.mixin.roleRef.withName('node-exporter-psp') + roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + @@ -255,48 +240,36 @@ local kp = }, - # Prometheus needs some extra custom config + // Prometheus needs some extra custom config prometheus+:: { prometheus+: { spec+: { - # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec externalLabels: { cluster: cluster_identifier, }, - # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - # See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md + // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md + // See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md externalUrl: 'https://' + prometheus_host, - # Override reuest memory + // Override reuest memory resources: { requests: { memory: prometheus_request_memory, }, }, - # Override data retention period + // Override data retention period retention: prometheus_data_retention_period, }, }, }, - # Additional prometheus rules - # See https://github.com/coreos/kube-prometheus/docs/developing-prometheus-rules-and-grafana-dashboards.md - # cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json + // Additional prometheus rules + // See https://github.com/coreos/kube-prometheus/docs/developing-prometheus-rules-and-grafana-dashboards.md + // cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json prometheusRules+:: { - - - - - - - - - - - - groups+: import 'my-prometheus-rules.json', @@ -304,13 +277,10 @@ local kp = }; -# Render +// Render { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + - - - { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + @@ -324,4 +294,3 @@ local kp = { ['node-exporter-psp-' + name]: kp.nodeExporterPSP[name] for name in std.objectFields(kp.nodeExporterPSP) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } - diff --git a/docs/migration-example/my.release-0.8.jsonnet b/docs/migration-example/my.release-0.8.jsonnet index e3c5a733..368938b2 100644 --- a/docs/migration-example/my.release-0.8.jsonnet +++ b/docs/migration-example/my.release-0.8.jsonnet @@ -1,16 +1,16 @@ -# Has the following customisations -# Custom alert manager config -# Ingresses for the alert manager, prometheus and grafana -# Grafana admin user password -# Custom prometheus rules -# Custom grafana dashboards -# Custom prometheus config - Data retention, memory, etc. -# Node exporter role and role binding so we can use a PSP for the node exporter +// Has the following customisations +// Custom alert manager config +// Ingresses for the alert manager, prometheus and grafana +// Grafana admin user password +// Custom prometheus rules +// Custom grafana dashboards +// Custom prometheus config - Data retention, memory, etc. +// Node exporter role and role binding so we can use a PSP for the node exporter -# for help with expected content, see https://github.com/thaum-xyz/ankhmorpork +// for help with expected content, see https://github.com/thaum-xyz/ankhmorpork -# External variables -# See https://jsonnet.org/learning/tutorial.html +// External variables +// See https://jsonnet.org/learning/tutorial.html local cluster_identifier = std.extVar('cluster_identifier'); local etcd_ip = std.extVar('etcd_ip'); local etcd_tls_ca = std.extVar('etcd_tls_ca'); @@ -21,26 +21,18 @@ local prometheus_data_retention_period = std.extVar('prometheus_data_retention_p local prometheus_request_memory = std.extVar('prometheus_request_memory'); -# Derived variables +// Derived variables local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local'; local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local'; local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local'; -# ksonnet no longer required - - - - - - - - +// ksonnet no longer required local kp = (import 'kube-prometheus/main.libsonnet') + - # kubeadm now achieved by setting platform value - see 9 lines below + // kubeadm now achieved by setting platform value - see 9 lines below (import 'kube-prometheus/addons/static-etcd.libsonnet') + (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') + { @@ -49,72 +41,69 @@ local kp = namespace: 'monitoring', }, - # Add kubeadm platform-specific items, - # including kube-contoller-manager and kube-scheduler discovery + // Add kubeadm platform-specific items, + // including kube-contoller-manager and kube-scheduler discovery kubePrometheus+: { - platform: 'kubeadm' + platform: 'kubeadm', }, - # Override alert manager config - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/alertmanager-config-external.jsonnet + // Override alert manager config + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/alertmanager-config-external.jsonnet alertmanager+: { config: importstr 'alertmanager.yaml', }, - # Override etcd config - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/etcd-skip-verify.jsonnet + // Override etcd config + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/etcd-skip-verify.jsonnet etcd+:: { clientCA: etcd_tls_ca, clientCert: etcd_tls_cert, clientKey: etcd_tls_key, - ips: [ etcd_ip ], + ips: [etcd_ip], }, - # Override grafana config - # anonymous access - # See http://docs.grafana.org/installation/configuration/ - # See http://docs.grafana.org/auth/overview/#anonymous-authentication - # admin_password - # See http://docs.grafana.org/installation/configuration/#admin-password + // Override grafana config + // anonymous access + // See http://docs.grafana.org/installation/configuration/ + // See http://docs.grafana.org/auth/overview/#anonymous-authentication + // admin_password + // See http://docs.grafana.org/installation/configuration/#admin-password grafana+:: { config: { sections: { 'auth.anonymous': { - enabled: true + enabled: true, }, security: { - admin_password: grafana_admin_password + admin_password: grafana_admin_password, }, }, }, - # Additional grafana dashboards + // Additional grafana dashboards dashboards+:: { 'my-specific.json': (import 'my-grafana-dashboard-definitions.json'), - } + }, }, }, - - - - # Alert manager needs an externalUrl + // Alert manager needs an externalUrl alertmanager+:: { alertmanager+: { spec+: { - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md externalUrl: 'https://' + alert_manager_host, }, }, }, - # Add additional ingresses - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/ingress.jsonnet + // Add additional ingresses + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/ingress.jsonnet ingress+:: { - 'alertmanager': { + alertmanager: { apiVersion: 'networking.k8s.io/v1', kind: 'Ingress', metadata: { @@ -148,7 +137,7 @@ local kp = }], }, }, - 'grafana': { + grafana: { apiVersion: 'networking.k8s.io/v1', kind: 'Ingress', metadata: { @@ -182,7 +171,7 @@ local kp = }], }, }, - 'prometheus': { + prometheus: { apiVersion: 'networking.k8s.io/v1', kind: 'Ingress', metadata: { @@ -219,7 +208,7 @@ local kp = }, - # Node exporter PSP role and role binding + // Node exporter PSP role and role binding nodeExporter+: { 'psp-role'+: { apiVersion: 'rbac.authorization.k8s.io/v1', @@ -232,7 +221,7 @@ local kp = apiGroups: ['policy'], resources: ['podsecuritypolicies'], verbs: ['use'], - resourceNames: ['node-exporter'] + resourceNames: ['node-exporter'], }], }, 'psp-rolebinding'+: { @@ -250,12 +239,12 @@ local kp = }, subjects: [{ kind: 'ServiceAccount', - name: 'node-exporter' + name: 'node-exporter', }], }, }, - # Prometheus needs some extra custom config + // Prometheus needs some extra custom config prometheus+:: { prometheus+: { spec+: { @@ -264,24 +253,24 @@ local kp = cluster: cluster_identifier, }, - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md externalUrl: 'https://' + prometheus_host, - # Override reuest memory + // Override reuest memory resources: { requests: { memory: prometheus_request_memory, }, }, - # Override data retention period + // Override data retention period retention: prometheus_data_retention_period, }, }, }, - # Additional prometheus rules - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/developing-prometheus-rules-and-grafana-dashboards.md#pre-rendered-rules - # cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json + // Additional prometheus rules + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/developing-prometheus-rules-and-grafana-dashboards.md#pre-rendered-rules + // cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json prometheusMe: { rules: { apiVersion: 'monitoring.coreos.com/v1', @@ -292,8 +281,8 @@ local kp = labels: { 'app.kubernetes.io/name': 'kube-prometheus', 'app.kubernetes.io/part-of': 'kube-prometheus', - 'prometheus': 'k8s', - 'role': 'alert-rules' + prometheus: 'k8s', + role: 'alert-rules', }, }, spec: { @@ -304,7 +293,7 @@ local kp = }; -# Render +// Render { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] From 552c9ecaeabbdbf8f41367c11afe11f7e7505aa1 Mon Sep 17 00:00:00 2001 From: Paul Sweeney Date: Tue, 6 Jul 2021 12:18:07 +0100 Subject: [PATCH 325/388] apply make fmt fixes to migration readme extracts --- docs/migration-example/readme.md | 66 ++++++++++++++++---------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/docs/migration-example/readme.md b/docs/migration-example/readme.md index 0db29d74..5e9def04 100644 --- a/docs/migration-example/readme.md +++ b/docs/migration-example/readme.md @@ -30,11 +30,11 @@ changes required. local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') + - (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + + (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + { _config+:: { - # Override namespace + // Override namespace namespace: 'monitoring', @@ -51,7 +51,7 @@ local kp = ```jsonnet local kp = (import 'kube-prometheus/main.libsonnet') + - # kubeadm now achieved by setting platform value - see 9 lines below + // kubeadm now achieved by setting platform value - see 9 lines below (import 'kube-prometheus/addons/static-etcd.libsonnet') + (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') + { @@ -60,10 +60,10 @@ local kp = namespace: 'monitoring', }, - # Add kubeadm platform-specific items, - # including kube-contoller-manager and kube-scheduler discovery + // Add kubeadm platform-specific items, + // including kube-contoller-manager and kube-scheduler discovery kubePrometheus+: { - platform: 'kubeadm' + platform: 'kubeadm', }, ``` @@ -79,9 +79,9 @@ local kp = ```jsonnet - # Add additional ingresses - # See https://github.com/coreos/kube-prometheus/... - # tree/master/examples/ingress.jsonnet + // Add additional ingresses + // See https://github.com/coreos/kube-prometheus/... + // tree/master/examples/ingress.jsonnet ingress+:: { alertmanager: ingress.new() + @@ -107,10 +107,10 @@ local kp = ingressRuleHttpPath.mixin.backend.withServicePort(9093) ), ) + - # Note we do not need a TLS secretName here as we are going to use the - # nginx-ingress default secret which is a wildcard - # secretName would need to be in the same namespace at this time, - # see https://github.com/kubernetes/ingress-nginx/issues/2371 + // Note we do not need a TLS secretName here as we are going to use the + // nginx-ingress default secret which is a wildcard + // secretName would need to be in the same namespace at this time, + // see https://github.com/kubernetes/ingress-nginx/issues/2371 ingress.mixin.spec.withTls( ingressTls.new() + ingressTls.withHosts(alert_manager_host) @@ -123,11 +123,11 @@ local kp = ```jsonnet - # Add additional ingresses - # See https://github.com/prometheus-operator/kube-prometheus/... - # blob/main/examples/ingress.jsonnet + // Add additional ingresses + // See https://github.com/prometheus-operator/kube-prometheus/... + // blob/main/examples/ingress.jsonnet ingress+:: { - 'alertmanager': { + alertmanager: { apiVersion: 'networking.k8s.io/v1', kind: 'Ingress', metadata: { @@ -175,13 +175,13 @@ local kp = ```jsonnet - # Additional prometheus rules - # See https://github.com/coreos/kube-prometheus/docs/... - # developing-prometheus-rules-and-grafana-dashboards.md - # - # cat my-prometheus-rules.yaml | \ - # gojsontoyaml -yamltojson | \ - # jq . > my-prometheus-rules.json + // Additional prometheus rules + // See https://github.com/coreos/kube-prometheus/docs/... + // developing-prometheus-rules-and-grafana-dashboards.md + // + // cat my-prometheus-rules.yaml | \ + // gojsontoyaml -yamltojson | \ + // jq . > my-prometheus-rules.json prometheusRules+:: { @@ -212,13 +212,13 @@ local kp = ```jsonnet - # Additional prometheus rules - # See https://github.com/prometheus-operator/kube-prometheus/blob/main/... - # docs/developing-prometheus-rules-and-grafana-dashboards.md... - # #pre-rendered-rules - # cat my-prometheus-rules.yaml | \ - # gojsontoyaml -yamltojson | \ - # jq . > my-prometheus-rules.json + // Additional prometheus rules + // See https://github.com/prometheus-operator/kube-prometheus/blob/main/... + // docs/developing-prometheus-rules-and-grafana-dashboards.md... + // #pre-rendered-rules + // cat my-prometheus-rules.yaml | \ + // gojsontoyaml -yamltojson | \ + // jq . > my-prometheus-rules.json prometheusMe: { rules: { apiVersion: 'monitoring.coreos.com/v1', @@ -229,8 +229,8 @@ local kp = labels: { 'app.kubernetes.io/name': 'kube-prometheus', 'app.kubernetes.io/part-of': 'kube-prometheus', - 'prometheus': 'k8s', - 'role': 'alert-rules' + prometheus: 'k8s', + role: 'alert-rules', }, }, spec: { From 3e6865d776108876790c94a16f7cd4ae058632b4 Mon Sep 17 00:00:00 2001 From: Philip Date: Tue, 6 Jul 2021 17:49:32 +0200 Subject: [PATCH 326/388] Generate kubernetes-mixin --- jsonnetfile.lock.json | 28 +++++++-------- manifests/grafana-dashboardDefinitions.yaml | 40 ++++++++++----------- manifests/kubernetes-prometheusRule.yaml | 19 ++++++---- 3 files changed, 46 insertions(+), 41 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 08a0ff19..5c01010f 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "556447683112b6ccc00b27a1bd0d0a4edc361692", - "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" + "version": "f4fad92e0d0240d1495cc6bf9d2f4d1fbeab4e4b", + "sum": "RqOj1ITnyH6jm/6qBtEE+Ob5KTk/nKX1zlhj/SWqARE=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "054a2cecd449b88582386cd12a5865daca10439e", + "version": "d8d3c4b74089f6f6a83b6c99d7425e2d646a1b30", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "e0dc3563dcbf2e54e0ffe8e83f3f51b237ef33be", - "sum": "egi2xHFco6VkCxettVvAju/yrsGnB3AFoPpCGKfWhtU=" + "version": "6a4b21fb685af4a26983a4e51103f62b3ca244f7", + "sum": "Z/G2a7I4uXmDSgcwJqZ1f4haO+CInIJgYiLaCLCpm6U=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "e0dc3563dcbf2e54e0ffe8e83f3f51b237ef33be", + "version": "6a4b21fb685af4a26983a4e51103f62b3ca244f7", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "d94da5292d7e213c5b2f3f508d162e6044a68ca9", + "version": "7594278d264753220921eef1a59af4927b375573", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "d94da5292d7e213c5b2f3f508d162e6044a68ca9", + "version": "7594278d264753220921eef1a59af4927b375573", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "1c35faa561f2557fa156438c13c5763d3b6ac6c4", + "version": "2388bfa557c9836d5ff01e620a129d33852670ff", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,7 +99,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "1c35faa561f2557fa156438c13c5763d3b6ac6c4", + "version": "2388bfa557c9836d5ff01e620a129d33852670ff", "sum": "eHJp7oFWvBEsSmwoRML356DLK80n7rRt8XKRZ+YawvQ=" }, { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "fd0929ba9fc58737a9c91f24771862692fa72d17", + "version": "8491f816296b26bd4efe3aa4164fe72a7cd329de", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,7 +120,7 @@ "subdir": "docs/node-mixin" } }, - "version": "90d469805ac04cf1be31fdb50fcd895146332e92", + "version": "35a2de21d4ae686f4d3e9e0a54059a6c7ef93885", "sum": "os3VfjBdFdDaTYzI+A/RahIhQcgQ7KoaLL68s1kiCbA=" }, { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "d8219f29f4fec899edde3d3055acf3013dc3f77a", + "version": "62598878dd080d0488457e2238fb6e5a847a8247", "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "8f5021166d21005f9a63c3c44fd876113fd0c05d", + "version": "e7d3ec77ee6ad2580e50b371c00465ad277340a1", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 8253c14c..cfc1a747 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -7504,7 +7504,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -7590,7 +7590,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -7688,7 +7688,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -7774,7 +7774,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -10210,7 +10210,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -10296,7 +10296,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -10394,7 +10394,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -10480,7 +10480,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -13362,7 +13362,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -13449,7 +13449,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -13548,7 +13548,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -13635,7 +13635,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -16004,7 +16004,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -16090,7 +16090,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -16188,7 +16188,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -16274,7 +16274,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -18166,7 +18166,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -18252,7 +18252,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -18350,7 +18350,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, @@ -18436,7 +18436,7 @@ items: }, "yaxes": [ { - "format": "Bps", + "format": "pps", "label": null, "logBase": 1, "max": null, diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 208116ff..a3b278f1 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -60,7 +60,7 @@ spec: expr: | ( kube_deployment_spec_replicas{job="kube-state-metrics"} - != + > kube_deployment_status_replicas_available{job="kube-state-metrics"} ) and ( changes(kube_deployment_status_replicas_updated{job="kube-state-metrics"}[10m]) @@ -212,7 +212,7 @@ spec: severity: warning - alert: KubeHpaReplicasMismatch annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has not matched the desired number of replicas for longer than 15 minutes. + description: HPA {{ $labels.namespace }}/{{ $labels.horizontalpodautoscaler }} has not matched the desired number of replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch summary: HPA has not matched descired number of replicas. expr: | @@ -234,7 +234,7 @@ spec: severity: warning - alert: KubeHpaMaxedOut annotations: - description: HPA {{ $labels.namespace }}/{{ $labels.hpa }} has been running at max replicas for longer than 15 minutes. + description: HPA {{ $labels.namespace }}/{{ $labels.horizontalpodautoscaler }} has been running at max replicas for longer than 15 minutes. runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout summary: HPA is running at max replicas expr: | @@ -362,10 +362,13 @@ spec: runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | - kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} - < 0.03 + ( + kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} + ) < 0.03 + and + kubelet_volume_stats_used_bytes{job="kubelet", metrics_path="/metrics"} > 0 for: 1m labels: severity: critical @@ -381,6 +384,8 @@ spec: kubelet_volume_stats_capacity_bytes{job="kubelet", metrics_path="/metrics"} ) < 0.15 and + kubelet_volume_stats_used_bytes{job="kubelet", metrics_path="/metrics"} > 0 + and predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 for: 1h labels: From ed2ffe9d054c4c17b452428e6da8c0c251dd5040 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 7 Jul 2021 10:03:40 +0200 Subject: [PATCH 327/388] *: add "update" target to makefile and use it in automatic updater Signed-off-by: paulfantom --- .github/workflows/versions.yaml | 7 ++----- Makefile | 4 ++++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 6c5d0307..6a8f5a25 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -17,13 +17,10 @@ jobs: # Write to temporary file to make update atomic scripts/generate-versions.sh > /tmp/versions.json mv /tmp/versions.json jsonnet/kube-prometheus/versions.json - - name: Install jsonnet bundler - run: | - go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb - name: Update jsonnet dependencies run: | - jb update - make --always-make generate + make update + make generate # Reset jsonnetfile.lock.json if no dependencies were updated changedFiles=$(git diff --name-only | grep -v 'jsonnetfile.lock.json') diff --git a/Makefile b/Makefile index 23d3c233..b252173c 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,10 @@ vendor: $(JB_BIN) jsonnetfile.json jsonnetfile.lock.json crdschemas: vendor ./scripts/generate-schemas.sh +.PHONY: update +update: $(JB_BIN) + $(JB_BIN) update + .PHONY: validate validate: crdschemas manifests $(KUBECONFORM_BIN) $(KUBECONFORM_BIN) -kubernetes-version $(KUBE_VERSION) -schema-location 'default' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/ From 64cfda301298d9f5025307bf88ecc1fb2a6fe1dc Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 14 Jun 2021 22:35:34 +0200 Subject: [PATCH 328/388] legal cleanup Signed-off-by: paulfantom --- NOTICE | 5 ----- code-of-conduct.md | 26 +++----------------------- 2 files changed, 3 insertions(+), 28 deletions(-) delete mode 100644 NOTICE diff --git a/NOTICE b/NOTICE deleted file mode 100644 index 23a0ada2..00000000 --- a/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -CoreOS Project -Copyright 2018 CoreOS, Inc - -This product includes software developed at CoreOS, Inc. -(http://www.coreos.com/). diff --git a/code-of-conduct.md b/code-of-conduct.md index a234f360..d1adc780 100644 --- a/code-of-conduct.md +++ b/code-of-conduct.md @@ -1,4 +1,4 @@ -## CoreOS Community Code of Conduct +## Community Code of Conduct ### Contributor Code of Conduct @@ -33,29 +33,9 @@ This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting a project maintainer, Brandon Philips -, and/or Rithu John . +reported by contacting a project maintainer listed in +https://github.com/prometheus-operator/prometheus-operator/blob/master/MAINTAINERS.md. This Code of Conduct is adapted from the Contributor Covenant (http://contributor-covenant.org), version 1.2.0, available at http://contributor-covenant.org/version/1/2/0/ - -### CoreOS Events Code of Conduct - -CoreOS events are working conferences intended for professional networking and -collaboration in the CoreOS community. Attendees are expected to behave -according to professional standards and in accordance with their employer’s -policies on appropriate workplace behavior. - -While at CoreOS events or related social networking opportunities, attendees -should not engage in discriminatory or offensive speech or actions including -but not limited to gender, sexuality, race, age, disability, or religion. -Speakers should be especially aware of these concerns. - -CoreOS does not condone any statements by speakers contrary to these standards. -CoreOS reserves the right to deny entrance and/or eject from an event (without -refund) any individual found to be engaging in discriminatory or offensive -speech or actions. - -Please bring any concerns to the immediate attention of designated on-site -staff, Brandon Philips , and/or Rithu John . From dee7762ae384275ddc7fe80cd8bc014694a022e5 Mon Sep 17 00:00:00 2001 From: "ben.ye" Date: Tue, 13 Jul 2021 19:39:01 -0700 Subject: [PATCH 329/388] create dashboardDefinitions if rawDashboards or folderDashboards are specified Signed-off-by: ben.ye --- jsonnet/kube-prometheus/components/grafana.libsonnet | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index cb6cafa5..33c7511e 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -76,7 +76,9 @@ function(params) { dashboardDatasources: glib.grafana.dashboardDatasources, dashboardSources: glib.grafana.dashboardSources, - dashboardDefinitions: if std.length(g._config.dashboards) > 0 then { + dashboardDefinitions: if std.length(g._config.dashboards) > 0 || + std.length(g._config.rawDashboards) > 0 || + std.length(g._config.folderDashboards) > 0 then { apiVersion: 'v1', kind: 'ConfigMapList', items: glib.grafana.dashboardDefinitions, From 90b2751f06798733e949c5fdb830bff46d5d89a7 Mon Sep 17 00:00:00 2001 From: "ben.ye" Date: Tue, 13 Jul 2021 19:48:01 -0700 Subject: [PATCH 330/388] fmt code Signed-off-by: ben.ye --- jsonnet/kube-prometheus/components/grafana.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index 33c7511e..def62d61 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -77,8 +77,8 @@ function(params) { dashboardSources: glib.grafana.dashboardSources, dashboardDefinitions: if std.length(g._config.dashboards) > 0 || - std.length(g._config.rawDashboards) > 0 || - std.length(g._config.folderDashboards) > 0 then { + std.length(g._config.rawDashboards) > 0 || + std.length(g._config.folderDashboards) > 0 then { apiVersion: 'v1', kind: 'ConfigMapList', items: glib.grafana.dashboardDefinitions, From 43adca8df7dba6cec1f0e2c6fecc5899f2c38ff0 Mon Sep 17 00:00:00 2001 From: "ben.ye" Date: Tue, 13 Jul 2021 19:56:38 -0700 Subject: [PATCH 331/388] fmt again Signed-off-by: ben.ye --- jsonnet/kube-prometheus/components/grafana.libsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index def62d61..ce6cb40e 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -76,7 +76,7 @@ function(params) { dashboardDatasources: glib.grafana.dashboardDatasources, dashboardSources: glib.grafana.dashboardSources, - dashboardDefinitions: if std.length(g._config.dashboards) > 0 || + dashboardDefinitions: if std.length(g._config.dashboards) > 0 || std.length(g._config.rawDashboards) > 0 || std.length(g._config.folderDashboards) > 0 then { apiVersion: 'v1', From 9b08b941f86fd56c64828caf513af6fe2598d5ea Mon Sep 17 00:00:00 2001 From: Yury Gargay Date: Wed, 14 Jul 2021 18:51:36 +0200 Subject: [PATCH 332/388] Update kubernetes-mixin From https://github.com/kubernetes-monitoring/kubernetes-mixin/commit/b710a868a95621aa93e0b661954f63f4db82aaea --- .../components/alertmanager.libsonnet | 2 +- .../components/kube-state-metrics.libsonnet | 2 +- .../components/mixin/custom.libsonnet | 2 +- .../components/node-exporter.libsonnet | 2 +- .../components/prometheus-operator.libsonnet | 2 +- .../components/prometheus.libsonnet | 2 +- jsonnetfile.lock.json | 4 +- manifests/kubernetes-prometheusRule.yaml | 178 ++++++------------ 8 files changed, 68 insertions(+), 126 deletions(-) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 60385669..87b651a6 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -78,7 +78,7 @@ function(params) { assert std.isObject(am._config.mixin._config), mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') { _config+:: am._config.mixin._config, }, diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 1ebd1480..7c8d2568 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -49,7 +49,7 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- podLabels:: ksm._config.selectorLabels, mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') { _config+:: ksm._config.mixin._config, }, diff --git a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet index b32f9469..f8423653 100644 --- a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet @@ -23,7 +23,7 @@ function(params) { local alertsandrules = (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet'), mixin:: alertsandrules + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') { _config+:: m._config.mixin._config, }, diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index df0a2f20..4e5d1167 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -44,7 +44,7 @@ function(params) { assert std.isObject(ne._config.mixin._config), mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') { _config+:: ne._config.mixin._config, }, diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index 4bb98b48..b8adeeeb 100644 --- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -46,7 +46,7 @@ function(params) // declare variable as a field to allow overriding options and to have unified API across all components _config:: config, mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') { + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') { _config+:: po._config.mixin._config, }, diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 3c0e6bfc..e4a439b7 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -51,7 +51,7 @@ function(params) { assert std.isObject(p._config.mixin._config), mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/alerts/add-runbook-links.libsonnet') + ( + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') + ( if p._config.thanos != {} then (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { targetGroups: {}, diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 5c01010f..0bf751da 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "6a4b21fb685af4a26983a4e51103f62b3ca244f7", - "sum": "Z/G2a7I4uXmDSgcwJqZ1f4haO+CInIJgYiLaCLCpm6U=" + "version": "b710a868a95621aa93e0b661954f63f4db82aaea", + "sum": "W3jM1f3BUCc2mursXapw0OwsU2raoCuRy9897aA9R9k=" }, { "source": { diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index a3b278f1..ff63a74d 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -20,7 +20,7 @@ spec: expr: | increase(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[10m]) > 0 and - sum without (phase) (kube_pod_status_phase{phase!="Running",job="kube-state-metrics"} == 1) + kube_pod_container_status_waiting{job="kube-state-metrics"} == 1 for: 15m labels: severity: warning @@ -700,7 +700,7 @@ spec: for: 15m labels: severity: critical - - name: kube-apiserver.rules + - name: kube-apiserver-burnrate.rules rules: - expr: | ( @@ -710,14 +710,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[1d])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[1d])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[1d])) ) ) + @@ -737,14 +737,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[1h])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[1h])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[1h])) ) ) + @@ -764,14 +764,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[2h])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[2h])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[2h])) ) ) + @@ -791,14 +791,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[30m])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[30m])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[30m])) ) ) + @@ -818,14 +818,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[3d])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[3d])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[3d])) ) ) + @@ -845,14 +845,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[5m])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[5m])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[5m])) ) ) + @@ -872,14 +872,14 @@ spec: - ( ( - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[6h])) or vector(0) ) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[6h])) + - sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) + sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[6h])) ) ) + @@ -1003,16 +1003,8 @@ spec: labels: verb: write record: apiserver_request:burnrate6h - - expr: | - sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) - labels: - verb: read - record: code_resource:apiserver_request_total:rate5m - - expr: | - sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - labels: - verb: write - record: code_resource:apiserver_request_total:rate5m + - name: kube-apiserver-histogram.rules + rules: - expr: | histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 labels: @@ -1043,6 +1035,19 @@ spec: - interval: 3m name: kube-apiserver-availability.rules rules: + - expr: | + avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 + record: code_verb:apiserver_request_total:increase30d + - expr: | + sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) + labels: + verb: read + record: code:apiserver_request_total:increase30d + - expr: | + sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) + labels: + verb: write + record: code:apiserver_request_total:increase30d - expr: | 1 - ( ( @@ -1057,14 +1062,14 @@ spec: - ( ( - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="1"}[30d])) or vector(0) ) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="5"}[30d])) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="40"}[30d])) ) ) + # errors @@ -1082,14 +1087,14 @@ spec: ( # too slow ( - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[30d])) or vector(0) ) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[30d])) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[30d])) ) + # errors @@ -1118,90 +1123,27 @@ spec: verb: write record: apiserver_request:availability30d - expr: | - avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 - record: code_verb:apiserver_request_total:increase30d - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: | - sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) + sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) labels: verb: read - record: code:apiserver_request_total:increase30d + record: code_resource:apiserver_request_total:rate5m - expr: | - sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) + sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) labels: verb: write - record: code:apiserver_request_total:increase30d + record: code_resource:apiserver_request_total:rate5m + - expr: | + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: | + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: | + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: | + sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h - name: k8s.rules rules: - expr: | From 9bc6bf3db830efa87899756a83296ead154ea6a3 Mon Sep 17 00:00:00 2001 From: Nicolas Degory Date: Mon, 12 Jul 2021 19:45:26 -0700 Subject: [PATCH 333/388] update doc on Prometheus rule updates since release 0.8 Signed-off-by: Nicolas Degory --- ...prometheus-rules-and-grafana-dashboards.md | 127 ++++++++++++------ examples/changing-default-rules.libsonnet | 92 +++++++++++++ 2 files changed, 176 insertions(+), 43 deletions(-) create mode 100644 examples/changing-default-rules.libsonnet diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 1a9b3141..56e7c297 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -219,72 +219,113 @@ local kp = (import 'kube-prometheus/main.libsonnet') + { ``` ### Changing default rules -Along with adding additional rules, we give the user the option to filter or adjust the existing rules imported by `kube-prometheus/kube-prometheus.libsonnet`. The recording rules can be found in [kube-prometheus/rules](../jsonnet/kube-prometheus/rules) and [kubernetes-mixin/rules](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules) while the alerting rules can be found in [kube-prometheus/alerts](../jsonnet/kube-prometheus/alerts) and [kubernetes-mixin/alerts](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/alerts). +Along with adding additional rules, we give the user the option to filter or adjust the existing rules imported by `kube-prometheus/main.libsonnet`. The recording rules can be found in [kube-prometheus/components/mixin/rules](../jsonnet/kube-prometheus/components/mixin/rules) and [kubernetes-mixin/rules](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules) while the alerting rules can be found in [kube-prometheus/components/mixin/alerts](../jsonnet/kube-prometheus/components/mixin/alerts) and [kubernetes-mixin/alerts](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/alerts). Knowing which rules to change, the user can now use functions from the [Jsonnet standard library](https://jsonnet.org/ref/stdlib.html) to make these changes. Below are examples of both a filter and an adjustment being made to the default rules. These changes can be assigned to a local variable and then added to the `local kp` object as seen in the examples above. #### Filter -Here the alert `KubeStatefulSetReplicasMismatch` is being filtered out of the group `kubernetes-apps`. The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet). +Here the alert `KubeStatefulSetReplicasMismatch` is being filtered out of the group `kubernetes-apps`. The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet). You first need to find out in which component the rule is defined (here it is kuberentesControlPlane). ```jsonnet local filter = { - prometheusAlerts+:: { - groups: std.map( - function(group) - if group.name == 'kubernetes-apps' then - group { - rules: std.filter(function(rule) - rule.alert != "KubeStatefulSetReplicasMismatch", - group.rules - ) - } - else - group, - super.groups - ), + kubernetesControlPlane+: { + prometheusRule+:: { + spec+: { + groups: std.map( + function(group) + if group.name == 'kubernetes-apps' then + group { + rules: std.filter( + function(rule) + rule.alert != 'KubeStatefulSetReplicasMismatch', + group.rules + ), + } + else + group, + super.groups + ), + }, + }, }, }; ``` + #### Adjustment -Here the expression for the alert used above is updated from its previous value. The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet). +Here the expression for another alert in the same component is updated from its previous value. The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet). ```jsonnet local update = { - prometheusAlerts+:: { - groups: std.map( - function(group) - if group.name == 'kubernetes-apps' then - group { - rules: std.map( - function(rule) - if rule.alert == "KubeStatefulSetReplicasMismatch" then - rule { - expr: "kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\",statefulset!=\"vault\"} != kube_statefulset_status_replicas{job=\"kube-state-metrics\",statefulset!=\"vault\"}" - } - else - rule, - group.rules - ) - } - else - group, - super.groups - ), + kubernetesControlPlane+: { + prometheusRule+:: { + spec+: { + groups: std.map( + function(group) + if group.name == 'kubernetes-apps' then + group { + rules: std.map( + function(rule) + if rule.alert == 'KubePodCrashLooping' then + rule { + expr: 'rate(kube_pod_container_status_restarts_total{namespace=kube-system,job="kube-state-metrics"}[10m]) * 60 * 5 > 0', + } + else + rule, + group.rules + ), + } + else + group, + super.groups + ), + }, + }, }, }; ``` + Using the example from above about adding in pre-rendered rules, the new local variables can be added in as follows: ```jsonnet -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + filter + update + { - prometheusAlerts+:: (import 'existingrule.json'), +local add = { + exampleApplication:: { + prometheusRule+: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'example-application-rules', + namespace: $.values.common.namespace, + }, + spec: (import 'existingrule.json'), + }, + }, }; - -{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + -{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +local kp = (import 'kube-prometheus/main.libsonnet') + filter + update + add; +local kp = (import 'kube-prometheus/main.libsonnet') + + filter + + update + + add + { + values+:: { + common+: { + namespace: 'monitoring', + }, + }, + }; +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + -{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } + +{ ['exampleApplication-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } ``` ## Dashboards diff --git a/examples/changing-default-rules.libsonnet b/examples/changing-default-rules.libsonnet new file mode 100644 index 00000000..1a0c192b --- /dev/null +++ b/examples/changing-default-rules.libsonnet @@ -0,0 +1,92 @@ +local filter = { + kubernetesControlPlane+: { + prometheusRule+:: { + spec+: { + groups: std.map( + function(group) + if group.name == 'kubernetes-apps' then + group { + rules: std.filter( + function(rule) + rule.alert != 'KubeStatefulSetReplicasMismatch', + group.rules + ), + } + else + group, + super.groups + ), + }, + }, + }, +}; +local update = { + kubernetesControlPlane+: { + prometheusRule+:: { + spec+: { + groups: std.map( + function(group) + if group.name == 'kubernetes-apps' then + group { + rules: std.map( + function(rule) + if rule.alert == 'KubePodCrashLooping' then + rule { + expr: 'rate(kube_pod_container_status_restarts_total{namespace=kube-system,job="kube-state-metrics"}[10m]) * 60 * 5 > 0', + } + else + rule, + group.rules + ), + } + else + group, + super.groups + ), + }, + }, + }, +}; + +local add = { + exampleApplication:: { + prometheusRule+: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + name: 'example-application-rules', + namespace: $.values.common.namespace, + }, + spec: (import 'existingrule.json'), + }, + }, +}; +local kp = (import 'kube-prometheus/main.libsonnet') + + filter + + update + + add + { + values+:: { + common+: { + namespace: 'monitoring', + }, + }, +}; + +{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + +{ + ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] + for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) +} + +// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + +{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } + +{ ['exampleApplication-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } From 7394929c76173f8836bed101320b72995ff70b30 Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Sat, 17 Jul 2021 11:28:38 -0700 Subject: [PATCH 334/388] eks: Relabel instance with node name for CNI DaemonSet --- jsonnet/kube-prometheus/platforms/eks.libsonnet | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index 87e70f4f..76eeb385 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -27,7 +27,20 @@ }, spec: { ports: [ - { name: 'cni-metrics-port', port: 61678, targetPort: 61678 }, + { + name: 'cni-metrics-port', + port: 61678, + targetPort: 61678, + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], + }, ], selector: { 'app.kubernetes.io/name': 'aws-node' }, clusterIP: 'None', From 1a3c610c6161adf924baec61abeaae8bb7e7a161 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 19 Jul 2021 13:44:23 +0000 Subject: [PATCH 335/388] [bot] Automated version update --- jsonnet/kube-prometheus/versions.json | 6 +- jsonnetfile.lock.json | 30 ++-- manifests/grafana-dashboardDefinitions.yaml | 48 +++--- manifests/kubernetes-prometheusRule.yaml | 24 +++ manifests/node-exporter-clusterRole.yaml | 2 +- .../node-exporter-clusterRoleBinding.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 6 +- manifests/node-exporter-prometheusRule.yaml | 26 +++- manifests/node-exporter-service.yaml | 2 +- manifests/node-exporter-serviceAccount.yaml | 2 +- manifests/node-exporter-serviceMonitor.yaml | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- .../prometheus-operator-prometheusRule.yaml | 2 +- .../prometheus-operator-serviceMonitor.yaml | 4 +- manifests/prometheus-podDisruptionBudget.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 +- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- ...metheus-roleBindingSpecificNamespaces.yaml | 6 +- manifests/prometheus-roleConfig.yaml | 2 +- .../prometheus-roleSpecificNamespaces.yaml | 6 +- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- ...r-0prometheusCustomResourceDefinition.yaml | 144 +++++++++++++++++- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 8 +- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 31 files changed, 272 insertions(+), 82 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index ae5b5d12..da5cedaf 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -3,10 +3,10 @@ "blackboxExporter": "0.19.0", "grafana": "8.0.3", "kubeStateMetrics": "2.1.0", - "nodeExporter": "1.1.2", - "prometheus": "2.28.0", + "nodeExporter": "1.2.0", + "prometheus": "2.28.1", "prometheusAdapter": "0.8.4", - "prometheusOperator": "0.48.1", + "prometheusOperator": "0.49.0", "kubeRbacProxy": "0.10.0", "configmapReload": "0.5.0" } diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 0bf751da..f5acf81c 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "f4fad92e0d0240d1495cc6bf9d2f4d1fbeab4e4b", - "sum": "RqOj1ITnyH6jm/6qBtEE+Ob5KTk/nKX1zlhj/SWqARE=" + "version": "a1fd98c6b0c4c5bc9e36ac45154e6a44d4c31bcb", + "sum": "PPTfil9MoAqtyW+hHJuAj3Ap86pB86vIHativ9R5c4I=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "d8d3c4b74089f6f6a83b6c99d7425e2d646a1b30", + "version": "2a6bdb7df17539b27869bab8b04eab0cc69a7abb", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "b710a868a95621aa93e0b661954f63f4db82aaea", - "sum": "W3jM1f3BUCc2mursXapw0OwsU2raoCuRy9897aA9R9k=" + "version": "50dddcc2aecf074c7f7fab92caa87a806e5040fa", + "sum": "H4TcGWDVaNF51ZaGpJwm9rVympjpTtSjl4UCYI8q1LU=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "6a4b21fb685af4a26983a4e51103f62b3ca244f7", + "version": "50dddcc2aecf074c7f7fab92caa87a806e5040fa", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "7594278d264753220921eef1a59af4927b375573", + "version": "1d61fc146160a94ad6b932b9fc5124bc43a5e00c", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "7594278d264753220921eef1a59af4927b375573", + "version": "1d61fc146160a94ad6b932b9fc5124bc43a5e00c", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "2388bfa557c9836d5ff01e620a129d33852670ff", + "version": "1a0708426f2cb2d6613ea66b5ce2a4e166917539", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "2388bfa557c9836d5ff01e620a129d33852670ff", - "sum": "eHJp7oFWvBEsSmwoRML356DLK80n7rRt8XKRZ+YawvQ=" + "version": "1a0708426f2cb2d6613ea66b5ce2a4e166917539", + "sum": "r10jPrynhhJrBBh++pWad5ebvBiLhecjwmv4FN5imxQ=" }, { "source": { @@ -120,8 +120,8 @@ "subdir": "docs/node-mixin" } }, - "version": "35a2de21d4ae686f4d3e9e0a54059a6c7ef93885", - "sum": "os3VfjBdFdDaTYzI+A/RahIhQcgQ7KoaLL68s1kiCbA=" + "version": "12968948aec1e2b216a2ecefc45cf3a50671aecb", + "sum": "aNKe0IYZwwYJSixqP5VMQpKZnquGKHHkYT0lIo3pmWM=" }, { "source": { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "62598878dd080d0488457e2238fb6e5a847a8247", + "version": "a1c1313b3c86b1d50a2f099f4f2697ccb01388e4", "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "e7d3ec77ee6ad2580e50b371c00465ad277340a1", + "version": "731a5ae9da195c37bc2eb18257ffbf4bd72238c1", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index cfc1a747..0ac51dcc 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -9074,7 +9074,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9083,7 +9083,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9092,7 +9092,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9101,7 +9101,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9539,7 +9539,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9548,7 +9548,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9557,7 +9557,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -9566,7 +9566,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11422,7 +11422,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11431,7 +11431,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11440,7 +11440,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11449,7 +11449,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11850,7 +11850,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11859,7 +11859,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11868,7 +11868,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -11877,7 +11877,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12527,7 +12527,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12536,7 +12536,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12545,7 +12545,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12554,7 +12554,7 @@ items: "step": 10 }, { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12990,7 +12990,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -12999,7 +12999,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -13008,7 +13008,7 @@ items: "step": 10 }, { - "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, @@ -13017,7 +13017,7 @@ items: "step": 10 }, { - "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", "format": "table", "instant": true, "intervalFactor": 2, diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index ff63a74d..60e6a85b 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -1177,6 +1177,12 @@ spec: max by(namespace, pod, node) (kube_pod_info{node!=""}) ) record: node_namespace_pod_container:container_memory_swap + - expr: | + kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster) + group_left() max by (namespace, pod) ( + (kube_pod_status_phase{phase=~"Pending|Running"} == 1) + ) + record: cluster:namespace:pod_memory:active:kube_pod_container_resource_requests - expr: | sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( @@ -1188,6 +1194,12 @@ spec: ) ) record: namespace_memory:kube_pod_container_resource_requests:sum + - expr: | + kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster) + group_left() max by (namespace, pod) ( + (kube_pod_status_phase{phase=~"Pending|Running"} == 1) + ) + record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests - expr: | sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( @@ -1199,6 +1211,12 @@ spec: ) ) record: namespace_cpu:kube_pod_container_resource_requests:sum + - expr: | + kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster) + group_left() max by (namespace, pod) ( + (kube_pod_status_phase{phase=~"Pending|Running"} == 1) + ) + record: cluster:namespace:pod_memory:active:kube_pod_container_resource_limits - expr: | sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( @@ -1210,6 +1228,12 @@ spec: ) ) record: namespace_memory:kube_pod_container_resource_limits:sum + - expr: | + kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster) + group_left() max by (namespace, pod) ( + (kube_pod_status_phase{phase=~"Pending|Running"} == 1) + ) + record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits - expr: | sum by (namespace, cluster) ( sum by (namespace, pod, cluster) ( diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index 18ac8610..aae6d312 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index 3d552151..60004d44 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 10b6b2c2..21ad1fe0 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 name: node-exporter namespace: monitoring spec: @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 spec: containers: - args: @@ -32,7 +32,7 @@ spec: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-z0-9]+@if\d+)$ - --collector.netdev.device-exclude=^(veth.*|[a-z0-9]+@if\d+)$ - image: quay.io/prometheus/node-exporter:v1.1.2 + image: quay.io/prometheus/node-exporter:v1.2.0 name: node-exporter resources: limits: diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 1300f5b6..295f35bc 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 prometheus: k8s role: alert-rules name: node-exporter-rules @@ -223,6 +223,30 @@ spec: node_md_disks{state="failed"} > 0 labels: severity: warning + - alert: NodeFileDescriptorLimit + annotations: + description: File descriptors limit at {{ $labels.instance }} is currently at {{ printf "%.2f" $value }}%. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefiledescriptorlimit + summary: Kernel is predicted to exhaust file descriptors limit soon. + expr: | + ( + node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 70 + ) + for: 15m + labels: + severity: warning + - alert: NodeFileDescriptorLimit + annotations: + description: File descriptors limit at {{ $labels.instance }} is currently at {{ printf "%.2f" $value }}%. + runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefiledescriptorlimit + summary: Kernel is predicted to exhaust file descriptors limit soon. + expr: | + ( + node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 90 + ) + for: 15m + labels: + severity: critical - name: node-exporter.rules rules: - expr: | diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index 2c89de8b..7db5a093 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 name: node-exporter namespace: monitoring spec: diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index 1b665a47..a45f3d59 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 name: node-exporter namespace: monitoring diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index c63ef32c..ab0d9cef 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.1.2 + app.kubernetes.io/version: 1.2.0 name: node-exporter namespace: monitoring spec: diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index a0d4a4bc..4d337456 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index 17efd849..54247417 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index 8c015bd1..141af2eb 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 prometheus: k8s role: alert-rules name: prometheus-operator-rules diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index 6720aebf..ad3acad5 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml index f45a5ebc..c55ecc42 100644 --- a/manifests/prometheus-podDisruptionBudget.yaml +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 54ca05d1..087a7aa2 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 prometheus: k8s name: k8s namespace: monitoring @@ -18,7 +18,7 @@ spec: port: web enableFeatures: [] externalLabels: {} - image: quay.io/prometheus/prometheus:v2.28.0 + image: quay.io/prometheus/prometheus:v2.28.1 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -47,4 +47,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.28.0 + version: 2.28.1 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 0c626bcf..c9063ba0 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index aea532dc..8e15e69d 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index 7b0bd525..4cf325c6 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index 67350543..9f16e65a 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index cce44a1e..53888f38 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: default rules: @@ -44,7 +44,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: kube-system rules: @@ -81,7 +81,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 4e870635..8b196541 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index d0a2aac4..45bd92b4 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index bbbc2473..f8f0e878 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.0 + app.kubernetes.io/version: 2.28.1 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index d327a717..cd6e2ecb 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -1477,7 +1477,7 @@ spec: format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. + description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. format: int64 type: integer evaluationInterval: @@ -2475,6 +2475,77 @@ spec: name: description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyUrl: description: Optional ProxyURL type: string @@ -2661,6 +2732,77 @@ spec: name: description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object proxyUrl: description: Optional ProxyURL type: string diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index 4990441c..5b9d33e3 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 28d2941f..2c2953a9 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index 9d57d15d..04a8df3f 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 name: prometheus-operator namespace: monitoring spec: @@ -23,13 +23,13 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.48.1 - image: quay.io/prometheus-operator/prometheus-operator:v0.48.1 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.49.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.49.0 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index c4c2f40d..7d6d0368 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 380c9212..282aad67 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.48.1 + app.kubernetes.io/version: 0.49.0 name: prometheus-operator namespace: monitoring From 8c357c6bde4bd287dbfdd04fe756860705397dcc Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 20 Jul 2021 10:53:49 +0200 Subject: [PATCH 336/388] jsonnet: align alert annotations with best practices Signed-off-by: paulfantom --- .../kube-prometheus/components/mixin/alerts/node.libsonnet | 3 ++- jsonnet/kube-prometheus/platforms/eks.libsonnet | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet index 74cfb4f2..d022c599 100644 --- a/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet @@ -7,7 +7,8 @@ { alert: 'NodeNetworkInterfaceFlapping', annotations: { - message: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', + summary: "Network interface is often changin it's status", + description: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', }, expr: ||| changes(node_network_up{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 2 diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index 76eeb385..b81d1cce 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -97,10 +97,11 @@ severity: 'critical', }, annotations: { - message: 'Instance {{ $labels.instance }} has less than 10 IPs available.', + summary: 'EKS CNI is running low on available IPs', + description: 'Instance {{ $labels.instance }} has only {{ $value }} IPs available which is lower than set threshold of %s' % $.values.eks.minimumAvailableIPs, }, 'for': $.values.eks.minimumAvailableIPsTime, - alert: 'EksAvailableIPs', + alert: 'EksCNILowAvailableIPs', }, ], }, From 02454b3f53ed83190ea5557a6beef894526dce92 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 20 Jul 2021 11:14:28 +0200 Subject: [PATCH 337/388] manifests: regenerate --- manifests/kube-prometheus-prometheusRule.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml index e3ee47fa..d203dd91 100644 --- a/manifests/kube-prometheus-prometheusRule.yaml +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -39,8 +39,9 @@ spec: rules: - alert: NodeNetworkInterfaceFlapping annotations: - message: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} + description: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkinterfaceflapping + summary: Network interface is often changin it's status expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 for: 2m From 46eb1713a5b0235099fb0ae099e6bdf363ee4b14 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 20 Jul 2021 11:14:38 +0200 Subject: [PATCH 338/388] jsonnet: remove unused alert unit tests as those are moved to alertmanager repository --- .../components/mixin/alerts/tests.yaml | 157 ------------------ 1 file changed, 157 deletions(-) delete mode 100644 jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml diff --git a/jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml b/jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml deleted file mode 100644 index 532bb895..00000000 --- a/jsonnet/kube-prometheus/components/mixin/alerts/tests.yaml +++ /dev/null @@ -1,157 +0,0 @@ -# TODO(metalmatze): This file is temporarily saved here for later reference -# until we find out how to integrate the tests into our jsonnet stack. - -rule_files: - - rules.yaml - -evaluation_interval: 1m - -tests: - - interval: 1m - input_series: - - series: 'alertmanager_cluster_members{job="alertmanager-main",instance="10.10.10.0",namespace="monitoring",pod="alertmanager-main-0",service="alertmanager-main"}' - values: '3 3 3 3 3 2 2 2 2 2 2 1 1 1 1 1 1 0 0 0 0 0 0' - - series: 'alertmanager_cluster_members{job="alertmanager-main",instance="10.10.10.1",namespace="monitoring",pod="alertmanager-main-1",service="alertmanager-main"}' - values: '3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3' - - series: 'alertmanager_cluster_members{job="alertmanager-main",instance="10.10.10.2",namespace="monitoring",pod="alertmanager-main-2",service="alertmanager-main"}' - values: '3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3' - alert_rule_test: - - eval_time: 5m - alertname: AlertmanagerMembersInconsistent - - eval_time: 11m - alertname: AlertmanagerMembersInconsistent - exp_alerts: - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.0 - namespace: monitoring - pod: alertmanager-main-0 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - eval_time: 17m - alertname: AlertmanagerMembersInconsistent - exp_alerts: - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.0 - namespace: monitoring - pod: alertmanager-main-0 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - eval_time: 23m - alertname: AlertmanagerMembersInconsistent - exp_alerts: - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.0 - namespace: monitoring - pod: alertmanager-main-0 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - interval: 1m - input_series: - - series: 'alertmanager_cluster_members{job="alertmanager-main",instance="10.10.10.0",namespace="monitoring",pod="alertmanager-main-0",service="alertmanager-main"}' - values: '3 3 3 3 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' - - series: 'alertmanager_cluster_members{job="alertmanager-main",instance="10.10.10.1",namespace="monitoring",pod="alertmanager-main-1",service="alertmanager-main"}' - values: '3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2' - - series: 'alertmanager_cluster_members{job="alertmanager-main",instance="10.10.10.2",namespace="monitoring",pod="alertmanager-main-2",service="alertmanager-main"}' - values: '3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2' - alert_rule_test: - - eval_time: 5m - alertname: AlertmanagerMembersInconsistent - - eval_time: 11m - alertname: AlertmanagerMembersInconsistent - exp_alerts: - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.0 - namespace: monitoring - pod: alertmanager-main-0 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.1 - namespace: monitoring - pod: alertmanager-main-1 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.2 - namespace: monitoring - pod: alertmanager-main-2 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - eval_time: 17m - alertname: AlertmanagerMembersInconsistent - exp_alerts: - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.0 - namespace: monitoring - pod: alertmanager-main-0 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.1 - namespace: monitoring - pod: alertmanager-main-1 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.2 - namespace: monitoring - pod: alertmanager-main-2 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - eval_time: 23m - alertname: AlertmanagerMembersInconsistent - exp_alerts: - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.0 - namespace: monitoring - pod: alertmanager-main-0 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.1 - namespace: monitoring - pod: alertmanager-main-1 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' - - exp_labels: - service: 'alertmanager-main' - severity: critical - job: 'alertmanager-main' - instance: 10.10.10.2 - namespace: monitoring - pod: alertmanager-main-2 - exp_annotations: - message: 'Alertmanager has not found all other members of the cluster.' From 463ad065d39022b507399ac9f15b441ec7bbfc69 Mon Sep 17 00:00:00 2001 From: Philip Gough Date: Tue, 20 Jul 2021 10:43:02 +0100 Subject: [PATCH 339/388] jsonnet: Drop cAdvisor metrics with no (pod, namespace) labels while preserving ability to monitor system services resource usage The following provides a description and cardinality estimation based on the tests in a local cluster: container_blkio_device_usage_total - useful for containers, but not for system services (nodes*disks*services*operations*2) container_fs_.* - add filesystem read/write data (nodes*disks*services*4) container_file_descriptors - file descriptors limits and global numbers are exposed via (nodes*services) container_threads_max - max number of threads in cgroup. Usually for system services it is not limited (nodes*services) container_threads - used threads in cgroup. Usually not important for system services (nodes*services) container_sockets - used sockets in cgroup. Usually not important for system services (nodes*services) container_start_time_seconds - container start. Possibly not needed for system services (nodes*services) container_last_seen - Not needed as system services are always running (nodes*services) container_spec_.* - Everything related to cgroup specification and thus static data (nodes*services*5) --- .../components/k8s-control-plane.libsonnet | 17 +++++++++++++++++ manifests/kubernetes-serviceMonitorKubelet.yaml | 6 ++++++ 2 files changed, 23 insertions(+) diff --git a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet index dbf3474b..475a3e5a 100644 --- a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet +++ b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -120,6 +120,23 @@ function(params) { regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', action: 'drop', }, + // Drop cAdvisor metrics with no (pod, namespace) labels while preserving ability to monitor system services resource usage (cardinality estimation) + { + sourceLabels: ['__name__', 'pod', 'namespace'], + action: 'drop', + regex: '(' + std.join('|', + [ + 'container_fs_.*', // add filesystem read/write data (nodes*disks*services*4) + 'container_spec_.*', // everything related to cgroup specification and thus static data (nodes*services*5) + 'container_blkio_device_usage_total', // useful for containers, but not for system services (nodes*disks*services*operations*2) + 'container_file_descriptors', // file descriptors limits and global numbers are exposed via (nodes*services) + 'container_sockets', // used sockets in cgroup. Usually not important for system services (nodes*services) + 'container_threads_max', // max number of threads in cgroup. Usually for system services it is not limited (nodes*services) + 'container_threads', // used threads in cgroup. Usually not important for system services (nodes*services) + 'container_start_time_seconds', // container start. Possibly not needed for system services (nodes*services) + 'container_last_seen', // not needed as system services are always running (nodes*services) + ]) + ');;', + }, ], }, { diff --git a/manifests/kubernetes-serviceMonitorKubelet.yaml b/manifests/kubernetes-serviceMonitorKubelet.yaml index 9e3ec0d5..ea050274 100644 --- a/manifests/kubernetes-serviceMonitorKubelet.yaml +++ b/manifests/kubernetes-serviceMonitorKubelet.yaml @@ -60,6 +60,12 @@ spec: regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) sourceLabels: - __name__ + - action: drop + regex: (container_fs_.*|container_spec_.*|container_blkio_device_usage_total|container_file_descriptors|container_sockets|container_threads_max|container_threads|container_start_time_seconds|container_last_seen);; + sourceLabels: + - __name__ + - pod + - namespace path: /metrics/cadvisor port: https-metrics relabelings: From 9c638162ae5354350ea4fca3556e0af15d6238d1 Mon Sep 17 00:00:00 2001 From: Luis Vidal Ernst Date: Wed, 21 Jul 2021 11:06:35 +0200 Subject: [PATCH 340/388] Allow customizing of kubeRbacProxy in kube-state-metrics --- .../components/kube-state-metrics.libsonnet | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 7c8d2568..72021f3f 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -12,6 +12,12 @@ local defaults = { limits: { cpu: '100m', memory: '250Mi' }, }, + kubeRbacProxyMain: { + resources+: { + limits+: { cpu: '40m' }, + requests+: { cpu: '20m' }, + }, + }, scrapeInterval: '30s', scrapeTimeout: '30s', commonLabels:: { @@ -85,17 +91,13 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- }, }, - local kubeRbacProxyMain = krp({ + local kubeRbacProxyMain = krp(ksm._config.kubeRbacProxyMain { name: 'kube-rbac-proxy-main', upstream: 'http://127.0.0.1:8081/', secureListenAddress: ':8443', ports: [ { name: 'https-main', containerPort: 8443 }, ], - resources+: { - limits+: { cpu: '40m' }, - requests+: { cpu: '20m' }, - }, image: ksm._config.kubeRbacProxyImage, }), From 94731577a86a7c670740a2a86a3fa050d833f2bb Mon Sep 17 00:00:00 2001 From: paulfantom Date: Wed, 21 Jul 2021 09:53:00 +0200 Subject: [PATCH 341/388] .github: add PR template Signed-off-by: paulfantom --- .github/PULL_REQUEST_TEMPLATE.md | 37 ++++++++++++++++++++++++++++++++ .github/workflows/versions.yaml | 13 ++++++++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..6e12307c --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,37 @@ + + +## Description + +_Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. +If it fixes a bug or resolves a feature request, be sure to link to that issue._ + + + +## Type of change + +_What type of changes does your code introduce to the kube-prometheus? Put an `x` in the box that apply._ + +- [ ] `CHANGE` (fix or feature that would cause existing functionality to not work as expected) +- [ ] `FEATURE` (non-breaking change which adds functionality) +- [ ] `BUGFIX` (non-breaking change which fixes an issue) +- [ ] `ENHANCEMENT` (non-breaking change which improves existing functionality) +- [ ] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.) + +## Changelog entry + +_Please put a one-line changelog entry below. Later this will be copied to the changelog file._ + + + +```release-note + +``` diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 6a8f5a25..cacc5227 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -33,11 +33,22 @@ jobs: commit-message: "[bot] Automated version update" title: "[bot] Automated version update" body: | + ## Description + This is an automated version and jsonnet dependencies update performed from CI on behalf of @paulfantom. Configuration of the workflow is located in `.github/workflows/versions.yaml` + + ## Type of change + + - [x] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.) + + ## Changelog entry + + ```release-note + + ``` team-reviewers: kube-prometheus-reviewers - labels: kind/enhancement branch: automated-updates delete-branch: true # GITHUB_TOKEN cannot be used as it won't trigger CI in a created PR From cfe830f8f01283acfde2d137f99beb7b5deaaf03 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 20 Jul 2021 10:34:34 +0200 Subject: [PATCH 342/388] jsonnet/kube-prometheus: point to runbooks.prometheus-operator.dev Signed-off-by: paulfantom --- jsonnet/kube-prometheus/components/alertmanager.libsonnet | 2 +- jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet | 2 +- jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet | 2 +- jsonnet/kube-prometheus/components/mixin/custom.libsonnet | 2 +- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 2 +- .../kube-prometheus/components/prometheus-operator.libsonnet | 2 +- jsonnet/kube-prometheus/components/prometheus.libsonnet | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet index 87b651a6..bda39ec4 100644 --- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet +++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet @@ -64,7 +64,7 @@ local defaults = { alertmanagerName: '{{ $labels.namespace }}/{{ $labels.pod}}', alertmanagerClusterLabels: 'namespace,service', alertmanagerSelector: 'job="alertmanager-' + defaults.name + '",namespace="' + defaults.namespace + '"', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/alertmanager/%s', }, }, }; diff --git a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet index 475a3e5a..e7323aea 100644 --- a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet +++ b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -17,7 +17,7 @@ local defaults = { kubeControllerManagerSelector: 'job="kube-controller-manager"', kubeApiserverSelector: 'job="apiserver"', podLabel: 'pod', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/kubernetes/%s', diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', hostNetworkInterfaceSelector: 'device!~"veth.+"', }, diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet index 7c8d2568..b80bd939 100644 --- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet +++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet @@ -29,7 +29,7 @@ local defaults = { ruleLabels: {}, _config: { kubeStateMetricsSelector: 'job="' + defaults.name + '"', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/%s', }, }, }; diff --git a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet index f8423653..c8f43b03 100644 --- a/jsonnet/kube-prometheus/components/mixin/custom.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/custom.libsonnet @@ -11,7 +11,7 @@ local defaults = { _config: { nodeExporterSelector: 'job="node-exporter"', hostNetworkInterfaceSelector: 'device!~"veth.+"', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/general/%s', }, }, }; diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 4e5d1167..5530d16a 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -30,7 +30,7 @@ local defaults = { nodeExporterSelector: 'job="' + defaults.name + '"', fsSpaceFillingUpCriticalThreshold: 15, diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/node/%s', }, }, }; diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet index b8adeeeb..b0a78e06 100644 --- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet @@ -31,7 +31,7 @@ local defaults = { }, _config: { prometheusOperatorSelector: 'job="prometheus-operator",namespace="' + defaults.namespace + '"', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/%s', }, }, }; diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index e4a439b7..5e1c9e33 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -36,7 +36,7 @@ local defaults = { prometheusSelector: 'job="prometheus-' + defaults.name + '",namespace="' + defaults.namespace + '"', prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', thanosSelector: 'job="thanos-sidecar"', - runbookURLPattern: 'https://github.com/prometheus-operator/kube-prometheus/wiki/%s', + runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/prometheus/%s', }, }, thanos: {}, From 755d2fe5c12bb6a2490cbf6f9fee6739a9589a7d Mon Sep 17 00:00:00 2001 From: paulfantom Date: Tue, 20 Jul 2021 19:28:26 +0200 Subject: [PATCH 343/388] manifests: regenerate --- manifests/alertmanager-prometheusRule.yaml | 16 +-- manifests/kube-prometheus-prometheusRule.yaml | 6 +- .../kube-state-metrics-prometheusRule.yaml | 8 +- manifests/kubernetes-prometheusRule.yaml | 106 +++++++++--------- manifests/node-exporter-prometheusRule.yaml | 36 +++--- .../prometheus-operator-prometheusRule.yaml | 14 +-- manifests/prometheus-prometheusRule.yaml | 36 +++--- 7 files changed, 111 insertions(+), 111 deletions(-) diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index d6321b95..a7fd4cc3 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -17,7 +17,7 @@ spec: - alert: AlertmanagerFailedReload annotations: description: Configuration has failed to load for {{ $labels.namespace }}/{{ $labels.pod}}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedreload + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerfailedreload summary: Reloading an Alertmanager configuration has failed. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -29,7 +29,7 @@ spec: - alert: AlertmanagerMembersInconsistent annotations: description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} has only found {{ $value }} members of the {{$labels.job}} cluster. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagermembersinconsistent + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagermembersinconsistent summary: A member of an Alertmanager cluster has not found all other cluster members. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -43,7 +43,7 @@ spec: - alert: AlertmanagerFailedToSendAlerts annotations: description: Alertmanager {{ $labels.namespace }}/{{ $labels.pod}} failed to send {{ $value | humanizePercentage }} of notifications to {{ $labels.integration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerfailedtosendalerts + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerfailedtosendalerts summary: An Alertmanager instance failed to send notifications. expr: | ( @@ -58,7 +58,7 @@ spec: - alert: AlertmanagerClusterFailedToSendAlerts annotations: description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclusterfailedtosendalerts summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration. expr: | min by (namespace,service, integration) ( @@ -73,7 +73,7 @@ spec: - alert: AlertmanagerClusterFailedToSendAlerts annotations: description: The minimum notification failure rate to {{ $labels.integration }} sent from any instance in the {{$labels.job}} cluster is {{ $value | humanizePercentage }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterfailedtosendalerts + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclusterfailedtosendalerts summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration. expr: | min by (namespace,service, integration) ( @@ -88,7 +88,7 @@ spec: - alert: AlertmanagerConfigInconsistent annotations: description: Alertmanager instances within the {{$labels.job}} cluster have different configurations. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerconfiginconsistent + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerconfiginconsistent summary: Alertmanager instances within the same cluster have different configurations. expr: | count by (namespace,service) ( @@ -101,7 +101,7 @@ spec: - alert: AlertmanagerClusterDown annotations: description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have been up for less than half of the last 5m.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclusterdown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclusterdown summary: Half or more of the Alertmanager instances within the same cluster are down. expr: | ( @@ -120,7 +120,7 @@ spec: - alert: AlertmanagerClusterCrashlooping annotations: description: '{{ $value | humanizePercentage }} of Alertmanager instances within the {{$labels.job}} cluster have restarted at least 5 times in the last 10m.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/alertmanagerclustercrashlooping + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/alertmanager/alertmanagerclustercrashlooping summary: Half or more of the Alertmanager instances within the same cluster are crashlooping. expr: | ( diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml index d203dd91..84c2da68 100644 --- a/manifests/kube-prometheus-prometheusRule.yaml +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -16,7 +16,7 @@ spec: - alert: TargetDown annotations: description: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.service }} targets in {{ $labels.namespace }} namespace are down.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/targetdown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/targetdown summary: One or more targets are unreachable. expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 for: 10m @@ -30,7 +30,7 @@ spec: and always fire against a receiver. There are integrations with various notification mechanisms that send a notification when this alert is not firing. For example the "DeadMansSnitch" integration in PagerDuty. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/watchdog + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/watchdog summary: An alert that should always be firing to certify that Alertmanager is working properly. expr: vector(1) labels: @@ -40,7 +40,7 @@ spec: - alert: NodeNetworkInterfaceFlapping annotations: description: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkinterfaceflapping + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/nodenetworkinterfaceflapping summary: Network interface is often changin it's status expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 1b4904b3..237776f2 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -17,7 +17,7 @@ spec: - alert: KubeStateMetricsListErrors annotations: description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricslisterrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricslisterrors summary: kube-state-metrics is experiencing errors in list operations. expr: | (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) @@ -30,7 +30,7 @@ spec: - alert: KubeStateMetricsWatchErrors annotations: description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricswatcherrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricswatcherrors summary: kube-state-metrics is experiencing errors in watch operations. expr: | (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) @@ -43,7 +43,7 @@ spec: - alert: KubeStateMetricsShardingMismatch annotations: description: kube-state-metrics pods are running with different --total-shards configuration, some Kubernetes objects may be exposed multiple times or not exposed at all. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricsshardingmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricsshardingmismatch summary: kube-state-metrics sharding is misconfigured. expr: | stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) != 0 @@ -53,7 +53,7 @@ spec: - alert: KubeStateMetricsShardsMissing annotations: description: kube-state-metrics shards are missing, some Kubernetes objects are not being exposed. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatemetricsshardsmissing + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricsshardsmissing summary: kube-state-metrics shards are missing. expr: | 2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) - 1 diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 60e6a85b..1ff25d1f 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -15,7 +15,7 @@ spec: - alert: KubePodCrashLooping annotations: description: Pod {{ $labels.namespace }}/{{ $labels.pod }} ({{ $labels.container }}) is restarting {{ printf "%.2f" $value }} times / 10 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodcrashlooping + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubepodcrashlooping summary: Pod is crash looping. expr: | increase(kube_pod_container_status_restarts_total{job="kube-state-metrics"}[10m]) > 0 @@ -27,7 +27,7 @@ spec: - alert: KubePodNotReady annotations: description: Pod {{ $labels.namespace }}/{{ $labels.pod }} has been in a non-ready state for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepodnotready + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubepodnotready summary: Pod has been in a non-ready state for more than 15 minutes. expr: | sum by (namespace, pod) ( @@ -43,7 +43,7 @@ spec: - alert: KubeDeploymentGenerationMismatch annotations: description: Deployment generation for {{ $labels.namespace }}/{{ $labels.deployment }} does not match, this indicates that the Deployment has failed but has not been rolled back. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentgenerationmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubedeploymentgenerationmismatch summary: Deployment generation mismatch due to possible roll-back expr: | kube_deployment_status_observed_generation{job="kube-state-metrics"} @@ -55,7 +55,7 @@ spec: - alert: KubeDeploymentReplicasMismatch annotations: description: Deployment {{ $labels.namespace }}/{{ $labels.deployment }} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedeploymentreplicasmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubedeploymentreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | ( @@ -73,7 +73,7 @@ spec: - alert: KubeStatefulSetReplicasMismatch annotations: description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetreplicasmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubestatefulsetreplicasmismatch summary: Deployment has not matched the expected number of replicas. expr: | ( @@ -91,7 +91,7 @@ spec: - alert: KubeStatefulSetGenerationMismatch annotations: description: StatefulSet generation for {{ $labels.namespace }}/{{ $labels.statefulset }} does not match, this indicates that the StatefulSet has failed but has not been rolled back. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetgenerationmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubestatefulsetgenerationmismatch summary: StatefulSet generation mismatch due to possible roll-back expr: | kube_statefulset_status_observed_generation{job="kube-state-metrics"} @@ -103,7 +103,7 @@ spec: - alert: KubeStatefulSetUpdateNotRolledOut annotations: description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} update has not been rolled out. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubestatefulsetupdatenotrolledout + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubestatefulsetupdatenotrolledout summary: StatefulSet update has not been rolled out. expr: | ( @@ -129,7 +129,7 @@ spec: - alert: KubeDaemonSetRolloutStuck annotations: description: DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} has not finished or progressed for at least 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetrolloutstuck + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubedaemonsetrolloutstuck summary: DaemonSet rollout is stuck. expr: | ( @@ -161,7 +161,7 @@ spec: - alert: KubeContainerWaiting annotations: description: Pod {{ $labels.namespace }}/{{ $labels.pod }} container {{ $labels.container}} has been in waiting state for longer than 1 hour. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontainerwaiting + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecontainerwaiting summary: Pod container waiting longer than 1 hour expr: | sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics"}) > 0 @@ -171,7 +171,7 @@ spec: - alert: KubeDaemonSetNotScheduled annotations: description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are not scheduled.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetnotscheduled + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubedaemonsetnotscheduled summary: DaemonSet pods are not scheduled. expr: | kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics"} @@ -183,7 +183,7 @@ spec: - alert: KubeDaemonSetMisScheduled annotations: description: '{{ $value }} Pods of DaemonSet {{ $labels.namespace }}/{{ $labels.daemonset }} are running where they are not supposed to run.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubedaemonsetmisscheduled + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubedaemonsetmisscheduled summary: DaemonSet pods are misscheduled. expr: | kube_daemonset_status_number_misscheduled{job="kube-state-metrics"} > 0 @@ -193,7 +193,7 @@ spec: - alert: KubeJobCompletion annotations: description: Job {{ $labels.namespace }}/{{ $labels.job_name }} is taking more than 12 hours to complete. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobcompletion + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubejobcompletion summary: Job did not complete in time expr: | kube_job_spec_completions{job="kube-state-metrics"} - kube_job_status_succeeded{job="kube-state-metrics"} > 0 @@ -203,7 +203,7 @@ spec: - alert: KubeJobFailed annotations: description: Job {{ $labels.namespace }}/{{ $labels.job_name }} failed to complete. Removing failed job after investigation should clear this alert. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubejobfailed + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubejobfailed summary: Job failed to complete. expr: | kube_job_failed{job="kube-state-metrics"} > 0 @@ -213,7 +213,7 @@ spec: - alert: KubeHpaReplicasMismatch annotations: description: HPA {{ $labels.namespace }}/{{ $labels.horizontalpodautoscaler }} has not matched the desired number of replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpareplicasmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubehpareplicasmismatch summary: HPA has not matched descired number of replicas. expr: | (kube_horizontalpodautoscaler_status_desired_replicas{job="kube-state-metrics"} @@ -235,7 +235,7 @@ spec: - alert: KubeHpaMaxedOut annotations: description: HPA {{ $labels.namespace }}/{{ $labels.horizontalpodautoscaler }} has been running at max replicas for longer than 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubehpamaxedout + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubehpamaxedout summary: HPA is running at max replicas expr: | kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics"} @@ -249,7 +249,7 @@ spec: - alert: KubeCPUOvercommit annotations: description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuovercommit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) @@ -263,7 +263,7 @@ spec: - alert: KubeMemoryOvercommit annotations: description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryovercommit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | sum(namespace_memory:kube_pod_container_resource_requests:sum{}) @@ -279,7 +279,7 @@ spec: - alert: KubeCPUQuotaOvercommit annotations: description: Cluster has overcommitted CPU resource requests for Namespaces. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecpuquotaovercommit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuquotaovercommit summary: Cluster has overcommitted CPU resource requests. expr: | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) @@ -292,7 +292,7 @@ spec: - alert: KubeMemoryQuotaOvercommit annotations: description: Cluster has overcommitted memory resource requests for Namespaces. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubememoryquotaovercommit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubememoryquotaovercommit summary: Cluster has overcommitted memory resource requests. expr: | sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) @@ -305,7 +305,7 @@ spec: - alert: KubeQuotaAlmostFull annotations: description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaalmostfull + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubequotaalmostfull summary: Namespace quota is going to be full. expr: | kube_resourcequota{job="kube-state-metrics", type="used"} @@ -318,7 +318,7 @@ spec: - alert: KubeQuotaFullyUsed annotations: description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotafullyused + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubequotafullyused summary: Namespace quota is fully used. expr: | kube_resourcequota{job="kube-state-metrics", type="used"} @@ -331,7 +331,7 @@ spec: - alert: KubeQuotaExceeded annotations: description: Namespace {{ $labels.namespace }} is using {{ $value | humanizePercentage }} of its {{ $labels.resource }} quota. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubequotaexceeded + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubequotaexceeded summary: Namespace quota has exceeded the limits. expr: | kube_resourcequota{job="kube-state-metrics", type="used"} @@ -344,7 +344,7 @@ spec: - alert: CPUThrottlingHigh annotations: description: '{{ $value | humanizePercentage }} throttling of CPU in namespace {{ $labels.namespace }} for container {{ $labels.container }} in pod {{ $labels.pod }}.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/cputhrottlinghigh + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/cputhrottlinghigh summary: Processes experience elevated CPU throttling. expr: | sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) @@ -359,7 +359,7 @@ spec: - alert: KubePersistentVolumeFillingUp annotations: description: The PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is only {{ $value | humanizePercentage }} free. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | ( @@ -375,7 +375,7 @@ spec: - alert: KubePersistentVolumeFillingUp annotations: description: Based on recent sampling, the PersistentVolume claimed by {{ $labels.persistentvolumeclaim }} in Namespace {{ $labels.namespace }} is expected to fill up within four days. Currently {{ $value | humanizePercentage }} is available. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumefillingup + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubepersistentvolumefillingup summary: PersistentVolume is filling up. expr: | ( @@ -393,7 +393,7 @@ spec: - alert: KubePersistentVolumeErrors annotations: description: The persistent volume {{ $labels.persistentvolume }} has status {{ $labels.phase }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubepersistentvolumeerrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubepersistentvolumeerrors summary: PersistentVolume is having issues with provisioning. expr: | kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 @@ -405,7 +405,7 @@ spec: - alert: KubeVersionMismatch annotations: description: There are {{ $value }} different semantic versions of Kubernetes components running. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeversionmismatch + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeversionmismatch summary: Different semantic versions of Kubernetes components running. expr: | count(count by (git_version) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1 @@ -415,7 +415,7 @@ spec: - alert: KubeClientErrors annotations: description: Kubernetes API server client '{{ $labels.job }}/{{ $labels.instance }}' is experiencing {{ $value | humanizePercentage }} errors.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclienterrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeclienterrors summary: Kubernetes API server client is experiencing errors. expr: | (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) @@ -430,7 +430,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) @@ -444,7 +444,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) @@ -458,7 +458,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) @@ -472,7 +472,7 @@ spec: - alert: KubeAPIErrorBudgetBurn annotations: description: The API server is burning too much error budget. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapierrorbudgetburn + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeapierrorbudgetburn summary: The API server is burning too much error budget. expr: | sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) @@ -488,7 +488,7 @@ spec: - alert: KubeClientCertificateExpiration annotations: description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 @@ -497,7 +497,7 @@ spec: - alert: KubeClientCertificateExpiration annotations: description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeclientcertificateexpiration + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeclientcertificateexpiration summary: Client certificate is about to expire. expr: | apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 @@ -506,7 +506,7 @@ spec: - alert: AggregatedAPIErrors annotations: description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has reported errors. It has appeared unavailable {{ $value | humanize }} times averaged over the past 10m. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapierrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/aggregatedapierrors summary: An aggregated API has reported errors. expr: | sum by(name, namespace)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 @@ -515,7 +515,7 @@ spec: - alert: AggregatedAPIDown annotations: description: An aggregated API {{ $labels.name }}/{{ $labels.namespace }} has been only {{ $value | humanize }}% available over the last 10m. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/aggregatedapidown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/aggregatedapidown summary: An aggregated API is down. expr: | (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 @@ -525,7 +525,7 @@ spec: - alert: KubeAPIDown annotations: description: KubeAPI has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapidown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeapidown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="apiserver"} == 1) @@ -535,7 +535,7 @@ spec: - alert: KubeAPITerminatedRequests annotations: description: The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeapiterminatedrequests + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeapiterminatedrequests summary: The apiserver has terminated {{ $value | humanizePercentage }} of its incoming requests. expr: | sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 @@ -547,7 +547,7 @@ spec: - alert: KubeNodeNotReady annotations: description: '{{ $labels.node }} has been unready for more than 15 minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodenotready + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubenodenotready summary: Node is not ready. expr: | kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 @@ -557,7 +557,7 @@ spec: - alert: KubeNodeUnreachable annotations: description: '{{ $labels.node }} is unreachable and some workloads may be rescheduled.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodeunreachable + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubenodeunreachable summary: Node is unreachable. expr: | (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 @@ -567,7 +567,7 @@ spec: - alert: KubeletTooManyPods annotations: description: Kubelet '{{ $labels.node }}' is running at {{ $value | humanizePercentage }} of its Pod capacity. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubelettoomanypods + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubelettoomanypods summary: Kubelet is running at capacity. expr: | count by(node) ( @@ -583,7 +583,7 @@ spec: - alert: KubeNodeReadinessFlapping annotations: description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubenodereadinessflapping + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubenodereadinessflapping summary: Node readiness status is flapping. expr: | sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 @@ -593,7 +593,7 @@ spec: - alert: KubeletPlegDurationHigh annotations: description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletplegdurationhigh + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletplegdurationhigh summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. expr: | node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 @@ -603,7 +603,7 @@ spec: - alert: KubeletPodStartUpLatencyHigh annotations: description: Kubelet Pod startup 99th percentile latency is {{ $value }} seconds on node {{ $labels.node }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletpodstartuplatencyhigh + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletpodstartuplatencyhigh summary: Kubelet Pod startup latency is too high. expr: | histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 @@ -613,7 +613,7 @@ spec: - alert: KubeletClientCertificateExpiration annotations: description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | kubelet_certificate_manager_client_ttl_seconds < 604800 @@ -622,7 +622,7 @@ spec: - alert: KubeletClientCertificateExpiration annotations: description: Client certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificateexpiration + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletclientcertificateexpiration summary: Kubelet client certificate is about to expire. expr: | kubelet_certificate_manager_client_ttl_seconds < 86400 @@ -631,7 +631,7 @@ spec: - alert: KubeletServerCertificateExpiration annotations: description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | kubelet_certificate_manager_server_ttl_seconds < 604800 @@ -640,7 +640,7 @@ spec: - alert: KubeletServerCertificateExpiration annotations: description: Server certificate for Kubelet on node {{ $labels.node }} expires in {{ $value | humanizeDuration }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificateexpiration + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletservercertificateexpiration summary: Kubelet server certificate is about to expire. expr: | kubelet_certificate_manager_server_ttl_seconds < 86400 @@ -649,7 +649,7 @@ spec: - alert: KubeletClientCertificateRenewalErrors annotations: description: Kubelet on node {{ $labels.node }} has failed to renew its client certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletclientcertificaterenewalerrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletclientcertificaterenewalerrors summary: Kubelet has failed to renew its client certificate. expr: | increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 @@ -659,7 +659,7 @@ spec: - alert: KubeletServerCertificateRenewalErrors annotations: description: Kubelet on node {{ $labels.node }} has failed to renew its server certificate ({{ $value | humanize }} errors in the last 5 minutes). - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletservercertificaterenewalerrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletservercertificaterenewalerrors summary: Kubelet has failed to renew its server certificate. expr: | increase(kubelet_server_expiration_renew_errors[5m]) > 0 @@ -669,7 +669,7 @@ spec: - alert: KubeletDown annotations: description: Kubelet has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeletdown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeletdown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="kubelet", metrics_path="/metrics"} == 1) @@ -681,7 +681,7 @@ spec: - alert: KubeSchedulerDown annotations: description: KubeScheduler has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubeschedulerdown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeschedulerdown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="kube-scheduler"} == 1) @@ -693,7 +693,7 @@ spec: - alert: KubeControllerManagerDown annotations: description: KubeControllerManager has disappeared from Prometheus target discovery. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/kubecontrollermanagerdown + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecontrollermanagerdown summary: Target disappeared from Prometheus target discovery. expr: | absent(up{job="kube-controller-manager"} == 1) diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 295f35bc..cd91f442 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -17,7 +17,7 @@ spec: - alert: NodeFilesystemSpaceFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 24 hours. expr: | ( @@ -33,7 +33,7 @@ spec: - alert: NodeFilesystemSpaceFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemspacefillingup + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemspacefillingup summary: Filesystem is predicted to run out of space within the next 4 hours. expr: | ( @@ -49,7 +49,7 @@ spec: - alert: NodeFilesystemAlmostOutOfSpace annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutofspace summary: Filesystem has less than 5% space left. expr: | ( @@ -63,7 +63,7 @@ spec: - alert: NodeFilesystemAlmostOutOfSpace annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutofspace + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutofspace summary: Filesystem has less than 3% space left. expr: | ( @@ -77,7 +77,7 @@ spec: - alert: NodeFilesystemFilesFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 24 hours. expr: | ( @@ -93,7 +93,7 @@ spec: - alert: NodeFilesystemFilesFillingUp annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemfilesfillingup + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemfilesfillingup summary: Filesystem is predicted to run out of inodes within the next 4 hours. expr: | ( @@ -109,7 +109,7 @@ spec: - alert: NodeFilesystemAlmostOutOfFiles annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutoffiles summary: Filesystem has less than 5% inodes left. expr: | ( @@ -123,7 +123,7 @@ spec: - alert: NodeFilesystemAlmostOutOfFiles annotations: description: Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefilesystemalmostoutoffiles + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefilesystemalmostoutoffiles summary: Filesystem has less than 3% inodes left. expr: | ( @@ -137,7 +137,7 @@ spec: - alert: NodeNetworkReceiveErrs annotations: description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworkreceiveerrs + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodenetworkreceiveerrs summary: Network interface is reporting many receive errors. expr: | rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 @@ -147,7 +147,7 @@ spec: - alert: NodeNetworkTransmitErrs annotations: description: '{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodenetworktransmiterrs + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodenetworktransmiterrs summary: Network interface is reporting many transmit errors. expr: | rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 @@ -157,7 +157,7 @@ spec: - alert: NodeHighNumberConntrackEntriesUsed annotations: description: '{{ $value | humanizePercentage }} of conntrack entries are used.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodehighnumberconntrackentriesused + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodehighnumberconntrackentriesused summary: Number of conntrack are getting close to the limit. expr: | (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 @@ -166,7 +166,7 @@ spec: - alert: NodeTextFileCollectorScrapeError annotations: description: Node Exporter text file collector failed to scrape. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodetextfilecollectorscrapeerror + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodetextfilecollectorscrapeerror summary: Node Exporter text file collector failed to scrape. expr: | node_textfile_scrape_error{job="node-exporter"} == 1 @@ -175,7 +175,7 @@ spec: - alert: NodeClockSkewDetected annotations: description: Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclockskewdetected + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclockskewdetected summary: Clock skew detected. expr: | ( @@ -195,7 +195,7 @@ spec: - alert: NodeClockNotSynchronising annotations: description: Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodeclocknotsynchronising + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodeclocknotsynchronising summary: Clock not synchronising. expr: | min_over_time(node_timex_sync_status[5m]) == 0 @@ -207,7 +207,7 @@ spec: - alert: NodeRAIDDegraded annotations: description: RAID array '{{ $labels.device }}' on {{ $labels.instance }} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddegraded + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/noderaiddegraded summary: RAID Array is degraded expr: | node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 @@ -217,7 +217,7 @@ spec: - alert: NodeRAIDDiskFailure annotations: description: At least one device in RAID array on {{ $labels.instance }} failed. Array '{{ $labels.device }}' needs attention and possibly a disk swap. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/noderaiddiskfailure + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/noderaiddiskfailure summary: Failed device in RAID array expr: | node_md_disks{state="failed"} > 0 @@ -226,7 +226,7 @@ spec: - alert: NodeFileDescriptorLimit annotations: description: File descriptors limit at {{ $labels.instance }} is currently at {{ printf "%.2f" $value }}%. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefiledescriptorlimit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefiledescriptorlimit summary: Kernel is predicted to exhaust file descriptors limit soon. expr: | ( @@ -238,7 +238,7 @@ spec: - alert: NodeFileDescriptorLimit annotations: description: File descriptors limit at {{ $labels.instance }} is currently at {{ printf "%.2f" $value }}%. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/nodefiledescriptorlimit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/node/nodefiledescriptorlimit summary: Kernel is predicted to exhaust file descriptors limit soon. expr: | ( diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index 141af2eb..3d462c51 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -17,7 +17,7 @@ spec: - alert: PrometheusOperatorListErrors annotations: description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorlisterrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorlisterrors summary: Errors while performing list operations in controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 @@ -27,7 +27,7 @@ spec: - alert: PrometheusOperatorWatchErrors annotations: description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorwatcherrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorwatcherrors summary: Errors while performing watch operations in controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-operator",namespace="monitoring"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-operator",namespace="monitoring"}[10m]))) > 0.4 @@ -37,7 +37,7 @@ spec: - alert: PrometheusOperatorSyncFailed annotations: description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorsyncfailed + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorsyncfailed summary: Last controller reconciliation failed expr: | min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 @@ -47,7 +47,7 @@ spec: - alert: PrometheusOperatorReconcileErrors annotations: description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorreconcileerrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorreconcileerrors summary: Errors while reconciling controller. expr: | (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-operator",namespace="monitoring"}[5m]))) > 0.1 @@ -57,7 +57,7 @@ spec: - alert: PrometheusOperatorNodeLookupErrors annotations: description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornodelookuperrors + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatornodelookuperrors summary: Errors while reconciling Prometheus. expr: | rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-operator",namespace="monitoring"}[5m]) > 0.1 @@ -67,7 +67,7 @@ spec: - alert: PrometheusOperatorNotReady annotations: description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatornotready + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatornotready summary: Prometheus operator not ready expr: | min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="prometheus-operator",namespace="monitoring"}[5m]) == 0) @@ -77,7 +77,7 @@ spec: - alert: PrometheusOperatorRejectedResources annotations: description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoperatorrejectedresources + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorrejectedresources summary: Resources rejected by Prometheus operator expr: | min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-operator",namespace="monitoring"}[5m]) > 0 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index c9063ba0..5dd5b248 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -17,7 +17,7 @@ spec: - alert: PrometheusBadConfig annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to reload its configuration. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusbadconfig + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusbadconfig summary: Failed Prometheus configuration reload. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -29,7 +29,7 @@ spec: - alert: PrometheusNotificationQueueRunningFull annotations: description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotificationqueuerunningfull + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusnotificationqueuerunningfull summary: Prometheus alert notification queue predicted to run full in less than 30m. expr: | # Without min_over_time, failed scrapes could create false negatives, see @@ -45,7 +45,7 @@ spec: - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers annotations: description: '{{ printf "%.1f" $value }}% errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to Alertmanager {{$labels.alertmanager}}.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuserrorsendingalertstosomealertmanagers + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheuserrorsendingalertstosomealertmanagers summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. expr: | ( @@ -61,7 +61,7 @@ spec: - alert: PrometheusNotConnectedToAlertmanagers annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not connected to any Alertmanagers. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotconnectedtoalertmanagers + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusnotconnectedtoalertmanagers summary: Prometheus is not connected to any Alertmanagers. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -73,7 +73,7 @@ spec: - alert: PrometheusTSDBReloadsFailing annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} reload failures over the last 3h. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustsdbreloadsfailing + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheustsdbreloadsfailing summary: Prometheus has issues reloading blocks from disk. expr: | increase(prometheus_tsdb_reloads_failures_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -83,7 +83,7 @@ spec: - alert: PrometheusTSDBCompactionsFailing annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has detected {{$value | humanize}} compaction failures over the last 3h. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustsdbcompactionsfailing + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheustsdbcompactionsfailing summary: Prometheus has issues compacting blocks. expr: | increase(prometheus_tsdb_compactions_failed_total{job="prometheus-k8s",namespace="monitoring"}[3h]) > 0 @@ -93,7 +93,7 @@ spec: - alert: PrometheusNotIngestingSamples annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is not ingesting samples. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusnotingestingsamples + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusnotingestingsamples summary: Prometheus is not ingesting samples. expr: | ( @@ -111,7 +111,7 @@ spec: - alert: PrometheusDuplicateTimestamps annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with different values but duplicated timestamp. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusduplicatetimestamps + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusduplicatetimestamps summary: Prometheus is dropping samples with duplicate timestamps. expr: | rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -121,7 +121,7 @@ spec: - alert: PrometheusOutOfOrderTimestamps annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} is dropping {{ printf "%.4g" $value }} samples/s with timestamps arriving out of order. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusoutofordertimestamps + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusoutofordertimestamps summary: Prometheus drops samples with out-of-order timestamps. expr: | rate(prometheus_target_scrapes_sample_out_of_order_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -131,7 +131,7 @@ spec: - alert: PrometheusRemoteStorageFailures annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} failed to send {{ printf "%.1f" $value }}% of the samples to {{ $labels.remote_name}}:{{ $labels.url }} - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotestoragefailures + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusremotestoragefailures summary: Prometheus fails to send samples to remote storage. expr: | ( @@ -151,7 +151,7 @@ spec: - alert: PrometheusRemoteWriteBehind annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write is {{ printf "%.1f" $value }}s behind for {{ $labels.remote_name}}:{{ $labels.url }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotewritebehind + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusremotewritebehind summary: Prometheus remote write is behind. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -168,7 +168,7 @@ spec: - alert: PrometheusRemoteWriteDesiredShards annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} remote write desired shards calculation wants to run {{ $value }} shards for queue {{ $labels.remote_name}}:{{ $labels.url }}, which is more than the max of {{ printf `prometheus_remote_storage_shards_max{instance="%s",job="prometheus-k8s",namespace="monitoring"}` $labels.instance | query | first | value }}. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusremotewritedesiredshards + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusremotewritedesiredshards summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. expr: | # Without max_over_time, failed scrapes could create false negatives, see @@ -184,7 +184,7 @@ spec: - alert: PrometheusRuleFailures annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to evaluate {{ printf "%.0f" $value }} rules in the last 5m. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusrulefailures + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusrulefailures summary: Prometheus is failing rule evaluations. expr: | increase(prometheus_rule_evaluation_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -194,7 +194,7 @@ spec: - alert: PrometheusMissingRuleEvaluations annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has missed {{ printf "%.0f" $value }} rule group evaluations in the last 5m. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheusmissingruleevaluations + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheusmissingruleevaluations summary: Prometheus is missing rule evaluations due to slow rule group evaluation. expr: | increase(prometheus_rule_group_iterations_missed_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -204,7 +204,7 @@ spec: - alert: PrometheusTargetLimitHit annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because the number of targets exceeded the configured target_limit. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustargetlimithit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheustargetlimithit summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. expr: | increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -214,7 +214,7 @@ spec: - alert: PrometheusLabelLimitHit annotations: description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has dropped {{ printf "%.0f" $value }} targets because some samples exceeded the configured label_limit, label_name_length_limit or label_value_length_limit. - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuslabellimithit + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheuslabellimithit summary: Prometheus has dropped targets because some scrape configs have exceeded the labels limit. expr: | increase(prometheus_target_scrape_pool_exceeded_label_limits_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0 @@ -224,7 +224,7 @@ spec: - alert: PrometheusTargetSyncFailure annotations: description: '{{ printf "%.0f" $value }} targets in Prometheus {{$labels.namespace}}/{{$labels.pod}} have failed to sync because invalid configuration was supplied.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheustargetsyncfailure + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheustargetsyncfailure summary: Prometheus has failed to sync targets. expr: | increase(prometheus_target_sync_failed_total{job="prometheus-k8s",namespace="monitoring"}[30m]) > 0 @@ -234,7 +234,7 @@ spec: - alert: PrometheusErrorSendingAlertsToAnyAlertmanager annotations: description: '{{ printf "%.1f" $value }}% minimum errors while sending alerts from Prometheus {{$labels.namespace}}/{{$labels.pod}} to any Alertmanager.' - runbook_url: https://github.com/prometheus-operator/kube-prometheus/wiki/prometheuserrorsendingalertstoanyalertmanager + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheuserrorsendingalertstoanyalertmanager summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. expr: | min without (alertmanager) ( From acd1eeba4c09eaabe9cf184259b1f317cb2a8fc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Thu, 22 Jul 2021 18:26:24 +0200 Subject: [PATCH 344/388] node.libsonnet: Fix small typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Rüger --- .../kube-prometheus/components/mixin/alerts/node.libsonnet | 4 ++-- manifests/kube-prometheus-prometheusRule.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet index d022c599..5bad9bf8 100644 --- a/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet +++ b/jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet @@ -7,8 +7,8 @@ { alert: 'NodeNetworkInterfaceFlapping', annotations: { - summary: "Network interface is often changin it's status", - description: 'Network interface "{{ $labels.device }}" changing it\'s up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', + summary: 'Network interface is often changing its status', + description: 'Network interface "{{ $labels.device }}" changing its up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', }, expr: ||| changes(node_network_up{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 2 diff --git a/manifests/kube-prometheus-prometheusRule.yaml b/manifests/kube-prometheus-prometheusRule.yaml index 84c2da68..f9778154 100644 --- a/manifests/kube-prometheus-prometheusRule.yaml +++ b/manifests/kube-prometheus-prometheusRule.yaml @@ -39,9 +39,9 @@ spec: rules: - alert: NodeNetworkInterfaceFlapping annotations: - description: Network interface "{{ $labels.device }}" changing it's up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} + description: Network interface "{{ $labels.device }}" changing its up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }} runbook_url: https://runbooks.prometheus-operator.dev/runbooks/general/nodenetworkinterfaceflapping - summary: Network interface is often changin it's status + summary: Network interface is often changing its status expr: | changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 for: 2m From 3a98a3478cde3d309ad7a8b9f09323b0d173359d Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Fri, 23 Jul 2021 13:29:39 -0700 Subject: [PATCH 345/388] eks: Fix CNI metrics relabelings Signed-off-by: Maxime Brunet --- .../kube-prometheus/platforms/eks.libsonnet | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index b81d1cce..d99885d8 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -31,15 +31,6 @@ name: 'cni-metrics-port', port: 61678, targetPort: 61678, - relabelings: [ - { - action: 'replace', - regex: '(.*)', - replacement: '$1', - sourceLabels: ['__meta_kubernetes_pod_node_name'], - targetLabel: 'instance', - }, - ], }, ], selector: { 'app.kubernetes.io/name': 'aws-node' }, @@ -74,6 +65,15 @@ port: 'cni-metrics-port', interval: '30s', path: '/metrics', + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], }, ], }, From 05c72f83efb56ed1be1e850b31e8b58adcb4fa70 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 26 Jul 2021 13:44:14 +0000 Subject: [PATCH 346/388] [bot] Automated version update --- jsonnetfile.lock.json | 24 +++---- ...r-0podmonitorCustomResourceDefinition.yaml | 71 +++++++++++++++++++ ...erator-0probeCustomResourceDefinition.yaml | 71 +++++++++++++++++++ ...ervicemonitorCustomResourceDefinition.yaml | 71 +++++++++++++++++++ 4 files changed, 225 insertions(+), 12 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index f5acf81c..f824fafb 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "a1fd98c6b0c4c5bc9e36ac45154e6a44d4c31bcb", + "version": "53d234f1fe2b4212bd8538cd694db8fedc375549", "sum": "PPTfil9MoAqtyW+hHJuAj3Ap86pB86vIHativ9R5c4I=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "2a6bdb7df17539b27869bab8b04eab0cc69a7abb", + "version": "a20c679492aae363414dce23bc63da09cf8a7287", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "1d61fc146160a94ad6b932b9fc5124bc43a5e00c", + "version": "58869f0c5e2e099e712b9c2c2123402ed90abc0b", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "1d61fc146160a94ad6b932b9fc5124bc43a5e00c", + "version": "58869f0c5e2e099e712b9c2c2123402ed90abc0b", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "1a0708426f2cb2d6613ea66b5ce2a4e166917539", + "version": "3f047bc9c74105ba774aff726798a66b81409f7f", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "1a0708426f2cb2d6613ea66b5ce2a4e166917539", - "sum": "r10jPrynhhJrBBh++pWad5ebvBiLhecjwmv4FN5imxQ=" + "version": "3f047bc9c74105ba774aff726798a66b81409f7f", + "sum": "TcXPVhn0BIFCf5mWa6hyIljVl13ItwPjyeiwro56kjE=" }, { "source": { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "8491f816296b26bd4efe3aa4164fe72a7cd329de", + "version": "3d86bd709df88e2b95a09636cf36b77a9d79af51", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,8 +120,8 @@ "subdir": "docs/node-mixin" } }, - "version": "12968948aec1e2b216a2ecefc45cf3a50671aecb", - "sum": "aNKe0IYZwwYJSixqP5VMQpKZnquGKHHkYT0lIo3pmWM=" + "version": "129b5f5b5f4b8d2427df1790cef380e52669325b", + "sum": "r1ZfMhHo+ijlUkaD7fHrELSofWteq6exirgW/aMpnmE=" }, { "source": { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "a1c1313b3c86b1d50a2f099f4f2697ccb01388e4", + "version": "79d354ad2e7c3d510a7811176d5ffcd1b29c8b77", "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "731a5ae9da195c37bc2eb18257ffbf4bd72238c1", + "version": "0f5223beb7e9cb7e62f0227bf5649deb851e6112", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 5897c240..1d25f7a5 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -141,6 +141,77 @@ spec: type: string type: object type: array + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object params: additionalProperties: items: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 0d36514d..8d181031 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -90,6 +90,77 @@ spec: module: description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object prober: description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. properties: diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index 60543cc3..a112b242 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -129,6 +129,77 @@ spec: type: string type: object type: array + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object params: additionalProperties: items: From 7b7c346aa0e499ff2e3d16cbd87b79f654ad9a82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Krupa?= Date: Tue, 27 Jul 2021 08:33:08 +0200 Subject: [PATCH 347/388] Use @prom-op-bot for automatic updates --- .github/workflows/versions.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index cacc5227..895c59a0 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -53,5 +53,4 @@ jobs: delete-branch: true # GITHUB_TOKEN cannot be used as it won't trigger CI in a created PR # More in https://github.com/peter-evans/create-pull-request/issues/155 - # TODO(paulfantom) Consider running this from a special bot account. - token: ${{ secrets.PAT }} + token: ${{ secrets.PROM_OP_BOT_PAT }} From ed483918312b93675b91f9f6271e2cb4d65b1268 Mon Sep 17 00:00:00 2001 From: lanmarti Date: Tue, 27 Jul 2021 12:12:41 +0200 Subject: [PATCH 348/388] Add resource requests and limits to prometheus-adapter container --- .../components/prometheus-adapter.libsonnet | 1 + jsonnetfile.lock.json | 6 +++--- manifests/prometheus-adapter-deployment.yaml | 7 +++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet index 85daffef..86d0475a 100644 --- a/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet @@ -206,6 +206,7 @@ function(params) { '--secure-port=6443', '--tls-cipher-suites=' + std.join(',', pa._config.tlsCipherSuites), ], + resources: pa._config.resources, ports: [{ containerPort: 6443 }], volumeMounts: [ { name: 'tmpfs', mountPath: '/tmp', readOnly: false }, diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index f824fafb..b6d6aead 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "a20c679492aae363414dce23bc63da09cf8a7287", + "version": "4c6f9dabceb944ce894d79eeb516c98694f5759f", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "79d354ad2e7c3d510a7811176d5ffcd1b29c8b77", + "version": "507d61fdeb4540c34102f41b7286895ecec19324", "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "0f5223beb7e9cb7e62f0227bf5649deb851e6112", + "version": "83419bc5e3c5f667410a04c1c9920e27c3779162", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index 475eaf53..fa51694d 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -40,6 +40,13 @@ spec: name: prometheus-adapter ports: - containerPort: 6443 + resources: + limits: + cpu: 250m + memory: 180Mi + requests: + cpu: 102m + memory: 180Mi volumeMounts: - mountPath: /tmp name: tmpfs From 09fdac739deb9f6a43ca1e7da1f713e4e5a5ee7d Mon Sep 17 00:00:00 2001 From: Prashant Balachandran Date: Tue, 27 Jul 2021 17:17:19 +0530 Subject: [PATCH 349/388] changing node exporter ignore list --- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 4 ++-- manifests/node-exporter-daemonset.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 5530d16a..d59d22e7 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -178,8 +178,8 @@ function(params) { // NOTE: ignore veth network interface associated with containers. // OVN renames veth.* to @if where X is /sys/class/net//ifindex // thus [a-z0-9] regex below - '--collector.netclass.ignored-devices=^(veth.*|[a-z0-9]+@if\\d+)$', - '--collector.netdev.device-exclude=^(veth.*|[a-z0-9]+@if\\d+)$', + '--collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$', + '--collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$', ], volumeMounts: [ { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true }, diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index 21ad1fe0..e414d12b 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -30,8 +30,8 @@ spec: - --no-collector.wifi - --no-collector.hwmon - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - - --collector.netclass.ignored-devices=^(veth.*|[a-z0-9]+@if\d+)$ - - --collector.netdev.device-exclude=^(veth.*|[a-z0-9]+@if\d+)$ + - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$ + - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$ image: quay.io/prometheus/node-exporter:v1.2.0 name: node-exporter resources: From b7fe018d29836975ed9efa2e344daf781aaae2c8 Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Sat, 31 Jul 2021 11:37:12 -0700 Subject: [PATCH 350/388] eks: Revert back to `awscni_total_ip_addresses`-based alert --- .../kube-prometheus/platforms/eks.libsonnet | 40 ++++++++++++------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index d99885d8..ad188837 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -1,8 +1,13 @@ (import '../addons/managed-cluster.libsonnet') + { values+:: { - eks: { - minimumAvailableIPs: 10, - minimumAvailableIPsTime: '10m', + awsVpcCni: { + // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`. + // + // References: + // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md + // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71 + minimumWarmIPs: 10, + minimumWarmIPsTime: '10m', }, }, kubernetesControlPlane+: { @@ -17,7 +22,8 @@ ], }, }, - AwsEksCniMetricService: { + + serviceAwsVpcCniMetrics: { apiVersion: 'v1', kind: 'Service', metadata: { @@ -38,14 +44,14 @@ }, }, - serviceMonitorAwsEksCNI: { + serviceMonitorAwsVpcCni: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata: { - name: 'awsekscni', + name: 'aws-node', namespace: $.values.common.namespace, labels: { - 'app.kubernetes.io/name': 'eks-cni', + 'app.kubernetes.io/name': 'aws-node', }, }, spec: { @@ -78,30 +84,34 @@ ], }, }, - prometheusRuleEksCNI: { + + prometheusRuleAwsVpcCni: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels, - name: 'eks-rules', + name: 'aws-vpc-cni-rules', namespace: $.prometheus._config.namespace, }, spec: { groups: [ { - name: 'kube-prometheus-eks.rules', + name: 'kube-prometheus-aws-vpc-cni.rules', rules: [ { - expr: 'sum by(instance) (awscni_ip_max) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.eks.minimumAvailableIPs, + expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs, labels: { severity: 'critical', }, annotations: { - summary: 'EKS CNI is running low on available IPs', - description: 'Instance {{ $labels.instance }} has only {{ $value }} IPs available which is lower than set threshold of %s' % $.values.eks.minimumAvailableIPs, + summary: 'AWS VPC CNI has a low warm IP pool', + description: ||| + Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s. + It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API. + ||| % $.values.awsVpcCni.minimumWarmIPs, }, - 'for': $.values.eks.minimumAvailableIPsTime, - alert: 'EksCNILowAvailableIPs', + 'for': $.values.awsVpcCni.minimumWarmIPsTime, + alert: 'AwsVpcCniWarmIPsLow', }, ], }, From 7542a1b05531df8d596a7c69711ba6d6fee83f70 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 2 Aug 2021 12:25:03 +0200 Subject: [PATCH 351/388] .github: automate release branch updates Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 895c59a0..c5dd878c 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -6,8 +6,15 @@ on: jobs: versions: runs-on: ubuntu-latest + strategy: + matrix: + branch: + - 'release-0.8' + - 'main' steps: - uses: actions/checkout@v2 + with: + ref: ${{ matrix.branch }} - uses: actions/setup-go@v2 with: go-version: 1.16 @@ -17,6 +24,7 @@ jobs: # Write to temporary file to make update atomic scripts/generate-versions.sh > /tmp/versions.json mv /tmp/versions.json jsonnet/kube-prometheus/versions.json + if: ${{ matrix.branch }} == 'main' - name: Update jsonnet dependencies run: | make update @@ -30,8 +38,8 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@v3 with: - commit-message: "[bot] Automated version update" - title: "[bot] Automated version update" + commit-message: "[bot] [${{ matrix.branch }}] Automated version update" + title: "[bot] [${{ matrix.branch }}] Automated version update" body: | ## Description @@ -49,7 +57,7 @@ jobs: ``` team-reviewers: kube-prometheus-reviewers - branch: automated-updates + branch: automated-updates-${{ matrix.branch }} delete-branch: true # GITHUB_TOKEN cannot be used as it won't trigger CI in a created PR # More in https://github.com/peter-evans/create-pull-request/issues/155 From 20f3cfaaeb8e5c8767f24be6b16ddc86c2eff3e6 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 2 Aug 2021 13:38:33 +0200 Subject: [PATCH 352/388] .github: temporarily switch to manual updates Temporarily switch to manual dependencies update workflow to test if it is updated correctly across the different release branch. Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index c5dd878c..f3fa8fa8 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -1,8 +1,6 @@ name: Upgrade to latest versions -on: - schedule: - - cron: '37 13 * * 1' +on: workflow_dispatch jobs: versions: runs-on: ubuntu-latest From 844bdd9c47705fa444df1897a2d447b43aad49ef Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 2 Aug 2021 15:11:41 +0200 Subject: [PATCH 353/388] .github: fix update version skip on release branch Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index f3fa8fa8..df0861c7 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -22,7 +22,7 @@ jobs: # Write to temporary file to make update atomic scripts/generate-versions.sh > /tmp/versions.json mv /tmp/versions.json jsonnet/kube-prometheus/versions.json - if: ${{ matrix.branch }} == 'main' + if: matrix.branch == 'main' - name: Update jsonnet dependencies run: | make update From e97eb0fbe9cc19bbbe9857ba87e4ddbc9ac4057e Mon Sep 17 00:00:00 2001 From: dgrisonnet Date: Mon, 2 Aug 2021 13:37:08 +0000 Subject: [PATCH 354/388] [bot] [main] Automated version update --- jsonnet/kube-prometheus/versions.json | 4 +- jsonnetfile.lock.json | 26 +- manifests/blackbox-exporter-deployment.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 2441 +++++++++-------- manifests/kube-state-metrics-clusterRole.yaml | 2 +- ...kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 10 +- .../kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- .../kube-state-metrics-serviceAccount.yaml | 2 +- .../kube-state-metrics-serviceMonitor.yaml | 2 +- manifests/kubernetes-prometheusRule.yaml | 8 +- manifests/node-exporter-daemonset.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 2 +- 14 files changed, 1352 insertions(+), 1155 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index da5cedaf..45f58cdd 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -2,11 +2,11 @@ "alertmanager": "0.22.2", "blackboxExporter": "0.19.0", "grafana": "8.0.3", - "kubeStateMetrics": "2.1.0", + "kubeStateMetrics": "2.1.1", "nodeExporter": "1.2.0", "prometheus": "2.28.1", "prometheusAdapter": "0.8.4", "prometheusOperator": "0.49.0", - "kubeRbacProxy": "0.10.0", + "kubeRbacProxy": "0.11.0", "configmapReload": "0.5.0" } diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index b6d6aead..71de6da1 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "53d234f1fe2b4212bd8538cd694db8fedc375549", + "version": "2526463e44c4152ee8c6110bd0d0fc5e7f1140e2", "sum": "PPTfil9MoAqtyW+hHJuAj3Ap86pB86vIHativ9R5c4I=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "4c6f9dabceb944ce894d79eeb516c98694f5759f", + "version": "8df6a4ff1623781260c3236761c2ebe837958b3f", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "50dddcc2aecf074c7f7fab92caa87a806e5040fa", - "sum": "H4TcGWDVaNF51ZaGpJwm9rVympjpTtSjl4UCYI8q1LU=" + "version": "25b5047a57352345e478b215370dfcd1fecee27d", + "sum": "z+ksn3PAtR/fYtxgsrrG4euIriyiefZsTUcJaVXdG1Q=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "50dddcc2aecf074c7f7fab92caa87a806e5040fa", + "version": "25b5047a57352345e478b215370dfcd1fecee27d", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "58869f0c5e2e099e712b9c2c2123402ed90abc0b", + "version": "44ddbcf76d062269b9429e6da2e15cb3058e678f", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "58869f0c5e2e099e712b9c2c2123402ed90abc0b", + "version": "44ddbcf76d062269b9429e6da2e15cb3058e678f", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "3f047bc9c74105ba774aff726798a66b81409f7f", + "version": "8008520bc4097d46d2304c6c015cd3e5b6dd3126", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,7 +99,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "3f047bc9c74105ba774aff726798a66b81409f7f", + "version": "8008520bc4097d46d2304c6c015cd3e5b6dd3126", "sum": "TcXPVhn0BIFCf5mWa6hyIljVl13ItwPjyeiwro56kjE=" }, { @@ -120,8 +120,8 @@ "subdir": "docs/node-mixin" } }, - "version": "129b5f5b5f4b8d2427df1790cef380e52669325b", - "sum": "r1ZfMhHo+ijlUkaD7fHrELSofWteq6exirgW/aMpnmE=" + "version": "7fc5c6045aeb1d615296f6daca1f7a77554d5efb", + "sum": "vvgImniWcZVtiU3rEQmeN4DaIktPXNn7u3Zqzdv5bMg=" }, { "source": { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "507d61fdeb4540c34102f41b7286895ecec19324", + "version": "24165adadc889131dbd0143b5c16cd3a079e46cd", "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "83419bc5e3c5f667410a04c1c9920e27c3779162", + "version": "aa148f8fdb281a9ea4c1e5a7ee2e1336d8459c4f", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/blackbox-exporter-deployment.yaml b/manifests/blackbox-exporter-deployment.yaml index 3056073c..e47166bd 100644 --- a/manifests/blackbox-exporter-deployment.yaml +++ b/manifests/blackbox-exporter-deployment.yaml @@ -74,7 +74,7 @@ spec: - --secure-listen-address=:9115 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:19115/ - image: quay.io/brancz/kube-rbac-proxy:v0.10.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9115 diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 0ac51dcc..55cb76db 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -24035,23 +24035,30 @@ items: data: node-cluster-rsrc-use.json: |- { + "__inputs": [ + + ], + "__requires": [ + + ], "annotations": { "list": [ ] }, - "editable": true, + "editable": false, "gnetId": null, - "graphTooltip": 0, + "graphTooltip": 1, "hideControls": false, + "id": null, "links": [ ], - "refresh": "10s", + "refresh": "30s", "rows": [ { "collapse": false, - "height": "250px", + "collapsed": false, "panels": [ { "aliasColors": { @@ -24062,26 +24069,34 @@ items: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, + "rightSide": false, + "show": false, + "sideWidth": null, "total": false, "values": false }, "lines": true, - "linewidth": 0, + "linewidth": 1, "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], @@ -24091,12 +24106,11 @@ items: "steppedLine": false, "targets": [ { - "expr": "(\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n", + "expr": "((\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n *\n instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}\n) != 0 )\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}))\n", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{instance}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 + "legendFormat": "{{ instance }}", + "refId": "A" } ], "thresholds": [ @@ -24106,8 +24120,8 @@ items: "timeShift": null, "title": "CPU Utilisation", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -24125,17 +24139,17 @@ items: "format": "percentunit", "label": null, "logBase": 1, - "max": 1, - "min": 0, + "max": null, + "min": null, "show": true }, { - "format": "short", + "format": "percentunit", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] }, @@ -24148,880 +24162,20 @@ items: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Saturation (load1 per CPU)", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { + "fillGradient": 0, + "gridPos": { }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, "id": 3, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\"}))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Saturation (Major Page Faults)", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "rps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/ Receive/", - "stack": "A" - }, - { - "alias": "/ Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} Receive", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - }, - { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} Transmit", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Net Utilisation (Bytes Receive/Transmit)", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/ Receive/", - "stack": "A" - }, - { - "alias": "/ Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} Receive", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - }, - { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} Transmit", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Net Saturation (Drops Receive/Transmit)", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "rps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{device}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Utilisation", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}} {{device}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Saturation", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk IO", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum without (device) (\n max without (fstype, mountpoint) (\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"} - node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\"}\n )\n) \n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"})))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{instance}}", - "legendLink": "/dashboard/file/node-rsrc-use.json", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk Space Utilisation", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk Space", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - - ], - "templating": { - "list": [ - { - "current": { - "text": "default", - "value": "default" - }, - "hide": 0, - "label": null, - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "utc", - "title": "USE Method / Cluster", - "uid": "", - "version": 0 - } - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/component: grafana - app.kubernetes.io/name: grafana - app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 - name: grafana-dashboard-node-cluster-rsrc-use - namespace: monitoring -- apiVersion: v1 - data: - node-rsrc-use.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 1, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, + "rightSide": false, "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25030,112 +24184,26 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "(\n instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Utilisation", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Saturation", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}}", + "refId": "A" } ], "thresholds": [ @@ -25145,8 +24213,8 @@ items: "timeShift": null, "title": "CPU Saturation (Load1 per CPU)", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25165,16 +24233,16 @@ items: "label": null, "logBase": 1, "max": null, - "min": 0, + "min": null, "show": true }, { - "format": "short", + "format": "percentunit", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] } @@ -25184,11 +24252,12 @@ items: "repeatRowId": null, "showTitle": true, "title": "CPU", - "titleSize": "h6" + "titleSize": "h6", + "type": "row" }, { "collapse": false, - "height": "250px", + "collapsed": false, "panels": [ { "aliasColors": { @@ -25198,14 +24267,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 3, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, + "rightSide": false, + "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25214,26 +24290,26 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", job=\"node-exporter\", instance=\"$instance\"}", + "expr": "(\n instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Memory", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}}", + "refId": "A" } ], "thresholds": [ @@ -25243,8 +24319,8 @@ items: "timeShift": null, "title": "Memory Utilisation", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25263,16 +24339,16 @@ items: "label": null, "logBase": 1, "max": null, - "min": 0, + "min": null, "show": true }, { - "format": "short", + "format": "percentunit", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] }, @@ -25284,14 +24360,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 4, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, + "rightSide": false, "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25300,26 +24383,26 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Major page faults", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}}", + "refId": "A" } ], "thresholds": [ @@ -25329,8 +24412,8 @@ items: "timeShift": null, "title": "Memory Saturation (Major Page Faults)", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25345,20 +24428,20 @@ items: }, "yaxes": [ { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", + "format": "rds", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true + }, + { + "format": "rds", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true } ] } @@ -25368,11 +24451,12 @@ items: "repeatRowId": null, "showTitle": true, "title": "Memory", - "titleSize": "h6" + "titleSize": "h6", + "type": "row" }, { "collapse": false, - "height": "250px", + "collapsed": false, "panels": [ { "aliasColors": { @@ -25382,14 +24466,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 5, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, + "rightSide": false, + "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25398,11 +24489,12 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ { "alias": "/Receive/", @@ -25416,24 +24508,22 @@ items: ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Receive", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}} Receive", + "refId": "A" }, { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Transmit", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}} Transmit", + "refId": "B" } ], "thresholds": [ @@ -25441,10 +24531,10 @@ items: ], "timeFrom": null, "timeShift": null, - "title": "Net Utilisation (Bytes Receive/Transmit)", + "title": "Network Utilisation (Bytes Receive/Transmit)", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25467,12 +24557,12 @@ items: "show": true }, { - "format": "short", + "format": "Bps", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] }, @@ -25484,14 +24574,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 6, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, + "rightSide": false, + "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25500,42 +24597,41 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ { - "alias": "/Receive/", + "alias": "/ Receive/", "stack": "A" }, { - "alias": "/Transmit/", + "alias": "/ Transmit/", "stack": "B", "transform": "negative-Y" } ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Receive drops", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}} Receive", + "refId": "A" }, { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Transmit drops", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}} Transmit", + "refId": "B" } ], "thresholds": [ @@ -25543,10 +24639,10 @@ items: ], "timeFrom": null, "timeShift": null, - "title": "Net Saturation (Drops Receive/Transmit)", + "title": "Network Saturation (Drops Receive/Transmit)", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25561,7 +24657,7 @@ items: }, "yaxes": [ { - "format": "rps", + "format": "Bps", "label": null, "logBase": 1, "max": null, @@ -25569,12 +24665,12 @@ items: "show": true }, { - "format": "short", + "format": "Bps", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] } @@ -25583,12 +24679,13 @@ items: "repeatIteration": null, "repeatRowId": null, "showTitle": true, - "title": "Net", - "titleSize": "h6" + "title": "Network", + "titleSize": "h6", + "type": "row" }, { "collapse": false, - "height": "250px", + "collapsed": false, "panels": [ { "aliasColors": { @@ -25598,14 +24695,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 7, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, + "rightSide": false, + "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25614,26 +24718,26 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "(\n instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{device}}", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}} {{device}}", + "refId": "A" } ], "thresholds": [ @@ -25643,8 +24747,8 @@ items: "timeShift": null, "title": "Disk IO Utilisation", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25663,16 +24767,16 @@ items: "label": null, "logBase": 1, "max": null, - "min": 0, + "min": null, "show": true }, { - "format": "short", + "format": "percentunit", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] }, @@ -25684,14 +24788,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 8, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, - "show": true, + "rightSide": false, + "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25700,26 +24811,26 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], "spaceLength": 10, "span": 6, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "expr": "(\n instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{device}}", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}} {{device}}", + "refId": "A" } ], "thresholds": [ @@ -25729,8 +24840,8 @@ items: "timeShift": null, "title": "Disk IO Saturation", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25749,16 +24860,16 @@ items: "label": null, "logBase": 1, "max": null, - "min": 0, + "min": null, "show": true }, { - "format": "short", + "format": "percentunit", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] } @@ -25768,11 +24879,12 @@ items: "repeatRowId": null, "showTitle": true, "title": "Disk IO", - "titleSize": "h6" + "titleSize": "h6", + "type": "row" }, { "collapse": false, - "height": "250px", + "collapsed": false, "panels": [ { "aliasColors": { @@ -25782,14 +24894,21 @@ items: "dashLength": 10, "dashes": false, "datasource": "$datasource", - "fill": 1, - "id": 9, + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, "legend": { + "alignAsTable": false, "avg": false, "current": false, "max": false, "min": false, + "rightSide": false, "show": false, + "sideWidth": null, "total": false, "values": false }, @@ -25798,26 +24917,26 @@ items: "links": [ ], - "nullPointMode": "null as zero", + "nullPointMode": "null", "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", + "repeat": null, "seriesOverrides": [ ], "spaceLength": 10, "span": 12, - "stack": false, + "stack": true, "steppedLine": false, "targets": [ { - "expr": "1 -\n(\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n/\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n)\n", + "expr": "sum without (device) (\n max without (fstype, mountpoint) ((\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"}\n ) != 0)\n)\n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"})))\n", "format": "time_series", "intervalFactor": 2, - "legendFormat": "{{device}}", - "legendLink": null, - "step": 10 + "legendFormat": "{{instance}}", + "refId": "A" } ], "thresholds": [ @@ -25827,8 +24946,8 @@ items: "timeShift": null, "title": "Disk Space Utilisation", "tooltip": { - "shared": false, - "sort": 0, + "shared": true, + "sort": 2, "value_type": "individual" }, "type": "graph", @@ -25847,16 +24966,16 @@ items: "label": null, "logBase": 1, "max": null, - "min": 0, + "min": null, "show": true }, { - "format": "short", + "format": "percentunit", "label": null, "logBase": 1, "max": null, "min": null, - "show": false + "show": true } ] } @@ -25866,20 +24985,21 @@ items: "repeatRowId": null, "showTitle": true, "title": "Disk Space", - "titleSize": "h6" + "titleSize": "h6", + "type": "row" } ], "schemaVersion": 14, "style": "dark", "tags": [ - + "node-exporter-mixin" ], "templating": { "list": [ { "current": { - "text": "default", - "value": "default" + "text": "Prometheus", + "value": "Prometheus" }, "hide": 0, "label": null, @@ -25895,22 +25015,22 @@ items: { "allValue": null, "current": { - "text": "prod", - "value": "prod" + "text": "", + "value": "" }, "datasource": "$datasource", - "hide": 0, + "hide": 2, "includeAll": false, - "label": "instance", + "label": null, "multi": false, - "name": "instance", + "name": "cluster", "options": [ ], - "query": "label_values(up{job=\"node-exporter\"}, instance)", - "refresh": 1, + "query": "label_values(node_time_seconds, cluster)", + "refresh": 2, "regex": "", - "sort": 2, + "sort": 1, "tagValuesQuery": "", "tags": [ @@ -25951,8 +25071,1085 @@ items: ] }, "timezone": "utc", - "title": "USE Method / Node", - "uid": "", + "title": "Node Exporter / USE Method / Cluster", + "version": 0 + } + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 8.0.3 + name: grafana-dashboard-node-cluster-rsrc-use + namespace: monitoring +- apiVersion: v1 + data: + node-rsrc-use.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 1, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "30s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1 per CPU)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Major page Faults", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rds", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "rds", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive", + "refId": "A" + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive", + "refId": "A" + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n ) != 0\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "node-exporter-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(node_time_seconds, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(node_exporter_build_info{job=\"node-exporter\", cluster=\"$cluster\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "Node Exporter / USE Method / Node", "version": 0 } kind: ConfigMap @@ -25981,13 +26178,13 @@ items: }, "editable": false, "gnetId": null, - "graphTooltip": 0, + "graphTooltip": 1, "hideControls": false, "id": null, "links": [ ], - "refresh": "", + "refresh": "30s", "rows": [ { "collapse": false, @@ -26854,7 +27051,7 @@ items: "schemaVersion": 14, "style": "dark", "tags": [ - + "node-exporter-mixin" ], "templating": { "list": [ @@ -26931,8 +27128,8 @@ items: "30d" ] }, - "timezone": "browser", - "title": "Nodes", + "timezone": "utc", + "title": "Node Exporter / Nodes", "version": 0 } kind: ConfigMap diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index fbfceaeb..698fdb34 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 name: kube-state-metrics rules: - apiGroups: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index bcadf7e4..db2af90f 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index bd290260..6222ef96 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 name: kube-state-metrics namespace: monitoring spec: @@ -23,7 +23,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 spec: containers: - args: @@ -31,7 +31,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.1.0 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.1.1 name: kube-state-metrics resources: limits: @@ -47,7 +47,7 @@ spec: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8081/ - image: quay.io/brancz/kube-rbac-proxy:v0.10.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-main ports: - containerPort: 8443 @@ -68,7 +68,7 @@ spec: - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8082/ - image: quay.io/brancz/kube-rbac-proxy:v0.10.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy-self ports: - containerPort: 9443 diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 237776f2..2f50e5f8 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index 2eb0e7f2..36aa48a2 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index 4c5c9f66..1ab732ea 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index 1fc5d147..148ecefe 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.0 + app.kubernetes.io/version: 2.1.1 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index 1ff25d1f..e54832ad 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -1188,7 +1188,7 @@ spec: sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) @@ -1205,7 +1205,7 @@ spec: sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) @@ -1222,7 +1222,7 @@ spec: sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) @@ -1239,7 +1239,7 @@ spec: sum by (namespace, pod, cluster) ( max by (namespace, pod, container, cluster) ( kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( kube_pod_status_phase{phase=~"Pending|Running"} == 1 ) ) diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index e414d12b..b177635e 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -60,7 +60,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - image: quay.io/brancz/kube-rbac-proxy:v0.10.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 9100 diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index 04a8df3f..a8944ba2 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -48,7 +48,7 @@ spec: - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8080/ - image: quay.io/brancz/kube-rbac-proxy:v0.10.0 + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 8443 From 9e8d1b0a72e916d35c4225e131fc1e7514556f1b Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 2 Aug 2021 15:57:57 +0200 Subject: [PATCH 355/388] .github: add remaining supported release branch Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index df0861c7..8500bba2 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -7,6 +7,9 @@ jobs: strategy: matrix: branch: + - 'release-0.5' + - 'release-0.6' + - 'release-0.7' - 'release-0.8' - 'main' steps: @@ -41,7 +44,7 @@ jobs: body: | ## Description - This is an automated version and jsonnet dependencies update performed from CI on behalf of @paulfantom. + This is an automated version and jsonnet dependencies update performed from CI. Configuration of the workflow is located in `.github/workflows/versions.yaml` From 1040e2bd7044197442ce0f2a50483da79f7829c9 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 2 Aug 2021 17:53:45 +0200 Subject: [PATCH 356/388] .github: allow dispatching version updates manually and run on predefined schedule --- .github/workflows/versions.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 8500bba2..b5563525 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -1,14 +1,15 @@ name: Upgrade to latest versions -on: workflow_dispatch +on: + workflow_dispatch: + schedule: + - cron: '37 7 * * 1' jobs: versions: runs-on: ubuntu-latest strategy: matrix: branch: - - 'release-0.5' - - 'release-0.6' - 'release-0.7' - 'release-0.8' - 'main' From d3ccfb822091fd47b2afa79773127b86669333b1 Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Mon, 2 Aug 2021 11:19:14 -0700 Subject: [PATCH 357/388] Turn AWS VPC CNI into a control plane add-on --- .../addons/aws-vpc-cni.libsonnet | 110 ++++++++++++++++++ .../kube-prometheus/platforms/eks.libsonnet | 108 +---------------- 2 files changed, 111 insertions(+), 107 deletions(-) create mode 100644 jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet diff --git a/jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet b/jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet new file mode 100644 index 00000000..61e7aaa4 --- /dev/null +++ b/jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet @@ -0,0 +1,110 @@ +{ + values+:: { + awsVpcCni: { + // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`. + // + // References: + // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md + // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71 + minimumWarmIPs: 10, + minimumWarmIPsTime: '10m', + }, + }, + kubernetesControlPlane+: { + serviceAwsVpcCni: { + apiVersion: 'v1', + kind: 'Service', + metadata: { + name: 'aws-node', + namespace: 'kube-system', + labels: { 'app.kubernetes.io/name': 'aws-node' }, + }, + spec: { + ports: [ + { + name: 'cni-metrics-port', + port: 61678, + targetPort: 61678, + }, + ], + selector: { 'app.kubernetes.io/name': 'aws-node' }, + clusterIP: 'None', + }, + }, + + serviceMonitorAwsVpcCni: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'ServiceMonitor', + metadata: { + name: 'aws-node', + namespace: $.values.common.namespace, + labels: { + 'app.kubernetes.io/name': 'aws-node', + }, + }, + spec: { + jobLabel: 'app.kubernetes.io/name', + selector: { + matchLabels: { + 'app.kubernetes.io/name': 'aws-node', + }, + }, + namespaceSelector: { + matchNames: [ + 'kube-system', + ], + }, + endpoints: [ + { + port: 'cni-metrics-port', + interval: '30s', + path: '/metrics', + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], + }, + ], + }, + }, + + prometheusRuleAwsVpcCni: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels, + name: 'aws-vpc-cni-rules', + namespace: $.prometheus._config.namespace, + }, + spec: { + groups: [ + { + name: 'aws-vpc-cni.rules', + rules: [ + { + expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs, + labels: { + severity: 'critical', + }, + annotations: { + summary: 'AWS VPC CNI has a low warm IP pool', + description: ||| + Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s. + It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API. + ||| % $.values.awsVpcCni.minimumWarmIPs, + }, + 'for': $.values.awsVpcCni.minimumWarmIPsTime, + alert: 'AwsVpcCniWarmIPsLow', + }, + ], + }, + ], + }, + }, + }, +} diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet index ad188837..f46709f2 100644 --- a/jsonnet/kube-prometheus/platforms/eks.libsonnet +++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet @@ -1,15 +1,5 @@ +(import '../addons/aws-vpc-cni.libsonnet') + (import '../addons/managed-cluster.libsonnet') + { - values+:: { - awsVpcCni: { - // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`. - // - // References: - // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md - // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71 - minimumWarmIPs: 10, - minimumWarmIPsTime: '10m', - }, - }, kubernetesControlPlane+: { serviceMonitorCoreDNS+: { spec+: { @@ -22,101 +12,5 @@ ], }, }, - - serviceAwsVpcCniMetrics: { - apiVersion: 'v1', - kind: 'Service', - metadata: { - name: 'aws-node', - namespace: 'kube-system', - labels: { 'app.kubernetes.io/name': 'aws-node' }, - }, - spec: { - ports: [ - { - name: 'cni-metrics-port', - port: 61678, - targetPort: 61678, - }, - ], - selector: { 'app.kubernetes.io/name': 'aws-node' }, - clusterIP: 'None', - }, - }, - - serviceMonitorAwsVpcCni: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'aws-node', - namespace: $.values.common.namespace, - labels: { - 'app.kubernetes.io/name': 'aws-node', - }, - }, - spec: { - jobLabel: 'app.kubernetes.io/name', - selector: { - matchLabels: { - 'app.kubernetes.io/name': 'aws-node', - }, - }, - namespaceSelector: { - matchNames: [ - 'kube-system', - ], - }, - endpoints: [ - { - port: 'cni-metrics-port', - interval: '30s', - path: '/metrics', - relabelings: [ - { - action: 'replace', - regex: '(.*)', - replacement: '$1', - sourceLabels: ['__meta_kubernetes_pod_node_name'], - targetLabel: 'instance', - }, - ], - }, - ], - }, - }, - - prometheusRuleAwsVpcCni: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'PrometheusRule', - metadata: { - labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels, - name: 'aws-vpc-cni-rules', - namespace: $.prometheus._config.namespace, - }, - spec: { - groups: [ - { - name: 'kube-prometheus-aws-vpc-cni.rules', - rules: [ - { - expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs, - labels: { - severity: 'critical', - }, - annotations: { - summary: 'AWS VPC CNI has a low warm IP pool', - description: ||| - Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s. - It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API. - ||| % $.values.awsVpcCni.minimumWarmIPs, - }, - 'for': $.values.awsVpcCni.minimumWarmIPsTime, - alert: 'AwsVpcCniWarmIPsLow', - }, - ], - }, - ], - }, - }, }, } From 0e7dc97bc51161ed131c7884772d7675d0518c1e Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Mon, 2 Aug 2021 12:21:49 -0700 Subject: [PATCH 358/388] Create Thanos Sidecar rules separately from Prometheus ones --- .../components/prometheus.libsonnet | 45 +++++++++++++------ 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 5e1c9e33..a9d0100a 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -50,20 +50,21 @@ function(params) { assert std.isObject(p._config.resources), assert std.isObject(p._config.mixin._config), - mixin:: (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + - (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') + ( - if p._config.thanos != {} then - (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + { - targetGroups: {}, - sidecar: { - selector: p._config.mixin._config.thanosSelector, - dimensions: std.join(', ', ['job', 'instance']), - }, - } - else {} - ) { - _config+:: p._config.mixin._config, - }, + mixin:: + (import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') + { + _config+:: p._config.mixin._config, + }, + + mixinThanos:: + (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') + { + targetGroups: {}, + sidecar: { + selector: p._config.mixin._config.thanosSelector, + dimensions: std.join(', ', ['job', 'instance']), + }, + }, prometheusRule: { apiVersion: 'monitoring.coreos.com/v1', @@ -327,6 +328,22 @@ function(params) { }, }, + // Include thanos sidecar PrometheusRule only if thanos config was passed by user + [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'prometheusRuleThanosSidecar']: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PrometheusRule', + metadata: { + labels: p._config.commonLabels + p._config.mixin.ruleLabels, + name: 'prometheus-' + p._config.name + '-thanos-sidecar-rules', + namespace: p._config.namespace, + }, + spec: { + local r = if std.objectHasAll(p.mixinThanos, 'prometheusRules') then p.mixinThanos.prometheusRules.groups else [], + local a = if std.objectHasAll(p.mixinThanos, 'prometheusAlerts') then p.mixinThanos.prometheusAlerts.groups else [], + groups: a + r, + }, + }, + // Include thanos sidecar Service only if thanos config was passed by user [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceThanosSidecar']: { apiVersion: 'v1', From 0b49c3102df4233c17299ecaccbc180413a20743 Mon Sep 17 00:00:00 2001 From: Luis Vidal Ernst Date: Mon, 12 Jul 2021 13:59:45 +0200 Subject: [PATCH 359/388] Added PodMonitor for kube-proxy --- README.md | 8 ++++ examples/kubeProxy.jsonnet | 20 ++++++++++ .../components/k8s-control-plane.libsonnet | 40 +++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 examples/kubeProxy.jsonnet diff --git a/README.md b/README.md index 528199e8..425b2d40 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,7 @@ If you are migrating from `release-0.7` branch or earlier please read [what chan - [Authentication problem](#authentication-problem) - [Authorization problem](#authorization-problem) - [kube-state-metrics resource usage](#kube-state-metrics-resource-usage) + - [Error retrieving kube-proxy metrics](#error-retrieving-kube-proxy-metrics) - [Contributing](#contributing) - [License](#license) @@ -770,6 +771,13 @@ config. They default to: } ``` +### Error retrieving kube-proxy metrics +By default, kubeadm will configure kube-proxy to listen on 127.0.0.1 for metrics. Because of this prometheus would not be able to scrape these metrics. This would have to be changed to 0.0.0.0 in one of the following two places: + +1. Before cluster initialization, the config file passed to kubeadm init should have KubeProxyConfiguration manifest with the field metricsBindAddress set to 0.0.0.0:10249 +2. If the k8s cluster is already up and running, we'll have to modify the configmap kube-proxy in the namespace kube-system and set the metricsBindAddress field. After this kube-proxy daemonset would have to be restarted with +`kubectl -n kube-system rollout restart daemonset kube-proxy` + ## Contributing All `.yaml` files in the `/manifests` folder are generated via diff --git a/examples/kubeProxy.jsonnet b/examples/kubeProxy.jsonnet new file mode 100644 index 00000000..03a7b3c7 --- /dev/null +++ b/examples/kubeProxy.jsonnet @@ -0,0 +1,20 @@ +local kp = (import 'kube-prometheus/main.libsonnet') + { + values+:: { + common+: { + namespace: 'monitoring', + }, + + kubernetesControlPlane+: { + kubeProxy: true, + }, + }, +}; + +{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + +{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + +{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + +{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + +{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + +{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + +{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + +{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } diff --git a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet index dbf3474b..f407e3a9 100644 --- a/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet +++ b/jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet @@ -22,6 +22,7 @@ local defaults = { hostNetworkInterfaceSelector: 'device!~"veth.+"', }, }, + kubeProxy: false, }; function(params) { @@ -234,6 +235,45 @@ function(params) { }, }, + [if (defaults + params).kubeProxy then 'podMonitorKubeProxy']: { + apiVersion: 'monitoring.coreos.com/v1', + kind: 'PodMonitor', + metadata: { + labels: { + 'k8s-app': 'kube-proxy', + }, + name: 'kube-proxy', + namespace: k8s._config.namespace, + }, + spec: { + jobLabel: 'k8s-app', + namespaceSelector: { + matchNames: [ + 'kube-system', + ], + }, + selector: { + matchLabels: { + 'k8s-app': 'kube-proxy', + }, + }, + podMetricsEndpoints: [{ + honorLabels: true, + targetPort: 10249, + relabelings: [ + { + action: 'replace', + regex: '(.*)', + replacement: '$1', + sourceLabels: ['__meta_kubernetes_pod_node_name'], + targetLabel: 'instance', + }, + ], + }], + }, + }, + + serviceMonitorCoreDNS: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', From 961f138dd0e479fe33a75ca5cc7d3798d38c4f7f Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Wed, 4 Aug 2021 14:22:06 -0700 Subject: [PATCH 360/388] Add back _config.runbookURLPattern for Thanos Sidecar rules --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index a9d0100a..9a629389 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -59,6 +59,7 @@ function(params) { mixinThanos:: (import 'github.com/thanos-io/thanos/mixin/alerts/sidecar.libsonnet') + (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') + { + _config+:: p._config.mixin._config, targetGroups: {}, sidecar: { selector: p._config.mixin._config.thanosSelector, From f6d6b30aedb9b81282ede8d72a47df12f54be90b Mon Sep 17 00:00:00 2001 From: paulfantom Date: Fri, 6 Aug 2021 14:15:23 +0200 Subject: [PATCH 361/388] jsonnet: use full dependency path --- jsonnet/kube-prometheus/addons/windows.libsonnet | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/windows.libsonnet b/jsonnet/kube-prometheus/addons/windows.libsonnet index 89920322..d97e8ffe 100644 --- a/jsonnet/kube-prometheus/addons/windows.libsonnet +++ b/jsonnet/kube-prometheus/addons/windows.libsonnet @@ -1,5 +1,5 @@ -local windowsdashboards = import 'kubernetes-mixin/dashboards/windows.libsonnet'; -local windowsrules = import 'kubernetes-mixin/rules/windows.libsonnet'; +local windowsdashboards = import 'github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet'; +local windowsrules = import 'github.com/kubernetes-monitoring/kubernetes-mixin/rules/windows.libsonnet'; { values+:: { From 0ffe13c5d2fa70b569fc52619d27167fceabcb64 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 9 Aug 2021 18:59:30 +0200 Subject: [PATCH 362/388] .github: enable auto updates on release branches Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index b5563525..7cb75ae4 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -10,6 +10,8 @@ jobs: strategy: matrix: branch: + - 'release-0.5' + - 'release-0.6' - 'release-0.7' - 'release-0.8' - 'main' From 12cd7fd9ce297866efc8189e99f1d41fd868cb8a Mon Sep 17 00:00:00 2001 From: Dimitrije Manic Date: Wed, 11 Aug 2021 10:05:00 -0400 Subject: [PATCH 363/388] Prometheus ruleSelector defaults to all rules --- jsonnet/kube-prometheus/components/prometheus.libsonnet | 9 ++------- manifests/prometheus-prometheus.yaml | 5 +---- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index 9a629389..a44e5729 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -24,14 +24,9 @@ local defaults = { for labelName in std.objectFields(defaults.commonLabels) if !std.setMember(labelName, ['app.kubernetes.io/version']) } + { prometheus: defaults.name }, - ruleSelector: { - matchLabels: defaults.mixin.ruleLabels, - }, + ruleSelector: {}, mixin: { - ruleLabels: { - role: 'alert-rules', - prometheus: defaults.name, - }, + ruleLabels: {}, _config: { prometheusSelector: 'job="prometheus-' + defaults.name + '",namespace="' + defaults.namespace + '"', prometheusName: '{{$labels.namespace}}/{{$labels.pod}}', diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index 087a7aa2..e41383e9 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -36,10 +36,7 @@ spec: requests: memory: 400Mi ruleNamespaceSelector: {} - ruleSelector: - matchLabels: - prometheus: k8s - role: alert-rules + ruleSelector: {} securityContext: fsGroup: 2000 runAsNonRoot: true From ac75ee6221e177fa3fd6074fee28f8ab7ca9a50a Mon Sep 17 00:00:00 2001 From: Dimitrije Manic Date: Thu, 12 Aug 2021 08:03:16 -0400 Subject: [PATCH 364/388] Updates prometheus-rules documentation --- docs/developing-prometheus-rules-and-grafana-dashboards.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/developing-prometheus-rules-and-grafana-dashboards.md b/docs/developing-prometheus-rules-and-grafana-dashboards.md index 56e7c297..6aa853cd 100644 --- a/docs/developing-prometheus-rules-and-grafana-dashboards.md +++ b/docs/developing-prometheus-rules-and-grafana-dashboards.md @@ -228,7 +228,7 @@ Here the alert `KubeStatefulSetReplicasMismatch` is being filtered out of the gr ```jsonnet local filter = { kubernetesControlPlane+: { - prometheusRule+:: { + prometheusRule+: { spec+: { groups: std.map( function(group) @@ -255,7 +255,7 @@ Here the expression for another alert in the same component is updated from its ```jsonnet local update = { kubernetesControlPlane+: { - prometheusRule+:: { + prometheusRule+: { spec+: { groups: std.map( function(group) From ad3fc8920e27d9ec686f3cca7c35975101e45d7f Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 16 Aug 2021 08:04:51 +0000 Subject: [PATCH 365/388] [bot] [main] Automated version update --- jsonnet/kube-prometheus/versions.json | 6 +- jsonnetfile.lock.json | 32 ++--- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 50 ++++---- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 8 +- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- manifests/kubernetes-prometheusRule.yaml | 30 ++--- manifests/node-exporter-clusterRole.yaml | 2 +- .../node-exporter-clusterRoleBinding.yaml | 2 +- manifests/node-exporter-daemonset.yaml | 6 +- manifests/node-exporter-prometheusRule.yaml | 2 +- manifests/node-exporter-service.yaml | 2 +- manifests/node-exporter-serviceAccount.yaml | 2 +- manifests/node-exporter-serviceMonitor.yaml | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- manifests/prometheus-podDisruptionBudget.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 +- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- ...metheus-roleBindingSpecificNamespaces.yaml | 6 +- manifests/prometheus-roleConfig.yaml | 2 +- .../prometheus-roleSpecificNamespaces.yaml | 6 +- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- ...r-0podmonitorCustomResourceDefinition.yaml | 34 ++++++ ...erator-0probeCustomResourceDefinition.yaml | 42 +++++++ ...r-0prometheusCustomResourceDefinition.yaml | 109 ++++++++++++++++++ ...ervicemonitorCustomResourceDefinition.yaml | 34 ++++++ 32 files changed, 311 insertions(+), 98 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 45f58cdd..ded8b862 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,10 +1,10 @@ { "alertmanager": "0.22.2", "blackboxExporter": "0.19.0", - "grafana": "8.0.3", + "grafana": "8.1.1", "kubeStateMetrics": "2.1.1", - "nodeExporter": "1.2.0", - "prometheus": "2.28.1", + "nodeExporter": "1.2.2", + "prometheus": "2.29.1", "prometheusAdapter": "0.8.4", "prometheusOperator": "0.49.0", "kubeRbacProxy": "0.11.0", diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 71de6da1..e9022e6c 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "2526463e44c4152ee8c6110bd0d0fc5e7f1140e2", - "sum": "PPTfil9MoAqtyW+hHJuAj3Ap86pB86vIHativ9R5c4I=" + "version": "ea24fb850762ce38155738aff5ae71368eadb904", + "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "8df6a4ff1623781260c3236761c2ebe837958b3f", + "version": "e0c0f8caf0296138f7a74f1af5e9964339881788", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "25b5047a57352345e478b215370dfcd1fecee27d", - "sum": "z+ksn3PAtR/fYtxgsrrG4euIriyiefZsTUcJaVXdG1Q=" + "version": "9adde6c4eef082ad05b46124d780f42d6b19b896", + "sum": "y8BjnZprY4KvjPJhLXtTf6MyE6EKFzGjCvxuwc/Ucv8=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "25b5047a57352345e478b215370dfcd1fecee27d", + "version": "9adde6c4eef082ad05b46124d780f42d6b19b896", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "44ddbcf76d062269b9429e6da2e15cb3058e678f", + "version": "16e8f54c9e7f9f4b4ad73002e03e9d0dcee5b1ce", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "44ddbcf76d062269b9429e6da2e15cb3058e678f", + "version": "16e8f54c9e7f9f4b4ad73002e03e9d0dcee5b1ce", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "8008520bc4097d46d2304c6c015cd3e5b6dd3126", + "version": "7649bb8d5c1c0a8900e804dbef44c10057fa7c96", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "8008520bc4097d46d2304c6c015cd3e5b6dd3126", - "sum": "TcXPVhn0BIFCf5mWa6hyIljVl13ItwPjyeiwro56kjE=" + "version": "7649bb8d5c1c0a8900e804dbef44c10057fa7c96", + "sum": "dIYX9ERZvBUcPNcIVwgdWHnc5BDlAlTocAAdyuqu2ig=" }, { "source": { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "3d86bd709df88e2b95a09636cf36b77a9d79af51", + "version": "ff85bec45bdce3d296a229adb47e7d29415f8a05", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,7 +120,7 @@ "subdir": "docs/node-mixin" } }, - "version": "7fc5c6045aeb1d615296f6daca1f7a77554d5efb", + "version": "4356c09ebd2d6c6056855cbb6bc51f34235ad919", "sum": "vvgImniWcZVtiU3rEQmeN4DaIktPXNn7u3Zqzdv5bMg=" }, { @@ -130,8 +130,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "24165adadc889131dbd0143b5c16cd3a079e46cd", - "sum": "G3mFWvwIrrhG6hlPz/hQdE6ZNSim88DlbSDJN7enkhY=", + "version": "bb05485c79084fecd3602eceafca3d554ab88987", + "sum": "AS8WYFi/z10BZSF6DFkKBscjB32XDMM7iIso7CO/FyI=", "name": "prometheus" }, { @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "aa148f8fdb281a9ea4c1e5a7ee2e1336d8459c4f", + "version": "79d9480728052d698691f5e18c032c8332c6656e", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index de658ba8..99929952 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 55cb76db..90438154 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -20850,7 +20850,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22303,7 +22303,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24028,7 +24028,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -25080,7 +25080,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26158,7 +26158,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -27138,7 +27138,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27704,7 +27704,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -28921,7 +28921,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30580,7 +30580,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31722,7 +31722,7 @@ items: "options": [ ], - "query": "label_values(prometheus_build_info, job)", + "query": "label_values(prometheus_build_info{job=\"prometheus-k8s\",namespace=\"monitoring\"}, job)", "refresh": 1, "regex": "", "sort": 2, @@ -31750,7 +31750,7 @@ items: "options": [ ], - "query": "label_values(prometheus_build_info, instance)", + "query": "label_values(prometheus_build_info{job=~\"$job\"}, instance)", "refresh": 1, "regex": "", "sort": 2, @@ -31804,7 +31804,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -33050,7 +33050,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -34139,7 +34139,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35566,7 +35566,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 9e95bdf4..ff6b0951 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 5b954a4b..df081324 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: 94437af43b4bb589dd53fbb6ce41aa2b + checksum/grafana-datasources: fbf9c3b28f5667257167c2cec0ac311a labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 spec: containers: - env: [] - image: grafana/grafana:8.0.3 + image: grafana/grafana:8.1.1 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 2658ce05..7df441f6 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index a3302cc7..226462e5 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.0.3 + app.kubernetes.io/version: 8.1.1 name: grafana namespace: monitoring spec: diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index e54832ad..a7f1f9c9 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -248,32 +248,26 @@ spec: rules: - alert: KubeCPUOvercommit annotations: - description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + description: Cluster has overcommitted CPU resource requests for Pods by {{ $value }} CPU shares and cannot tolerate node failure. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | - sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) - / - sum(kube_node_status_allocatable{resource="cpu"}) - > - ((count(kube_node_status_allocatable{resource="cpu"}) > 1) - 1) / count(kube_node_status_allocatable{resource="cpu"}) - for: 5m + sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0 + and + (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0 + for: 10m labels: severity: warning - alert: KubeMemoryOvercommit annotations: - description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + description: Cluster has overcommitted memory resource requests for Pods by {{ $value }} bytes and cannot tolerate node failure. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | - sum(namespace_memory:kube_pod_container_resource_requests:sum{}) - / - sum(kube_node_status_allocatable{resource="memory"}) - > - ((count(kube_node_status_allocatable{resource="memory"}) > 1) - 1) - / - count(kube_node_status_allocatable{resource="memory"}) - for: 5m + sum(namespace_memory:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0 + and + (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0 + for: 10m labels: severity: warning - alert: KubeCPUQuotaOvercommit @@ -418,9 +412,9 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeclienterrors summary: Kubernetes API server client is experiencing errors. expr: | - (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job, namespace) / - sum(rate(rest_client_requests_total[5m])) by (instance, job)) + sum(rate(rest_client_requests_total[5m])) by (instance, job, namespace)) > 0.01 for: 15m labels: diff --git a/manifests/node-exporter-clusterRole.yaml b/manifests/node-exporter-clusterRole.yaml index aae6d312..fe5db25b 100644 --- a/manifests/node-exporter-clusterRole.yaml +++ b/manifests/node-exporter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 name: node-exporter rules: - apiGroups: diff --git a/manifests/node-exporter-clusterRoleBinding.yaml b/manifests/node-exporter-clusterRoleBinding.yaml index 60004d44..be1016be 100644 --- a/manifests/node-exporter-clusterRoleBinding.yaml +++ b/manifests/node-exporter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 name: node-exporter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml index b177635e..69e14810 100644 --- a/manifests/node-exporter-daemonset.yaml +++ b/manifests/node-exporter-daemonset.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 name: node-exporter namespace: monitoring spec: @@ -20,7 +20,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 spec: containers: - args: @@ -32,7 +32,7 @@ spec: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$ - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$ - image: quay.io/prometheus/node-exporter:v1.2.0 + image: quay.io/prometheus/node-exporter:v1.2.2 name: node-exporter resources: limits: diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index cd91f442..0d582add 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 prometheus: k8s role: alert-rules name: node-exporter-rules diff --git a/manifests/node-exporter-service.yaml b/manifests/node-exporter-service.yaml index 7db5a093..c18c7c75 100644 --- a/manifests/node-exporter-service.yaml +++ b/manifests/node-exporter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 name: node-exporter namespace: monitoring spec: diff --git a/manifests/node-exporter-serviceAccount.yaml b/manifests/node-exporter-serviceAccount.yaml index a45f3d59..343fe6da 100644 --- a/manifests/node-exporter-serviceAccount.yaml +++ b/manifests/node-exporter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 name: node-exporter namespace: monitoring diff --git a/manifests/node-exporter-serviceMonitor.yaml b/manifests/node-exporter-serviceMonitor.yaml index ab0d9cef..6d2edd3a 100644 --- a/manifests/node-exporter-serviceMonitor.yaml +++ b/manifests/node-exporter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: node-exporter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 1.2.0 + app.kubernetes.io/version: 1.2.2 name: node-exporter namespace: monitoring spec: diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index 4d337456..b878982a 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index 54247417..a1096b61 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml index c55ecc42..65303f88 100644 --- a/manifests/prometheus-podDisruptionBudget.yaml +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index e41383e9..cc9b674b 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 prometheus: k8s name: k8s namespace: monitoring @@ -18,7 +18,7 @@ spec: port: web enableFeatures: [] externalLabels: {} - image: quay.io/prometheus/prometheus:v2.28.1 + image: quay.io/prometheus/prometheus:v2.29.1 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -44,4 +44,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.28.1 + version: 2.29.1 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index 5dd5b248..ae5078b8 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index 8e15e69d..a0340332 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index 4cf325c6..78e3ebe2 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index 9f16e65a..c2f1870d 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index 53888f38..53f6e44e 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: default rules: @@ -44,7 +44,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: kube-system rules: @@ -81,7 +81,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 8b196541..611a0f05 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index 45bd92b4..b8c486ba 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index f8f0e878..b9907a17 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.28.1 + app.kubernetes.io/version: 2.29.1 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 1d25f7a5..927a0ba6 100644 --- a/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -35,6 +35,18 @@ spec: jobLabel: description: The label to use to retrieve the job name from. type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer namespaceSelector: description: Selector to select which namespaces the Endpoints objects are discovered from. properties: @@ -52,6 +64,28 @@ spec: items: description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 8d181031..6b69feac 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -32,6 +32,28 @@ spec: spec: description: Specification of desired Ingress selection for target discovery by Prometheus. properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: @@ -87,6 +109,18 @@ spec: jobName: description: The job name assigned to scraped metrics by default. type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer module: description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string @@ -179,9 +213,17 @@ spec: required: - url type: object + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer scrapeTimeout: description: Timeout for scraping metrics from the Prometheus exporter. type: string + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer targets: description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. properties: diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index cd6e2ecb..d35c3060 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -441,6 +441,28 @@ spec: apiVersion: description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". type: string + authorization: + description: Authorization section for this alertmanager endpoint + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object bearerTokenFile: description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. type: string @@ -582,6 +604,31 @@ spec: apiserverConfig: description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. properties: + authorization: + description: Authorization section for accessing apiserver + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + credentialsFile: + description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) + type: string + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: description: BasicAuth allow an endpoint to authenticate over basic authentication properties: @@ -1469,6 +1516,18 @@ spec: items: type: string type: array + enforcedLabelLimit: + description: Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer enforcedNamespaceLabel: description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `ProbeConfig` object) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above)." type: string @@ -2432,6 +2491,31 @@ spec: items: description: RemoteReadSpec defines the remote_read configuration for prometheus. properties: + authorization: + description: Authorization section for remote read + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + credentialsFile: + description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) + type: string + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: description: BasicAuth for the URL. properties: @@ -2674,6 +2758,31 @@ spec: items: description: RemoteWriteSpec defines the remote_write configuration for prometheus. properties: + authorization: + description: Authorization section for remote write + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + credentialsFile: + description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) + type: string + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: description: BasicAuth for the URL. properties: diff --git a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml index a112b242..e5f84771 100644 --- a/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml @@ -37,6 +37,28 @@ spec: items: description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: @@ -366,6 +388,18 @@ spec: jobLabel: description: "Chooses the label of the Kubernetes `Endpoints`. Its value will be used for the `job`-label's value of the created metrics. \n Default & fallback value: the name of the respective Kubernetes `Endpoint`." type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer namespaceSelector: description: Selector to select which namespaces the Kubernetes Endpoints objects are discovered from. properties: From c4113807fbabfa591f0496bc504951a72f74c759 Mon Sep 17 00:00:00 2001 From: paulfantom Date: Mon, 16 Aug 2021 14:14:08 +0200 Subject: [PATCH 366/388] jsonnet: set thanos config to null by default Signed-off-by: paulfantom --- .../kube-prometheus/components/prometheus.libsonnet | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jsonnet/kube-prometheus/components/prometheus.libsonnet b/jsonnet/kube-prometheus/components/prometheus.libsonnet index a44e5729..2df12b96 100644 --- a/jsonnet/kube-prometheus/components/prometheus.libsonnet +++ b/jsonnet/kube-prometheus/components/prometheus.libsonnet @@ -34,7 +34,7 @@ local defaults = { runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/prometheus/%s', }, }, - thanos: {}, + thanos: null, }; @@ -100,7 +100,7 @@ function(params) { { name: 'web', targetPort: 'web', port: 9090 }, ] + ( - if p._config.thanos != {} then + if p._config.thanos != null then [{ name: 'grpc', port: 10901, targetPort: 10901 }] else [] ), @@ -325,7 +325,7 @@ function(params) { }, // Include thanos sidecar PrometheusRule only if thanos config was passed by user - [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'prometheusRuleThanosSidecar']: { + [if std.objectHas(params, 'thanos') && params.thanos != null then 'prometheusRuleThanosSidecar']: { apiVersion: 'monitoring.coreos.com/v1', kind: 'PrometheusRule', metadata: { @@ -341,7 +341,7 @@ function(params) { }, // Include thanos sidecar Service only if thanos config was passed by user - [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceThanosSidecar']: { + [if std.objectHas(params, 'thanos') && params.thanos != null then 'serviceThanosSidecar']: { apiVersion: 'v1', kind: 'Service', metadata+: { @@ -366,7 +366,7 @@ function(params) { }, // Include thanos sidecar ServiceMonitor only if thanos config was passed by user - [if std.objectHas(params, 'thanos') && std.length(params.thanos) > 0 then 'serviceMonitorThanosSidecar']: { + [if std.objectHas(params, 'thanos') && params.thanos != null then 'serviceMonitorThanosSidecar']: { apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor', metadata+: { From 24b0e699e4f893077c360bcfcd41b8ca911b1c19 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 16 Aug 2021 18:51:30 +0200 Subject: [PATCH 367/388] .github: fix automated update in CI Automated dependencies update in CI was failing whenever no new changes were detected since git diff was returning 1. Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 7cb75ae4..5807f5e1 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -35,8 +35,8 @@ jobs: make generate # Reset jsonnetfile.lock.json if no dependencies were updated - changedFiles=$(git diff --name-only | grep -v 'jsonnetfile.lock.json') - if [[ $changedFiles == "" ]]; then + changedFiles=$(git diff --name-only | grep -v 'jsonnetfile.lock.json' | wc -l) + if [[ "$changedFiles" -eq 0 ]]; then git checkout -- jsonnetfile.lock.json; fi - name: Create Pull Request From 6ade9e5c7d85b76422ac6459f320511b25e40d5b Mon Sep 17 00:00:00 2001 From: dgrisonnet Date: Tue, 17 Aug 2021 08:05:49 +0000 Subject: [PATCH 368/388] [bot] [main] Automated version update --- jsonnetfile.lock.json | 22 +++++++++---------- manifests/grafana-dashboardDefinitions.yaml | 18 +++++++-------- manifests/node-exporter-prometheusRule.yaml | 4 ++-- ...r-0prometheusCustomResourceDefinition.yaml | 3 +++ ...rometheusruleCustomResourceDefinition.yaml | 2 ++ 5 files changed, 27 insertions(+), 22 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index e9022e6c..940c9c4e 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "ea24fb850762ce38155738aff5ae71368eadb904", + "version": "ab9563dc8e4d84d06080c765f9c6c0d50313f794", "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "e0c0f8caf0296138f7a74f1af5e9964339881788", + "version": "0d13e5ba1b3a4c29015738c203d92ea39f71ebe2", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "9adde6c4eef082ad05b46124d780f42d6b19b896", - "sum": "y8BjnZprY4KvjPJhLXtTf6MyE6EKFzGjCvxuwc/Ucv8=" + "version": "7120319a5b5c45e8dd2e79f0ad60e2284c6d6f1b", + "sum": "SDq4RWF3EKhMI/+/rZfG75Oh7hcXVmGNZ7kM0D21s6M=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "9adde6c4eef082ad05b46124d780f42d6b19b896", + "version": "7120319a5b5c45e8dd2e79f0ad60e2284c6d6f1b", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "7649bb8d5c1c0a8900e804dbef44c10057fa7c96", + "version": "805d4ff2f5486081757f51bbd6e6d96e54b9148e", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "7649bb8d5c1c0a8900e804dbef44c10057fa7c96", - "sum": "dIYX9ERZvBUcPNcIVwgdWHnc5BDlAlTocAAdyuqu2ig=" + "version": "805d4ff2f5486081757f51bbd6e6d96e54b9148e", + "sum": "J1G++A8hrtr3+OZQMmcNeb1w/C30bXqqwpwHL/Xhsd4=" }, { "source": { @@ -120,8 +120,8 @@ "subdir": "docs/node-mixin" } }, - "version": "4356c09ebd2d6c6056855cbb6bc51f34235ad919", - "sum": "vvgImniWcZVtiU3rEQmeN4DaIktPXNn7u3Zqzdv5bMg=" + "version": "832909dd257eb368cf83363ffcae3ab84cb4bcb1", + "sum": "MmxGhE2PJ1a52mk2x7vDpMT2at4Jglbud/rK74CB5i0=" }, { "source": { @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "79d9480728052d698691f5e18c032c8332c6656e", + "version": "7a8d1894e80038f783a6396312051c7d62d25d35", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 90438154..14bdfdf9 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -4149,7 +4149,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)", "refresh": 2, "regex": "", "sort": 0, @@ -5289,7 +5289,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kube-controller-manager\"}, cluster)", "refresh": 2, "regex": "", "sort": 1, @@ -5315,7 +5315,7 @@ items: "options": [ ], - "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)", + "query": "label_values(up{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)", "refresh": 2, "regex": "", "sort": 1, @@ -8328,7 +8328,7 @@ items: "options": [ ], - "query": "label_values(node_cpu_seconds_total, cluster)", + "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)", "refresh": 2, "regex": "", "sort": 1, @@ -20770,7 +20770,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics\"}, cluster)", "refresh": 2, "regex": "", "sort": 1, @@ -22137,7 +22137,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)", "refresh": 2, "regex": "", "sort": 0, @@ -23830,7 +23830,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)", "refresh": 2, "regex": "", "sort": 0, @@ -28723,7 +28723,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\"}, cluster)", "refresh": 2, "regex": "", "sort": 0, @@ -34059,7 +34059,7 @@ items: "options": [ ], - "query": "label_values(kube_pod_info, cluster)", + "query": "label_values(up{job=\"kube-scheduler\"}, cluster)", "refresh": 2, "regex": "", "sort": 1, diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 0d582add..e24216fa 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -57,7 +57,7 @@ spec: and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 ) - for: 1h + for: 30m labels: severity: warning - alert: NodeFilesystemAlmostOutOfSpace @@ -71,7 +71,7 @@ spec: and node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 ) - for: 1h + for: 30m labels: severity: critical - alert: NodeFilesystemFilesFillingUp diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index d35c3060..726283bf 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -2946,6 +2946,9 @@ spec: remoteTimeout: description: Timeout for requests to the remote write endpoint. type: string + sendExemplars: + description: Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the enableFeature option for exemplars to be scraped in the first place. Only valid in Prometheus versions 2.27.0 and newer. + type: boolean tlsConfig: description: TLS Config to use for remote write. properties: diff --git a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml index e537e2fd..a44c7058 100644 --- a/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusruleCustomResourceDefinition.yaml @@ -8,6 +8,8 @@ metadata: spec: group: monitoring.coreos.com names: + categories: + - prometheus-operator kind: PrometheusRule listKind: PrometheusRuleList plural: prometheusrules From 45adc03cfbf900aaea0b73d7e9ce97c6b2c76cb5 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Tue, 17 Aug 2021 18:00:46 +0200 Subject: [PATCH 369/388] jsonnet: update prometheus-adapter to v0.9.0 Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/main.libsonnet | 2 +- jsonnet/kube-prometheus/versions.json | 2 +- manifests/prometheus-adapter-apiService.yaml | 2 +- manifests/prometheus-adapter-clusterRole.yaml | 2 +- ...ometheus-adapter-clusterRoleAggregatedMetricsReader.yaml | 2 +- manifests/prometheus-adapter-clusterRoleBinding.yaml | 2 +- .../prometheus-adapter-clusterRoleBindingDelegator.yaml | 2 +- .../prometheus-adapter-clusterRoleServerResources.yaml | 2 +- manifests/prometheus-adapter-configMap.yaml | 2 +- manifests/prometheus-adapter-deployment.yaml | 6 +++--- manifests/prometheus-adapter-podDisruptionBudget.yaml | 2 +- manifests/prometheus-adapter-roleBindingAuthReader.yaml | 2 +- manifests/prometheus-adapter-service.yaml | 2 +- manifests/prometheus-adapter-serviceAccount.yaml | 2 +- manifests/prometheus-adapter-serviceMonitor.yaml | 2 +- 15 files changed, 17 insertions(+), 17 deletions(-) diff --git a/jsonnet/kube-prometheus/main.libsonnet b/jsonnet/kube-prometheus/main.libsonnet index 6d2a3995..877619b2 100644 --- a/jsonnet/kube-prometheus/main.libsonnet +++ b/jsonnet/kube-prometheus/main.libsonnet @@ -43,7 +43,7 @@ local utils = import './lib/utils.libsonnet'; kubeStateMetrics: 'k8s.gcr.io/kube-state-metrics/kube-state-metrics:v' + $.values.common.versions.kubeStateMetrics, nodeExporter: 'quay.io/prometheus/node-exporter:v' + $.values.common.versions.nodeExporter, prometheus: 'quay.io/prometheus/prometheus:v' + $.values.common.versions.prometheus, - prometheusAdapter: 'directxman12/k8s-prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, + prometheusAdapter: 'k8s.gcr.io/prometheus-adapter/prometheus-adapter:v' + $.values.common.versions.prometheusAdapter, prometheusOperator: 'quay.io/prometheus-operator/prometheus-operator:v' + $.values.common.versions.prometheusOperator, prometheusOperatorReloader: 'quay.io/prometheus-operator/prometheus-config-reloader:v' + $.values.common.versions.prometheusOperator, kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy:v' + $.values.common.versions.kubeRbacProxy, diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index ded8b862..60946073 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -5,7 +5,7 @@ "kubeStateMetrics": "2.1.1", "nodeExporter": "1.2.2", "prometheus": "2.29.1", - "prometheusAdapter": "0.8.4", + "prometheusAdapter": "0.9.0", "prometheusOperator": "0.49.0", "kubeRbacProxy": "0.11.0", "configmapReload": "0.5.0" diff --git a/manifests/prometheus-adapter-apiService.yaml b/manifests/prometheus-adapter-apiService.yaml index ab5af8fb..ea4476dc 100644 --- a/manifests/prometheus-adapter-apiService.yaml +++ b/manifests/prometheus-adapter-apiService.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io diff --git a/manifests/prometheus-adapter-clusterRole.yaml b/manifests/prometheus-adapter-clusterRole.yaml index d011b3c6..091d9818 100644 --- a/manifests/prometheus-adapter-clusterRole.yaml +++ b/manifests/prometheus-adapter-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter rules: - apiGroups: diff --git a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml index 03e76925..4dc8e7a3 100644 --- a/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml +++ b/manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" diff --git a/manifests/prometheus-adapter-clusterRoleBinding.yaml b/manifests/prometheus-adapter-clusterRoleBinding.yaml index 52c8df93..dc8bfbb1 100644 --- a/manifests/prometheus-adapter-clusterRoleBinding.yaml +++ b/manifests/prometheus-adapter-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml index d77d743e..86e7517d 100644 --- a/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml +++ b/manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: resource-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-adapter-clusterRoleServerResources.yaml b/manifests/prometheus-adapter-clusterRoleServerResources.yaml index f4fb9c38..655efb9b 100644 --- a/manifests/prometheus-adapter-clusterRoleServerResources.yaml +++ b/manifests/prometheus-adapter-clusterRoleServerResources.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: resource-metrics-server-resources rules: - apiGroups: diff --git a/manifests/prometheus-adapter-configMap.yaml b/manifests/prometheus-adapter-configMap.yaml index bd6de899..b5329689 100644 --- a/manifests/prometheus-adapter-configMap.yaml +++ b/manifests/prometheus-adapter-configMap.yaml @@ -64,6 +64,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: adapter-config namespace: monitoring diff --git a/manifests/prometheus-adapter-deployment.yaml b/manifests/prometheus-adapter-deployment.yaml index fa51694d..e6c97afc 100644 --- a/manifests/prometheus-adapter-deployment.yaml +++ b/manifests/prometheus-adapter-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter namespace: monitoring spec: @@ -25,7 +25,7 @@ spec: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 spec: containers: - args: @@ -36,7 +36,7 @@ spec: - --prometheus-url=http://prometheus-k8s.monitoring.svc.cluster.local:9090/ - --secure-port=6443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA - image: directxman12/k8s-prometheus-adapter:v0.8.4 + image: k8s.gcr.io/prometheus-adapter/prometheus-adapter:v0.9.0 name: prometheus-adapter ports: - containerPort: 6443 diff --git a/manifests/prometheus-adapter-podDisruptionBudget.yaml b/manifests/prometheus-adapter-podDisruptionBudget.yaml index cbb4a8a8..639eefd4 100644 --- a/manifests/prometheus-adapter-podDisruptionBudget.yaml +++ b/manifests/prometheus-adapter-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-roleBindingAuthReader.yaml b/manifests/prometheus-adapter-roleBindingAuthReader.yaml index ddc119ef..3bdf4ad9 100644 --- a/manifests/prometheus-adapter-roleBindingAuthReader.yaml +++ b/manifests/prometheus-adapter-roleBindingAuthReader.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: resource-metrics-auth-reader namespace: kube-system roleRef: diff --git a/manifests/prometheus-adapter-service.yaml b/manifests/prometheus-adapter-service.yaml index 7e711d5e..be8c44b6 100644 --- a/manifests/prometheus-adapter-service.yaml +++ b/manifests/prometheus-adapter-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter namespace: monitoring spec: diff --git a/manifests/prometheus-adapter-serviceAccount.yaml b/manifests/prometheus-adapter-serviceAccount.yaml index 74404d5d..2ddbe460 100644 --- a/manifests/prometheus-adapter-serviceAccount.yaml +++ b/manifests/prometheus-adapter-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter namespace: monitoring diff --git a/manifests/prometheus-adapter-serviceMonitor.yaml b/manifests/prometheus-adapter-serviceMonitor.yaml index 5d8bd2c3..a7515852 100644 --- a/manifests/prometheus-adapter-serviceMonitor.yaml +++ b/manifests/prometheus-adapter-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: metrics-adapter app.kubernetes.io/name: prometheus-adapter app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.8.4 + app.kubernetes.io/version: 0.9.0 name: prometheus-adapter namespace: monitoring spec: From 518c37d72dd3f4233969b426e3abbc205a08560b Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 18 Aug 2021 14:04:33 +0200 Subject: [PATCH 370/388] .github: test against Kubernetes 1.22 Signed-off-by: Damien Grisonnet --- .github/workflows/ci.yaml | 5 +++-- README.md | 14 +++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1dae051b..21a47596 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,7 +4,7 @@ on: - pull_request env: golang-version: '1.15' - kind-version: 'v0.11.0' + kind-version: 'v0.11.1' jobs: generate: runs-on: ${{ matrix.os }} @@ -52,8 +52,9 @@ jobs: strategy: matrix: kind-image: - - 'kindest/node:v1.20.0' + - 'kindest/node:v1.20.7' - 'kindest/node:v1.21.1' + - 'kindest/node:v1.22.0' steps: - uses: actions/checkout@v2 with: diff --git a/README.md b/README.md index 425b2d40..328b9295 100644 --- a/README.md +++ b/README.md @@ -106,13 +106,13 @@ $ minikube addons disable metrics-server The following versions are supported and work as we test against these versions in their respective branches. But note that other versions might work! -| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | -|--------------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------| -| [`release-0.5`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✔ | ✗ | ✗ | ✗ | -| [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | -| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | -| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | -| [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✔ | ✔ | +| kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | +|------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------| +| [`release-0.5`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✔ | ✗ | ✗ | ✗ | ✗ | +| [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | ✗ | +| [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | ✗ | +| [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | ✗ | +| [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✔ | ✔ | ✔ | ## Quickstart From b5ec93208bcb044a1d78311e18b9280f4c25a3e2 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 18 Aug 2021 17:25:13 +0200 Subject: [PATCH 371/388] jsonnet: drop deprecated etcd metric Signed-off-by: Damien Grisonnet --- .../addons/dropping-deprecated-metrics-relabelings.libsonnet | 2 +- manifests/kubernetes-serviceMonitorApiserver.yaml | 2 +- manifests/kubernetes-serviceMonitorKubeControllerManager.yaml | 2 +- manifests/kubernetes-serviceMonitorKubelet.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet index 39eba122..374b8601 100644 --- a/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet +++ b/jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet @@ -32,7 +32,7 @@ // Drop all etcd metrics which are deprecated in kubernetes. { sourceLabels: ['__name__'], - regex: 'etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary)', + regex: 'etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|object_counts|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary)', action: 'drop', }, // Drop all transformation metrics which are deprecated in kubernetes. diff --git a/manifests/kubernetes-serviceMonitorApiserver.yaml b/manifests/kubernetes-serviceMonitorApiserver.yaml index 58ba773b..cce20bf7 100644 --- a/manifests/kubernetes-serviceMonitorApiserver.yaml +++ b/manifests/kubernetes-serviceMonitorApiserver.yaml @@ -31,7 +31,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) + regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|object_counts|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) sourceLabels: - __name__ - action: drop diff --git a/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml index dadc9a26..4aab7701 100644 --- a/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml +++ b/manifests/kubernetes-serviceMonitorKubeControllerManager.yaml @@ -31,7 +31,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) + regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|object_counts|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) sourceLabels: - __name__ - action: drop diff --git a/manifests/kubernetes-serviceMonitorKubelet.yaml b/manifests/kubernetes-serviceMonitorKubelet.yaml index ea050274..5c6fc6ff 100644 --- a/manifests/kubernetes-serviceMonitorKubelet.yaml +++ b/manifests/kubernetes-serviceMonitorKubelet.yaml @@ -32,7 +32,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) + regex: etcd_(helper_cache_hit_count|helper_cache_miss_count|helper_cache_entry_count|object_counts|request_cache_get_latencies_summary|request_cache_add_latencies_summary|request_latencies_summary) sourceLabels: - __name__ - action: drop From da359546283a63f13a0946baa9e86ac7cbebbd15 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 18 Aug 2021 17:53:40 +0200 Subject: [PATCH 372/388] .github: drop support for 1.20 on main According to our policy, main branch of kube-prometheus should support the 2 latest versions of Kubernetes. These changes update the tests and the compatibility matrix to reflect that. Signed-off-by: Damien Grisonnet --- .github/workflows/ci.yaml | 1 - README.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 21a47596..e4b5c79e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -52,7 +52,6 @@ jobs: strategy: matrix: kind-image: - - 'kindest/node:v1.20.7' - 'kindest/node:v1.21.1' - 'kindest/node:v1.22.0' steps: diff --git a/README.md b/README.md index 328b9295..2eb2ccfb 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ The following versions are supported and work as we test against these versions | [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | ✗ | | [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | ✗ | | [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | ✗ | -| [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✔ | ✔ | ✔ | +| [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✗ | ✔ | ✔ | ## Quickstart From eca67844afd086019790a8a9dc82a100e2dea230 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Wed, 18 Aug 2021 23:26:08 +0200 Subject: [PATCH 373/388] jsonnet: pin and update jsonnet depdencies Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/jsonnetfile.json | 20 ++++++++++---------- jsonnetfile.lock.json | 24 ++++++++++++------------ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 232ef3f1..477d6171 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -17,7 +17,7 @@ "subdir": "contrib/mixin" } }, - "version": "main" + "version": "release-3.5" }, { "source": { @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "master" + "version": "release-0.50" }, { "source": { @@ -35,7 +35,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "master", + "version": "release-0.50", "name": "prometheus-operator-mixin" }, { @@ -45,7 +45,7 @@ "subdir": "" } }, - "version": "master" + "version": "release-0.9" }, { "source": { @@ -54,7 +54,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "master" + "version": "release-2.1" }, { "source": { @@ -63,7 +63,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "master" + "version": "release-2.1" }, { "source": { @@ -72,7 +72,7 @@ "subdir": "docs/node-mixin" } }, - "version": "master" + "version": "832909dd257eb368cf83363ffcae3ab84cb4bcb1" }, { "source": { @@ -81,7 +81,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "main", + "version": "751ca03faddc9c64089c41d0da370a3a0b477742", "name": "prometheus" }, { @@ -91,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "main", + "version": "b408b522bc653d014e53035e59fa394cc1edd762", "name": "alertmanager" }, { @@ -101,7 +101,7 @@ "subdir": "mixin" } }, - "version": "main", + "version": "release-0.22", "name": "thanos-mixin" } ], diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 940c9c4e..01a86cf0 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "ab9563dc8e4d84d06080c765f9c6c0d50313f794", - "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" + "version": "2fe94b19d38237e9eff025e5eeaddde371973b01", + "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { "source": { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "7120319a5b5c45e8dd2e79f0ad60e2284c6d6f1b", - "sum": "SDq4RWF3EKhMI/+/rZfG75Oh7hcXVmGNZ7kM0D21s6M=" + "version": "1163ea85e45e1f7edf6d4f83758d44c6fef1f2fa", + "sum": "4H2pzHd6A47rQIZcQ3B0o+nFMeNgLE9dGYJv7ZP7m2s=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "7120319a5b5c45e8dd2e79f0ad60e2284c6d6f1b", + "version": "1163ea85e45e1f7edf6d4f83758d44c6fef1f2fa", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "16e8f54c9e7f9f4b4ad73002e03e9d0dcee5b1ce", + "version": "d60e6f7ba1719045edc0f60857faadeb87280421", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "16e8f54c9e7f9f4b4ad73002e03e9d0dcee5b1ce", + "version": "d60e6f7ba1719045edc0f60857faadeb87280421", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "805d4ff2f5486081757f51bbd6e6d96e54b9148e", + "version": "83fe36566f4e0894eb5ffcd2638a0f039a17bdeb", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,7 +99,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "805d4ff2f5486081757f51bbd6e6d96e54b9148e", + "version": "83fe36566f4e0894eb5ffcd2638a0f039a17bdeb", "sum": "J1G++A8hrtr3+OZQMmcNeb1w/C30bXqqwpwHL/Xhsd4=" }, { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "ff85bec45bdce3d296a229adb47e7d29415f8a05", + "version": "b408b522bc653d014e53035e59fa394cc1edd762", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "bb05485c79084fecd3602eceafca3d554ab88987", + "version": "751ca03faddc9c64089c41d0da370a3a0b477742", "sum": "AS8WYFi/z10BZSF6DFkKBscjB32XDMM7iIso7CO/FyI=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "7a8d1894e80038f783a6396312051c7d62d25d35", + "version": "ff363498fc95cfe17de894d7237bcf38bdd0bc36", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, From 8587958cf0b70491a9a3756d2837dce7e4c6e6ff Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Thu, 19 Aug 2021 08:22:03 +0200 Subject: [PATCH 374/388] Update compatibility matrix with release-0.9 Signed-off-by: Damien Grisonnet --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2eb2ccfb..a130aaca 100644 --- a/README.md +++ b/README.md @@ -108,15 +108,15 @@ The following versions are supported and work as we test against these versions | kube-prometheus stack | Kubernetes 1.18 | Kubernetes 1.19 | Kubernetes 1.20 | Kubernetes 1.21 | Kubernetes 1.22 | |------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------| -| [`release-0.5`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.5) | ✔ | ✗ | ✗ | ✗ | ✗ | | [`release-0.6`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.6) | ✗ | ✔ | ✗ | ✗ | ✗ | | [`release-0.7`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.7) | ✗ | ✔ | ✔ | ✗ | ✗ | | [`release-0.8`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.8) | ✗ | ✗ | ✔ | ✔ | ✗ | +| [`release-0.9`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.9) | ✗ | ✗ | ✗ | ✔ | ✔ | | [`HEAD`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | ✗ | ✗ | ✗ | ✔ | ✔ | ## Quickstart ->Note: For versions before Kubernetes v1.20.z refer to the [Kubernetes compatibility matrix](#kubernetes-compatibility-matrix) in order to choose a compatible branch. +>Note: For versions before Kubernetes v1.21.z refer to the [Kubernetes compatibility matrix](#kubernetes-compatibility-matrix) in order to choose a compatible branch. This project is intended to be used as a library (i.e. the intent is not for you to create your own modified copy of this repository). From 4cfbfae0713df9c757ecdc52c8cc353ecb4c58ac Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Thu, 19 Aug 2021 09:12:00 +0200 Subject: [PATCH 375/388] Add release-0.9 CHANGELOG Signed-off-by: Damien Grisonnet --- CHANGELOG.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..db7a1140 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,44 @@ +## release-0.9 / 2021-08-19 + +* [CHANGE] Test against Kubernetes 1.21 and 1,22. #1161 #1337 +* [CHANGE] Drop cAdvisor metrics without (pod, namespace) label pairs. #1250 +* [CHANGE] Excluded deprecated `etcd_object_counts` metric. #1337 +* [FEATURE] Add PodDisruptionBudget to prometheus-adapter. #1136 +* [FEATURE] Add support for feature flags in Prometheus. #1129 +* [FEATURE] Add env parameter for grafana component. #1171 +* [FEATURE] Add gitpod deployment of kube-prometheus on k3s. #1211 +* [FEATURE] Add resource requests and limits to prometheus-adapter container. #1282 +* [FEATURE] Add PodMonitor for kube-proxy. #1230 +* [FEATURE] Turn AWS VPC CNI into a control plane add-on. #1307 +* [ENHANCEMENT] Export anti-affinity addon. #1114 +* [ENHANCEMENT] Allow changing configmap-reloader, grafana, and kube-rbac-proxy images in $.values.common.images. #1123 #1124 #1125 +* [ENHANCEMENT] Add automated version upgrader. #1166 +* [ENHANCEMENT] Improve all-namespace addon. #1131 +* [ENHANCEMENT] Add example of running without grafana deployment. #1201 +* [ENHANCEMENT] Import managed-cluster addon for the EKS platform. #1205 +* [ENHANCEMENT] Automatically update jsonnet dependencies. #1220 +* [ENHANCEMENT] Adapt kube-prometheus to changes to ovn veth interfaces names. #1224 +* [ENHANCEMENT] Add example release-0.3 to release-0.8 migration to docs. #1235 +* [ENHANCEMENT] Consolidate intervals used in prometheus-adapter CPU queries. #1231 +* [ENHANCEMENT] Create dashboardDefinitions if rawDashboards or folderDashboards are specified. #1255 +* [ENHANCEMENT] Relabel instance with node name for CNI DaemonSet on EKS. #1259 +* [ENHANCEMENT] Update doc on Prometheus rule updates since release 0.8. #1253 +* [ENHANCEMENT] Point runbooks to https://runbooks.prometheus-operator.dev. #1267 +* [ENHANCEMENT] Allow setting of kubeRbacProxyMainResources in kube-state-metrics. #1257 +* [ENHANCEMENT] Automate release branch updates. #1293 #1303 +* [ENHANCEMENT] Create Thanos Sidecar rules separately from Prometheus ones. #1308 +* [ENHANCEMENT] Allow using newer jsonnet-bundler dependency resolution when using windows addon. #1310 +* [ENHANCEMENT] Prometheus ruleSelector defaults to all rules. +* [BUGFIX] Fix kube-state-metrics metric denylist regex pattern. #1146 +* [BUGFIX] Fix missing resource config in blackbox exporter. #1148 +* [BUGFIX] Fix adding private repository. #1169 +* [BUGFIX] Fix kops selectors for scheduler, controllerManager and kube-dns. #1164 +* [BUGFIX] Fix scheduler and controller selectors for Kubespray. #1142 +* [BUGFIX] Fix label selector for coredns ServiceMonitor. #1200 +* [BUGFIX] Fix name for blackbox-exporter PodSecurityPolicy. #1213 +* [BUGFIX] Fix ingress path rules for networking.k8s.io/v1. #1212 +* [BUGFIX] Disable insecure cypher suites for prometheus-adapter. #1216 +* [BUGFIX] Fix CNI metrics relabelings on EKS. #1277 +* [BUGFIX] Fix node-exporter ignore list for OVN. #1283 +* [BUGFIX] Revert back to awscni_total_ip_addresses-based alert on EKS. #1292 +* [BUGFIX] Allow passing `thanos: {}` to prometheus configuration. #1325 From 9ef6dff1671416fd6036d5f0fac94b63f68b3d7f Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Fri, 20 Aug 2021 13:49:12 +0200 Subject: [PATCH 376/388] jsonnet: unpin dependencies Signed-off-by: Damien Grisonnet --- jsonnet/kube-prometheus/jsonnetfile.json | 20 ++++++++++---------- jsonnetfile.lock.json | 22 +++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json index 477d6171..232ef3f1 100644 --- a/jsonnet/kube-prometheus/jsonnetfile.json +++ b/jsonnet/kube-prometheus/jsonnetfile.json @@ -17,7 +17,7 @@ "subdir": "contrib/mixin" } }, - "version": "release-3.5" + "version": "main" }, { "source": { @@ -26,7 +26,7 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "release-0.50" + "version": "master" }, { "source": { @@ -35,7 +35,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "release-0.50", + "version": "master", "name": "prometheus-operator-mixin" }, { @@ -45,7 +45,7 @@ "subdir": "" } }, - "version": "release-0.9" + "version": "master" }, { "source": { @@ -54,7 +54,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "release-2.1" + "version": "master" }, { "source": { @@ -63,7 +63,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "release-2.1" + "version": "master" }, { "source": { @@ -72,7 +72,7 @@ "subdir": "docs/node-mixin" } }, - "version": "832909dd257eb368cf83363ffcae3ab84cb4bcb1" + "version": "master" }, { "source": { @@ -81,7 +81,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "751ca03faddc9c64089c41d0da370a3a0b477742", + "version": "main", "name": "prometheus" }, { @@ -91,7 +91,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "b408b522bc653d014e53035e59fa394cc1edd762", + "version": "main", "name": "alertmanager" }, { @@ -101,7 +101,7 @@ "subdir": "mixin" } }, - "version": "release-0.22", + "version": "main", "name": "thanos-mixin" } ], diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 01a86cf0..6ef412f1 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "2fe94b19d38237e9eff025e5eeaddde371973b01", - "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" + "version": "ab9563dc8e4d84d06080c765f9c6c0d50313f794", + "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { "source": { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "1163ea85e45e1f7edf6d4f83758d44c6fef1f2fa", - "sum": "4H2pzHd6A47rQIZcQ3B0o+nFMeNgLE9dGYJv7ZP7m2s=" + "version": "bc5fd5d5bc191a9549d30d0bd0f7482a9de2d1c1", + "sum": "pQ3h8l3P60dZd+DmqQCrWk0y1QTPKvG/Z1xwRwX3r6I=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "1163ea85e45e1f7edf6d4f83758d44c6fef1f2fa", + "version": "bc5fd5d5bc191a9549d30d0bd0f7482a9de2d1c1", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "d60e6f7ba1719045edc0f60857faadeb87280421", + "version": "3193891ee442ee9552745d054c8d0140295431f3", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "d60e6f7ba1719045edc0f60857faadeb87280421", + "version": "3193891ee442ee9552745d054c8d0140295431f3", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "b408b522bc653d014e53035e59fa394cc1edd762", + "version": "ff85bec45bdce3d296a229adb47e7d29415f8a05", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,7 +120,7 @@ "subdir": "docs/node-mixin" } }, - "version": "832909dd257eb368cf83363ffcae3ab84cb4bcb1", + "version": "b6215e649cdfc0398ca98df8e63f3773f1725840", "sum": "MmxGhE2PJ1a52mk2x7vDpMT2at4Jglbud/rK74CB5i0=" }, { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "751ca03faddc9c64089c41d0da370a3a0b477742", + "version": "54dfee02b29180bd5353b1ba843ef600f802366c", "sum": "AS8WYFi/z10BZSF6DFkKBscjB32XDMM7iIso7CO/FyI=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "ff363498fc95cfe17de894d7237bcf38bdd0bc36", + "version": "da8095daab0776faa1266827278284b7a379b4bf", "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", "name": "thanos-mixin" }, From 27aa7afe0783214ae4256a81bd4b86201b9e9e67 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Fri, 20 Aug 2021 13:49:35 +0200 Subject: [PATCH 377/388] .github: add automated updates of release-0.9 Signed-off-by: Damien Grisonnet --- .github/workflows/versions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/versions.yaml b/.github/workflows/versions.yaml index 5807f5e1..0230d441 100644 --- a/.github/workflows/versions.yaml +++ b/.github/workflows/versions.yaml @@ -10,10 +10,10 @@ jobs: strategy: matrix: branch: - - 'release-0.5' - 'release-0.6' - 'release-0.7' - 'release-0.8' + - 'release-0.9' - 'main' steps: - uses: actions/checkout@v2 From 46ba787a94c4d9191574e689999fa034a7f0ee74 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Fri, 20 Aug 2021 13:52:12 +0200 Subject: [PATCH 378/388] manifests: regenerate Signed-off-by: Damien Grisonnet --- manifests/kubernetes-prometheusRule.yaml | 36 ++++++++++++++++-------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index a7f1f9c9..cffd5dc5 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -1042,28 +1042,40 @@ spec: labels: verb: write record: code:apiserver_request_total:increase30d + - expr: | + sum by (cluster, verb, scope) (increase(apiserver_request_duration_seconds_count[1h])) + record: cluster_verb_scope:apiserver_request_duration_seconds_count:increase1h + - expr: | + sum by (cluster, verb, scope) (avg_over_time(cluster_verb_scope:apiserver_request_duration_seconds_count:increase1h[30d]) * 24 * 30) + record: cluster_verb_scope:apiserver_request_duration_seconds_count:increase30d + - expr: | + sum by (cluster, verb, scope, le) (increase(apiserver_request_duration_seconds_bucket[1h])) + record: cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase1h + - expr: | + sum by (cluster, verb, scope, le) (avg_over_time(cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase1h[30d]) * 24 * 30) + record: cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d - expr: | 1 - ( ( # write too slow - sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + sum by (cluster) (cluster_verb_scope:apiserver_request_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le="1"}) ) + ( # read too slow - sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) + sum by (cluster) (cluster_verb_scope:apiserver_request_duration_seconds_count:increase30d{verb=~"LIST|GET"}) - ( ( - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="1"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le="1"}) or vector(0) ) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="5"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le="5"}) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="40"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le="40"}) ) ) + # errors @@ -1076,19 +1088,19 @@ spec: record: apiserver_request:availability30d - expr: | 1 - ( - sum by (cluster) (increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) + sum by (cluster) (cluster_verb_scope:apiserver_request_duration_seconds_count:increase30d{verb=~"LIST|GET"}) - ( # too slow ( - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le="1"}) or vector(0) ) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le="5"}) + - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le="40"}) ) + # errors @@ -1103,9 +1115,9 @@ spec: 1 - ( ( # too slow - sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + sum by (cluster) (cluster_verb_scope:apiserver_request_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - - sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + sum by (cluster) (cluster_verb_scope_le:apiserver_request_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le="1"}) ) + # errors From eb52023db2f6fa2dcd86519b40accf1d9c04c8ad Mon Sep 17 00:00:00 2001 From: simonpasquier Date: Wed, 25 Aug 2021 09:37:24 +0000 Subject: [PATCH 379/388] [bot] [main] Automated version update --- jsonnet/kube-prometheus/versions.json | 6 +-- jsonnetfile.lock.json | 26 +++++------ manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 +++++++++---------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 10 ++-- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- manifests/kube-state-metrics-clusterRole.yaml | 2 +- ...kube-state-metrics-clusterRoleBinding.yaml | 2 +- manifests/kube-state-metrics-deployment.yaml | 6 +-- .../kube-state-metrics-prometheusRule.yaml | 2 +- manifests/kube-state-metrics-service.yaml | 2 +- .../kube-state-metrics-serviceAccount.yaml | 2 +- .../kube-state-metrics-serviceMonitor.yaml | 2 +- manifests/kubernetes-prometheusRule.yaml | 2 +- .../prometheus-operator-prometheusRule.yaml | 2 +- .../prometheus-operator-serviceMonitor.yaml | 4 +- .../prometheus-operator-clusterRole.yaml | 2 +- ...rometheus-operator-clusterRoleBinding.yaml | 2 +- .../setup/prometheus-operator-deployment.yaml | 8 ++-- .../setup/prometheus-operator-service.yaml | 2 +- .../prometheus-operator-serviceAccount.yaml | 2 +- 23 files changed, 69 insertions(+), 69 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 60946073..9aca2d33 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,12 +1,12 @@ { "alertmanager": "0.22.2", "blackboxExporter": "0.19.0", - "grafana": "8.1.1", - "kubeStateMetrics": "2.1.1", + "grafana": "8.1.2", + "kubeStateMetrics": "2.2.0", "nodeExporter": "1.2.2", "prometheus": "2.29.1", "prometheusAdapter": "0.9.0", - "prometheusOperator": "0.49.0", + "prometheusOperator": "0.50.0", "kubeRbacProxy": "0.11.0", "configmapReload": "0.5.0" } diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 6ef412f1..bc50873f 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "8ea4e7bc04b1bf5e9bd99918ca28c6271b42be0e", - "sum": "muenICtKXABk6MZZHCZD2wCbmtiE96GwWRMGa1Rg+wA=" + "version": "90f38916f1f8a310a715d18e36f787f84df4ddf5", + "sum": "0kZ1pnuIirDtbg6F9at5+NQOwKNONIGEPq0eECzvRkI=" }, { "source": { @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "ab9563dc8e4d84d06080c765f9c6c0d50313f794", + "version": "6a32bbad756b656da23af007ac4a0256b3dab7b5", "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "0d13e5ba1b3a4c29015738c203d92ea39f71ebe2", + "version": "ac31371db5008f92b054751dfc4f7ece6526250f", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "bc5fd5d5bc191a9549d30d0bd0f7482a9de2d1c1", - "sum": "pQ3h8l3P60dZd+DmqQCrWk0y1QTPKvG/Z1xwRwX3r6I=" + "version": "2b27a09a667091cef74776b690ccceaf55995e29", + "sum": "j2jPdrcM3iuaUK+6V9jWn2M3Fapr0KtI8FZ1KQoHIGA=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "bc5fd5d5bc191a9549d30d0bd0f7482a9de2d1c1", + "version": "2b27a09a667091cef74776b690ccceaf55995e29", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "3193891ee442ee9552745d054c8d0140295431f3", + "version": "a465b976c63ec4ef25ffb6426d10c7d595c51877", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "3193891ee442ee9552745d054c8d0140295431f3", + "version": "a465b976c63ec4ef25ffb6426d10c7d595c51877", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "ff85bec45bdce3d296a229adb47e7d29415f8a05", + "version": "d6e758ad3792ce6a78032f6d2ae706f367422e35", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "54dfee02b29180bd5353b1ba843ef600f802366c", + "version": "4323aa00a7019c356491c76ed00264c18b721456", "sum": "AS8WYFi/z10BZSF6DFkKBscjB32XDMM7iIso7CO/FyI=", "name": "prometheus" }, @@ -141,8 +141,8 @@ "subdir": "mixin" } }, - "version": "da8095daab0776faa1266827278284b7a379b4bf", - "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", + "version": "8b4c3c90343541b28a6ab6686c6239f0e72ea783", + "sum": "4yPiwx8421KpQO0XsssDCsPx2JjlQLHkchJjXt5Ci9c=", "name": "thanos-mixin" }, { diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 99929952..349c82c1 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-datasources namespace: monitoring type: Opaque diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 14bdfdf9..58915037 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -20850,7 +20850,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22303,7 +22303,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24028,7 +24028,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -25080,7 +25080,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26158,7 +26158,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -27138,7 +27138,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27704,7 +27704,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -28921,7 +28921,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30580,7 +30580,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31804,7 +31804,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -33050,7 +33050,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -34139,7 +34139,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35566,7 +35566,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index ff6b0951..683440ce 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -21,6 +21,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index df081324..7d5ebb85 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana namespace: monitoring spec: @@ -18,16 +18,16 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: fbf9c3b28f5667257167c2cec0ac311a + checksum/grafana-datasources: eb633dbe89057f52cf1243153e640b1d labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 spec: containers: - env: [] - image: grafana/grafana:8.1.1 + image: grafana/grafana:8.1.2 name: grafana ports: - containerPort: 3000 @@ -123,7 +123,7 @@ spec: name: grafana-dashboard-workload-total readOnly: false nodeSelector: - beta.kubernetes.io/os: linux + kubernetes.io/os: linux securityContext: fsGroup: 65534 runAsNonRoot: true diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index 7df441f6..ed55f96f 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index 226462e5..c2d3d991 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.1 + app.kubernetes.io/version: 8.1.2 name: grafana namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml index 698fdb34..9b7d81f1 100644 --- a/manifests/kube-state-metrics-clusterRole.yaml +++ b/manifests/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 name: kube-state-metrics rules: - apiGroups: diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml index db2af90f..43243f70 100644 --- a/manifests/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml index 6222ef96..caf97030 100644 --- a/manifests/kube-state-metrics-deployment.yaml +++ b/manifests/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 name: kube-state-metrics namespace: monitoring spec: @@ -23,7 +23,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 spec: containers: - args: @@ -31,7 +31,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.1.1 + image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.2.0 name: kube-state-metrics resources: limits: diff --git a/manifests/kube-state-metrics-prometheusRule.yaml b/manifests/kube-state-metrics-prometheusRule.yaml index 2f50e5f8..f90f6343 100644 --- a/manifests/kube-state-metrics-prometheusRule.yaml +++ b/manifests/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 prometheus: k8s role: alert-rules name: kube-state-metrics-rules diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml index 36aa48a2..80bf3bdf 100644 --- a/manifests/kube-state-metrics-service.yaml +++ b/manifests/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml index 1ab732ea..248654d0 100644 --- a/manifests/kube-state-metrics-serviceAccount.yaml +++ b/manifests/kube-state-metrics-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 name: kube-state-metrics namespace: monitoring diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml index 148ecefe..052e6b22 100644 --- a/manifests/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.1.1 + app.kubernetes.io/version: 2.2.0 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/kubernetes-prometheusRule.yaml b/manifests/kubernetes-prometheusRule.yaml index cffd5dc5..82a67f1a 100644 --- a/manifests/kubernetes-prometheusRule.yaml +++ b/manifests/kubernetes-prometheusRule.yaml @@ -573,7 +573,7 @@ spec: ) > 0.95 for: 15m labels: - severity: warning + severity: info - alert: KubeNodeReadinessFlapping annotations: description: The readiness status of node {{ $labels.node }} has changed {{ $value }} times in the last 15 minutes. diff --git a/manifests/prometheus-operator-prometheusRule.yaml b/manifests/prometheus-operator-prometheusRule.yaml index 3d462c51..4921fe68 100644 --- a/manifests/prometheus-operator-prometheusRule.yaml +++ b/manifests/prometheus-operator-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 prometheus: k8s role: alert-rules name: prometheus-operator-rules diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml index ad3acad5..dddeb0ac 100644 --- a/manifests/prometheus-operator-serviceMonitor.yaml +++ b/manifests/prometheus-operator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml index 5b9d33e3..5eea2738 100644 --- a/manifests/setup/prometheus-operator-clusterRole.yaml +++ b/manifests/setup/prometheus-operator-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 name: prometheus-operator rules: - apiGroups: diff --git a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml index 2c2953a9..3ce2b874 100644 --- a/manifests/setup/prometheus-operator-clusterRoleBinding.yaml +++ b/manifests/setup/prometheus-operator-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 name: prometheus-operator roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml index a8944ba2..b832acb8 100644 --- a/manifests/setup/prometheus-operator-deployment.yaml +++ b/manifests/setup/prometheus-operator-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 name: prometheus-operator namespace: monitoring spec: @@ -23,13 +23,13 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 spec: containers: - args: - --kubelet-service=kube-system/kubelet - - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.49.0 - image: quay.io/prometheus-operator/prometheus-operator:v0.49.0 + - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.50.0 + image: quay.io/prometheus-operator/prometheus-operator:v0.50.0 name: prometheus-operator ports: - containerPort: 8080 diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml index 7d6d0368..a8161b08 100644 --- a/manifests/setup/prometheus-operator-service.yaml +++ b/manifests/setup/prometheus-operator-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 name: prometheus-operator namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-serviceAccount.yaml b/manifests/setup/prometheus-operator-serviceAccount.yaml index 282aad67..9acb906d 100644 --- a/manifests/setup/prometheus-operator-serviceAccount.yaml +++ b/manifests/setup/prometheus-operator-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.49.0 + app.kubernetes.io/version: 0.50.0 name: prometheus-operator namespace: monitoring From a1c6a4e21d142b339974b0c5611fd556efe9c4f3 Mon Sep 17 00:00:00 2001 From: dgrisonnet Date: Mon, 30 Aug 2021 07:39:09 +0000 Subject: [PATCH 380/388] [bot] [main] Automated version update --- jsonnet/kube-prometheus/versions.json | 4 +-- jsonnetfile.lock.json | 18 +++++------ manifests/alertmanager-alertmanager.yaml | 8 ++--- .../alertmanager-podDisruptionBudget.yaml | 2 +- manifests/alertmanager-prometheusRule.yaml | 2 +- manifests/alertmanager-secret.yaml | 2 +- manifests/alertmanager-service.yaml | 2 +- manifests/alertmanager-serviceAccount.yaml | 2 +- manifests/alertmanager-serviceMonitor.yaml | 2 +- manifests/prometheus-clusterRole.yaml | 2 +- manifests/prometheus-clusterRoleBinding.yaml | 2 +- manifests/prometheus-podDisruptionBudget.yaml | 2 +- manifests/prometheus-prometheus.yaml | 8 ++--- manifests/prometheus-prometheusRule.yaml | 2 +- manifests/prometheus-roleBindingConfig.yaml | 2 +- ...metheus-roleBindingSpecificNamespaces.yaml | 6 ++-- manifests/prometheus-roleConfig.yaml | 2 +- .../prometheus-roleSpecificNamespaces.yaml | 6 ++-- manifests/prometheus-service.yaml | 2 +- manifests/prometheus-serviceAccount.yaml | 2 +- manifests/prometheus-serviceMonitor.yaml | 2 +- ...erator-0probeCustomResourceDefinition.yaml | 31 +++++++++++++++++++ 22 files changed, 71 insertions(+), 40 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index 9aca2d33..c9209499 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,10 +1,10 @@ { - "alertmanager": "0.22.2", + "alertmanager": "0.23.0", "blackboxExporter": "0.19.0", "grafana": "8.1.2", "kubeStateMetrics": "2.2.0", "nodeExporter": "1.2.2", - "prometheus": "2.29.1", + "prometheus": "2.29.2", "prometheusAdapter": "0.9.0", "prometheusOperator": "0.50.0", "kubeRbacProxy": "0.11.0", diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index bc50873f..2d3bc413 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "6a32bbad756b656da23af007ac4a0256b3dab7b5", + "version": "ef81030105b5519b49de6d13218c32532d932db6", "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "ac31371db5008f92b054751dfc4f7ece6526250f", + "version": "ff22d1d6698573e7cb76228198edfa2b2f632dcc", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "83fe36566f4e0894eb5ffcd2638a0f039a17bdeb", + "version": "07fcff9170ceffe82fd1336e518a51710d2994c4", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "83fe36566f4e0894eb5ffcd2638a0f039a17bdeb", - "sum": "J1G++A8hrtr3+OZQMmcNeb1w/C30bXqqwpwHL/Xhsd4=" + "version": "07fcff9170ceffe82fd1336e518a51710d2994c4", + "sum": "8sW09DSYBOS3RCvnBtC850sujaFNwoJoclW4AQxUw9Q=" }, { "source": { @@ -130,8 +130,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "4323aa00a7019c356491c76ed00264c18b721456", - "sum": "AS8WYFi/z10BZSF6DFkKBscjB32XDMM7iIso7CO/FyI=", + "version": "a2665a9f7384cd34052ede077c036c27fa9a8ce5", + "sum": "m4VHwft4fUcxzL4+52lLZG/V5aH5ZEdjaweb88vISL0=", "name": "prometheus" }, { @@ -141,8 +141,8 @@ "subdir": "mixin" } }, - "version": "8b4c3c90343541b28a6ab6686c6239f0e72ea783", - "sum": "4yPiwx8421KpQO0XsssDCsPx2JjlQLHkchJjXt5Ci9c=", + "version": "fdfc0776d0c3544a29e1bad5cc49ef971c5b73ef", + "sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=", "name": "thanos-mixin" }, { diff --git a/manifests/alertmanager-alertmanager.yaml b/manifests/alertmanager-alertmanager.yaml index b7f660c9..42bed1e1 100644 --- a/manifests/alertmanager-alertmanager.yaml +++ b/manifests/alertmanager-alertmanager.yaml @@ -6,11 +6,11 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 name: main namespace: monitoring spec: - image: quay.io/prometheus/alertmanager:v0.22.2 + image: quay.io/prometheus/alertmanager:v0.23.0 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -18,7 +18,7 @@ spec: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 replicas: 3 resources: limits: @@ -32,4 +32,4 @@ spec: runAsNonRoot: true runAsUser: 1000 serviceAccountName: alertmanager-main - version: 0.22.2 + version: 0.23.0 diff --git a/manifests/alertmanager-podDisruptionBudget.yaml b/manifests/alertmanager-podDisruptionBudget.yaml index 4454aba3..b55b7cdb 100644 --- a/manifests/alertmanager-podDisruptionBudget.yaml +++ b/manifests/alertmanager-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 name: alertmanager-main namespace: monitoring spec: diff --git a/manifests/alertmanager-prometheusRule.yaml b/manifests/alertmanager-prometheusRule.yaml index a7fd4cc3..9f749c99 100644 --- a/manifests/alertmanager-prometheusRule.yaml +++ b/manifests/alertmanager-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 prometheus: k8s role: alert-rules name: alertmanager-main-rules diff --git a/manifests/alertmanager-secret.yaml b/manifests/alertmanager-secret.yaml index 0248756a..f265e096 100644 --- a/manifests/alertmanager-secret.yaml +++ b/manifests/alertmanager-secret.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 name: alertmanager-main namespace: monitoring stringData: diff --git a/manifests/alertmanager-service.yaml b/manifests/alertmanager-service.yaml index 733ab5e0..f3f6cf71 100644 --- a/manifests/alertmanager-service.yaml +++ b/manifests/alertmanager-service.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 name: alertmanager-main namespace: monitoring spec: diff --git a/manifests/alertmanager-serviceAccount.yaml b/manifests/alertmanager-serviceAccount.yaml index 07cccc9f..ba806b50 100644 --- a/manifests/alertmanager-serviceAccount.yaml +++ b/manifests/alertmanager-serviceAccount.yaml @@ -6,6 +6,6 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 name: alertmanager-main namespace: monitoring diff --git a/manifests/alertmanager-serviceMonitor.yaml b/manifests/alertmanager-serviceMonitor.yaml index c889ae86..070ef530 100644 --- a/manifests/alertmanager-serviceMonitor.yaml +++ b/manifests/alertmanager-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.22.2 + app.kubernetes.io/version: 0.23.0 name: alertmanager namespace: monitoring spec: diff --git a/manifests/prometheus-clusterRole.yaml b/manifests/prometheus-clusterRole.yaml index b878982a..8fac941b 100644 --- a/manifests/prometheus-clusterRole.yaml +++ b/manifests/prometheus-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s rules: - apiGroups: diff --git a/manifests/prometheus-clusterRoleBinding.yaml b/manifests/prometheus-clusterRoleBinding.yaml index a1096b61..cafde390 100644 --- a/manifests/prometheus-clusterRoleBinding.yaml +++ b/manifests/prometheus-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/prometheus-podDisruptionBudget.yaml b/manifests/prometheus-podDisruptionBudget.yaml index 65303f88..f7adef54 100644 --- a/manifests/prometheus-podDisruptionBudget.yaml +++ b/manifests/prometheus-podDisruptionBudget.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/prometheus-prometheus.yaml b/manifests/prometheus-prometheus.yaml index cc9b674b..8731891f 100644 --- a/manifests/prometheus-prometheus.yaml +++ b/manifests/prometheus-prometheus.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 prometheus: k8s name: k8s namespace: monitoring @@ -18,7 +18,7 @@ spec: port: web enableFeatures: [] externalLabels: {} - image: quay.io/prometheus/prometheus:v2.29.1 + image: quay.io/prometheus/prometheus:v2.29.2 nodeSelector: kubernetes.io/os: linux podMetadata: @@ -26,7 +26,7 @@ spec: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -44,4 +44,4 @@ spec: serviceAccountName: prometheus-k8s serviceMonitorNamespaceSelector: {} serviceMonitorSelector: {} - version: 2.29.1 + version: 2.29.2 diff --git a/manifests/prometheus-prometheusRule.yaml b/manifests/prometheus-prometheusRule.yaml index ae5078b8..c15e8c13 100644 --- a/manifests/prometheus-prometheusRule.yaml +++ b/manifests/prometheus-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 prometheus: k8s role: alert-rules name: prometheus-k8s-prometheus-rules diff --git a/manifests/prometheus-roleBindingConfig.yaml b/manifests/prometheus-roleBindingConfig.yaml index a0340332..ca17d7eb 100644 --- a/manifests/prometheus-roleBindingConfig.yaml +++ b/manifests/prometheus-roleBindingConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s-config namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleBindingSpecificNamespaces.yaml b/manifests/prometheus-roleBindingSpecificNamespaces.yaml index 78e3ebe2..33309a20 100644 --- a/manifests/prometheus-roleBindingSpecificNamespaces.yaml +++ b/manifests/prometheus-roleBindingSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: default roleRef: @@ -25,7 +25,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: kube-system roleRef: @@ -43,7 +43,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: monitoring roleRef: diff --git a/manifests/prometheus-roleConfig.yaml b/manifests/prometheus-roleConfig.yaml index c2f1870d..0f7129cb 100644 --- a/manifests/prometheus-roleConfig.yaml +++ b/manifests/prometheus-roleConfig.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s-config namespace: monitoring rules: diff --git a/manifests/prometheus-roleSpecificNamespaces.yaml b/manifests/prometheus-roleSpecificNamespaces.yaml index 53f6e44e..ffe15628 100644 --- a/manifests/prometheus-roleSpecificNamespaces.yaml +++ b/manifests/prometheus-roleSpecificNamespaces.yaml @@ -7,7 +7,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: default rules: @@ -44,7 +44,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: kube-system rules: @@ -81,7 +81,7 @@ items: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: monitoring rules: diff --git a/manifests/prometheus-service.yaml b/manifests/prometheus-service.yaml index 611a0f05..0b14d9bb 100644 --- a/manifests/prometheus-service.yaml +++ b/manifests/prometheus-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 prometheus: k8s name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceAccount.yaml b/manifests/prometheus-serviceAccount.yaml index b8c486ba..371b8ec9 100644 --- a/manifests/prometheus-serviceAccount.yaml +++ b/manifests/prometheus-serviceAccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: monitoring diff --git a/manifests/prometheus-serviceMonitor.yaml b/manifests/prometheus-serviceMonitor.yaml index b9907a17..b5282ebf 100644 --- a/manifests/prometheus-serviceMonitor.yaml +++ b/manifests/prometheus-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.29.1 + app.kubernetes.io/version: 2.29.2 name: prometheus-k8s namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index 6b69feac..aa511ffb 100644 --- a/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -121,6 +121,37 @@ spec: description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array module: description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string From 03471fd86ff358d1e25694323862fa14daefdce8 Mon Sep 17 00:00:00 2001 From: Arunprasad Rajkumar Date: Wed, 1 Sep 2021 13:29:29 +0530 Subject: [PATCH 381/388] Adjust threshold for SpaceFillingUp warning alert Reduce threshold of NodeFilesystemSpaceFillingUp warning alert to 20% space available, instead of 40% (default). This will align the threshold according to default kubelet GC values below[1], "imageMinimumGCAge": "2m0s", "imageGCHighThresholdPercent": 85, "imageGCLowThresholdPercent": 80, [1] https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ Signed-off-by: Arunprasad Rajkumar --- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 1 + 1 file changed, 1 insertion(+) diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index d59d22e7..2498cc81 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -28,6 +28,7 @@ local defaults = { ruleLabels: {}, _config: { nodeExporterSelector: 'job="' + defaults.name + '"', + fsSpaceFillingUpWarningThreshold: 20, fsSpaceFillingUpCriticalThreshold: 15, diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/node/%s', From 16ef18ec54be99186eede4b02a57e9609eba8616 Mon Sep 17 00:00:00 2001 From: Arunprasad Rajkumar Date: Wed, 1 Sep 2021 13:33:41 +0530 Subject: [PATCH 382/388] assets: regenerate Signed-off-by: Arunprasad Rajkumar --- manifests/node-exporter-prometheusRule.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index e24216fa..7f36e602 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -21,7 +21,7 @@ spec: summary: Filesystem is predicted to run out of space within the next 24 hours. expr: | ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 20 and predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 and From 4de44139ec15fa2533803231290f004cf57c945c Mon Sep 17 00:00:00 2001 From: Arunprasad Rajkumar Date: Thu, 2 Sep 2021 17:38:02 +0530 Subject: [PATCH 383/388] add comments to reason fsSpaceFilling threshold adjustment Signed-off-by: Arunprasad Rajkumar --- jsonnet/kube-prometheus/components/node-exporter.libsonnet | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet index 2498cc81..1452174a 100644 --- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet +++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet @@ -28,6 +28,11 @@ local defaults = { ruleLabels: {}, _config: { nodeExporterSelector: 'job="' + defaults.name + '"', + // Adjust NodeFilesystemSpaceFillingUp warning and critical thresholds according to the following default kubelet + // GC values, + // imageGCLowThresholdPercent: 80 + // imageGCHighThresholdPercent: 85 + // See https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ for more details. fsSpaceFillingUpWarningThreshold: 20, fsSpaceFillingUpCriticalThreshold: 15, diskDeviceSelector: 'device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"', From 76d7cc342b2ab0db3bf55d4cf6e741d73176cfc1 Mon Sep 17 00:00:00 2001 From: Damien Grisonnet Date: Mon, 6 Sep 2021 18:39:47 +0200 Subject: [PATCH 384/388] validate: run kubeconform on supported versions Instead of running kubeconform on only one version of Kubernetes, it would be better to run it against the 2 latests versions of Kubernetes that kube-prometheus supports, so that the validation will be in line with our support policy. Signed-off-by: Damien Grisonnet --- Makefile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index b252173c..e2c265cd 100644 --- a/Makefile +++ b/Makefile @@ -13,8 +13,6 @@ TOOLING=$(EMBEDMD_BIN) $(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLIN JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s -KUBE_VERSION?="1.20.0" - all: generate fmt test .PHONY: clean @@ -43,7 +41,16 @@ update: $(JB_BIN) $(JB_BIN) update .PHONY: validate -validate: crdschemas manifests $(KUBECONFORM_BIN) +validate: validate-1.21 validate-1.22 + +validate-1.21: + KUBE_VERSION=1.21.1 $(MAKE) kubeconform + +validate-1.22: + KUBE_VERSION=1.22.0 $(MAKE) kubeconform + +.PHONY: kubeconform +kubeconform: crdschemas manifests $(KUBECONFORM_BIN) $(KUBECONFORM_BIN) -kubernetes-version $(KUBE_VERSION) -schema-location 'default' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/ .PHONY: fmt From b6635589242a6c99d81eb161b2bdaf8e6c8861a3 Mon Sep 17 00:00:00 2001 From: dgrisonnet Date: Tue, 7 Sep 2021 07:22:35 +0000 Subject: [PATCH 385/388] [bot] [main] Automated version update --- jsonnetfile.lock.json | 26 +-- manifests/grafana-dashboardDatasources.yaml | 18 +- manifests/grafana-dashboardSources.yaml | 1 + manifests/grafana-deployment.yaml | 10 +- manifests/node-exporter-prometheusRule.yaml | 6 +- ...managerConfigCustomResourceDefinition.yaml | 168 +++++++++++++++++- ...r-0prometheusCustomResourceDefinition.yaml | 28 +++ 7 files changed, 230 insertions(+), 27 deletions(-) diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 2d3bc413..4fa6ffc9 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "90f38916f1f8a310a715d18e36f787f84df4ddf5", - "sum": "0kZ1pnuIirDtbg6F9at5+NQOwKNONIGEPq0eECzvRkI=" + "version": "c3b14b24b83cfe9abf1064649d19e2d679f033fb", + "sum": "YrE4DNQsWgYWs6h0j/FjQETt8xDXdYdsslb1WK7xQEk=" }, { "source": { @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "ef81030105b5519b49de6d13218c32532d932db6", + "version": "91a5089d17f786d244ce49704774a29faf4e4ed2", "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { @@ -68,7 +68,7 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "a465b976c63ec4ef25ffb6426d10c7d595c51877", + "version": "d111b6d8e07f8dde1dfe7e688f44242e4aa4f734", "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" }, { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "a465b976c63ec4ef25ffb6426d10c7d595c51877", + "version": "d111b6d8e07f8dde1dfe7e688f44242e4aa4f734", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "07fcff9170ceffe82fd1336e518a51710d2994c4", + "version": "5fe12e2dbe118a5a3604e3ce2531a14f22848c5f", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "07fcff9170ceffe82fd1336e518a51710d2994c4", - "sum": "8sW09DSYBOS3RCvnBtC850sujaFNwoJoclW4AQxUw9Q=" + "version": "5fe12e2dbe118a5a3604e3ce2531a14f22848c5f", + "sum": "FUGl2HPBXDJQ3W9WeHPDBvATBHODKRAsyTP0G5PtviM=" }, { "source": { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "d6e758ad3792ce6a78032f6d2ae706f367422e35", + "version": "8da517524a878ee8933ed12376bb997ebaba3a09", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,8 +120,8 @@ "subdir": "docs/node-mixin" } }, - "version": "b6215e649cdfc0398ca98df8e63f3773f1725840", - "sum": "MmxGhE2PJ1a52mk2x7vDpMT2at4Jglbud/rK74CB5i0=" + "version": "6f1286b314fdf16155928e92d436be0a107ce9c6", + "sum": "OFNs9Te1QMqSscXqNqMv0zwaJoJxaEg7NyQVNyT4VeA=" }, { "source": { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "a2665a9f7384cd34052ede077c036c27fa9a8ce5", + "version": "c244fe27a323a69d062b5c2c40a52fd15a831b0f", "sum": "m4VHwft4fUcxzL4+52lLZG/V5aH5ZEdjaweb88vISL0=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "fdfc0776d0c3544a29e1bad5cc49ef971c5b73ef", + "version": "bd134d7a823708fa135e7a6931e76f581be5f879", "sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=", "name": "thanos-mixin" }, diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index 349c82c1..bc171d56 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -1,6 +1,4 @@ apiVersion: v1 -data: - datasources.yaml: ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLm1vbml0b3Jpbmcuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9CiAgICBdCn0= kind: Secret metadata: labels: @@ -10,4 +8,20 @@ metadata: app.kubernetes.io/version: 8.1.2 name: grafana-datasources namespace: monitoring +stringData: + datasources.yaml: |- + { + "apiVersion": 1, + "datasources": [ + { + "access": "proxy", + "editable": false, + "name": "prometheus", + "orgId": 1, + "type": "prometheus", + "url": "http://prometheus-k8s.monitoring.svc:9090", + "version": 1 + } + ] + } type: Opaque diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 683440ce..2fad90b4 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -6,6 +6,7 @@ data: "providers": [ { "folder": "Default", + "folderUid": "", "name": "0", "options": { "path": "/grafana-dashboard-definitions/0" diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 7d5ebb85..1ff981fd 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -18,7 +18,9 @@ spec: template: metadata: annotations: - checksum/grafana-datasources: eb633dbe89057f52cf1243153e640b1d + checksum/grafana-config: 9e92fcf7cec54ae70af0deab79e283d0 + checksum/grafana-dashboardproviders: e8fc7f6247c9dec844098ae0d4b24d26 + checksum/grafana-datasources: ea73b70ba8595400d1ed21af33684ff9 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana @@ -122,6 +124,9 @@ spec: - mountPath: /grafana-dashboard-definitions/0/workload-total name: grafana-dashboard-workload-total readOnly: false + - mountPath: /etc/grafana + name: grafana-config + readOnly: false nodeSelector: kubernetes.io/os: linux securityContext: @@ -207,3 +212,6 @@ spec: - configMap: name: grafana-dashboard-workload-total name: grafana-dashboard-workload-total + - name: grafana-config + secret: + secretName: grafana-config diff --git a/manifests/node-exporter-prometheusRule.yaml b/manifests/node-exporter-prometheusRule.yaml index 7f36e602..0a39b890 100644 --- a/manifests/node-exporter-prometheusRule.yaml +++ b/manifests/node-exporter-prometheusRule.yaml @@ -250,10 +250,8 @@ spec: - name: node-exporter.rules rules: - expr: | - count without (cpu) ( - count without (mode) ( - node_cpu_seconds_total{job="node-exporter"} - ) + count without (cpu, mode) ( + node_cpu_seconds_total{job="node-exporter",mode="idle"} ) record: instance:node_num_cpu:sum - expr: | diff --git a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index 5edca274..7f879959 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -314,8 +314,30 @@ spec: httpConfig: description: HTTP client configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -545,8 +567,30 @@ spec: httpConfig: description: HTTP client configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -746,8 +790,30 @@ spec: httpConfig: description: HTTP client configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -1039,8 +1105,30 @@ spec: httpConfig: description: HTTP client configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -1262,8 +1350,30 @@ spec: httpConfig: description: The HTTP client's configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -1433,8 +1543,30 @@ spec: httpConfig: description: HTTP client configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -1638,8 +1770,30 @@ spec: httpConfig: description: HTTP client configuration. properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object basicAuth: - description: BasicAuth for the client. + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. properties: password: description: The secret in the service monitor namespace that contains the password for authentication. diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index 726283bf..c3cd21a5 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -3738,6 +3738,34 @@ spec: version: description: Version describes the version of Thanos to use. type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the thanos-sidecar container. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array type: object tolerations: description: If specified, the pod's tolerations. From 679f5a8d9aa031d0834fd8071662b62b8f3239a8 Mon Sep 17 00:00:00 2001 From: Michael Friedrich Date: Thu, 9 Sep 2021 21:29:54 +0200 Subject: [PATCH 386/388] Update import path for 'monitoring other namespaces' guide Changed in https://github.com/prometheus-operator/kube-prometheus/commit/42a3ac0606818541e66a111693d3ff98c642f7a8 from `kube-prometheus` to `main` --- docs/monitoring-other-namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/monitoring-other-namespaces.md b/docs/monitoring-other-namespaces.md index 2e4ede9f..dc111b69 100644 --- a/docs/monitoring-other-namespaces.md +++ b/docs/monitoring-other-namespaces.md @@ -20,7 +20,7 @@ This is done in the variable `prometheus.roleSpecificNamespaces`. You usually se Example to create the needed `Role` and `RoleBinding` for the Namespace `foo` : ``` -local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + { +local kp = (import 'kube-prometheus/main.libsonnet') + { _config+:: { namespace: 'monitoring', From 6654c131428066b3b26595e7cda0b34a1fc8b3e4 Mon Sep 17 00:00:00 2001 From: dgrisonnet Date: Mon, 13 Sep 2021 07:39:05 +0000 Subject: [PATCH 387/388] [bot] [main] Automated version update --- jsonnet/kube-prometheus/versions.json | 2 +- jsonnetfile.lock.json | 22 ++++----- manifests/grafana-dashboardDatasources.yaml | 2 +- manifests/grafana-dashboardDefinitions.yaml | 46 +++++++++---------- manifests/grafana-dashboardSources.yaml | 2 +- manifests/grafana-deployment.yaml | 12 ++--- manifests/grafana-service.yaml | 2 +- manifests/grafana-serviceMonitor.yaml | 2 +- ...0alertmanagerCustomResourceDefinition.yaml | 4 ++ ...r-0prometheusCustomResourceDefinition.yaml | 4 ++ ...-0thanosrulerCustomResourceDefinition.yaml | 4 ++ 11 files changed, 57 insertions(+), 45 deletions(-) diff --git a/jsonnet/kube-prometheus/versions.json b/jsonnet/kube-prometheus/versions.json index c9209499..d27a9628 100644 --- a/jsonnet/kube-prometheus/versions.json +++ b/jsonnet/kube-prometheus/versions.json @@ -1,7 +1,7 @@ { "alertmanager": "0.23.0", "blackboxExporter": "0.19.0", - "grafana": "8.1.2", + "grafana": "8.1.3", "kubeStateMetrics": "2.2.0", "nodeExporter": "1.2.2", "prometheus": "2.29.2", diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json index 4fa6ffc9..9880c654 100644 --- a/jsonnetfile.lock.json +++ b/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "91a5089d17f786d244ce49704774a29faf4e4ed2", + "version": "c2937d78d2722d774f69dbf91a956f382d32f4d3", "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" }, { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "3082bfca110166cd69533fa3c0875fdb1b68c329", - "sum": "4/sUV0Kk+o8I+wlYxL9R6EPhL/NiLfYHk+NXlU64RUk=" + "version": "05fb200ee1a1816fc1b4c522071d5606d8dd71c1", + "sum": "mEoObbqbyVaXrHFEJSM2Nad31tOvadzIevWuyNHHBgI=" }, { "source": { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "ff22d1d6698573e7cb76228198edfa2b2f632dcc", + "version": "746874e4836a4bfbb7034d32de0c98ab1282aaae", "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" }, { @@ -88,7 +88,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "5fe12e2dbe118a5a3604e3ce2531a14f22848c5f", + "version": "2c81b0cf6a5673e08057499a08ddce396b19dda4", "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", "name": "prometheus-operator-mixin" }, @@ -99,8 +99,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "5fe12e2dbe118a5a3604e3ce2531a14f22848c5f", - "sum": "FUGl2HPBXDJQ3W9WeHPDBvATBHODKRAsyTP0G5PtviM=" + "version": "2c81b0cf6a5673e08057499a08ddce396b19dda4", + "sum": "WUuFzKqxzxmTWLeic/IU1SMjdCV/zClt11MHucJ9MSc=" }, { "source": { @@ -109,7 +109,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "8da517524a878ee8933ed12376bb997ebaba3a09", + "version": "44011410d7065487789c447ce55157ae6e0b917d", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -120,7 +120,7 @@ "subdir": "docs/node-mixin" } }, - "version": "6f1286b314fdf16155928e92d436be0a107ce9c6", + "version": "dc68e035a5b37a9a3b47e1547f07d96df29ba575", "sum": "OFNs9Te1QMqSscXqNqMv0zwaJoJxaEg7NyQVNyT4VeA=" }, { @@ -130,7 +130,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "c244fe27a323a69d062b5c2c40a52fd15a831b0f", + "version": "46286cb6abfff961e8c257de091443e835ec444f", "sum": "m4VHwft4fUcxzL4+52lLZG/V5aH5ZEdjaweb88vISL0=", "name": "prometheus" }, @@ -141,7 +141,7 @@ "subdir": "mixin" } }, - "version": "bd134d7a823708fa135e7a6931e76f581be5f879", + "version": "2dd8c22e8c15f5ec0daaa07ae20be44bed419aa5", "sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=", "name": "thanos-mixin" }, diff --git a/manifests/grafana-dashboardDatasources.yaml b/manifests/grafana-dashboardDatasources.yaml index bc171d56..c3cce22f 100644 --- a/manifests/grafana-dashboardDatasources.yaml +++ b/manifests/grafana-dashboardDatasources.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-datasources namespace: monitoring stringData: diff --git a/manifests/grafana-dashboardDefinitions.yaml b/manifests/grafana-dashboardDefinitions.yaml index 58915037..a80d3de2 100644 --- a/manifests/grafana-dashboardDefinitions.yaml +++ b/manifests/grafana-dashboardDefinitions.yaml @@ -596,7 +596,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-alertmanager-overview namespace: monitoring - apiVersion: v1 @@ -2332,7 +2332,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-apiserver namespace: monitoring - apiVersion: v1 @@ -4203,7 +4203,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-cluster-total namespace: monitoring - apiVersion: v1 @@ -5369,7 +5369,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-controller-manager namespace: monitoring - apiVersion: v1 @@ -8382,7 +8382,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-k8s-resources-cluster namespace: monitoring - apiVersion: v1 @@ -11115,7 +11115,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-k8s-resources-namespace namespace: monitoring - apiVersion: v1 @@ -12082,7 +12082,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-k8s-resources-node namespace: monitoring - apiVersion: v1 @@ -14498,7 +14498,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-k8s-resources-pod namespace: monitoring - apiVersion: v1 @@ -16473,7 +16473,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-k8s-resources-workload namespace: monitoring - apiVersion: v1 @@ -18613,7 +18613,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-k8s-resources-workloads-namespace namespace: monitoring - apiVersion: v1 @@ -20850,7 +20850,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-kubelet namespace: monitoring - apiVersion: v1 @@ -22303,7 +22303,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-namespace-by-pod namespace: monitoring - apiVersion: v1 @@ -24028,7 +24028,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-namespace-by-workload namespace: monitoring - apiVersion: v1 @@ -25080,7 +25080,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-node-cluster-rsrc-use namespace: monitoring - apiVersion: v1 @@ -26158,7 +26158,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-node-rsrc-use namespace: monitoring - apiVersion: v1 @@ -27138,7 +27138,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-nodes namespace: monitoring - apiVersion: v1 @@ -27704,7 +27704,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-persistentvolumesusage namespace: monitoring - apiVersion: v1 @@ -28921,7 +28921,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-pod-total namespace: monitoring - apiVersion: v1 @@ -30580,7 +30580,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-prometheus-remote-write namespace: monitoring - apiVersion: v1 @@ -31804,7 +31804,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-prometheus namespace: monitoring - apiVersion: v1 @@ -33050,7 +33050,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-proxy namespace: monitoring - apiVersion: v1 @@ -34139,7 +34139,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-scheduler namespace: monitoring - apiVersion: v1 @@ -35566,7 +35566,7 @@ items: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboard-workload-total namespace: monitoring kind: ConfigMapList diff --git a/manifests/grafana-dashboardSources.yaml b/manifests/grafana-dashboardSources.yaml index 2fad90b4..f6e281eb 100644 --- a/manifests/grafana-dashboardSources.yaml +++ b/manifests/grafana-dashboardSources.yaml @@ -22,6 +22,6 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana-dashboards namespace: monitoring diff --git a/manifests/grafana-deployment.yaml b/manifests/grafana-deployment.yaml index 1ff981fd..4b239280 100644 --- a/manifests/grafana-deployment.yaml +++ b/manifests/grafana-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana namespace: monitoring spec: @@ -18,18 +18,18 @@ spec: template: metadata: annotations: - checksum/grafana-config: 9e92fcf7cec54ae70af0deab79e283d0 - checksum/grafana-dashboardproviders: e8fc7f6247c9dec844098ae0d4b24d26 - checksum/grafana-datasources: ea73b70ba8595400d1ed21af33684ff9 + checksum/grafana-config: e1f5b84a1d40edb8a6527c98d24ff656 + checksum/grafana-dashboardproviders: 2c7c248e5512bb5576d633004725159c + checksum/grafana-datasources: b2cbbea3079b8634b7bdf42cb56c1537 labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 spec: containers: - env: [] - image: grafana/grafana:8.1.2 + image: grafana/grafana:8.1.3 name: grafana ports: - containerPort: 3000 diff --git a/manifests/grafana-service.yaml b/manifests/grafana-service.yaml index ed55f96f..258a9720 100644 --- a/manifests/grafana-service.yaml +++ b/manifests/grafana-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana namespace: monitoring spec: diff --git a/manifests/grafana-serviceMonitor.yaml b/manifests/grafana-serviceMonitor.yaml index c2d3d991..fedfd40c 100644 --- a/manifests/grafana-serviceMonitor.yaml +++ b/manifests/grafana-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 8.1.2 + app.kubernetes.io/version: 8.1.3 name: grafana namespace: monitoring spec: diff --git a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index d69502aa..4bbdb953 100644 --- a/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -1929,6 +1929,10 @@ spec: logLevel: description: Log level for Alertmanager to be configured with. type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. + format: int32 + type: integer nodeSelector: additionalProperties: type: string diff --git a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index c3cd21a5..1122aec4 100644 --- a/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -2289,6 +2289,10 @@ spec: logLevel: description: Log level for Prometheus to be configured with. type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. + format: int32 + type: integer nodeSelector: additionalProperties: type: string diff --git a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml index a48e0f77..bd9ede43 100644 --- a/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml +++ b/manifests/setup/prometheus-operator-0thanosrulerCustomResourceDefinition.yaml @@ -1967,6 +1967,10 @@ spec: logLevel: description: Log level for ThanosRuler to be configured with. type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. + format: int32 + type: integer nodeSelector: additionalProperties: type: string From 6d5c1b793c17e2963ba9955060ecd1747360da91 Mon Sep 17 00:00:00 2001 From: Sylvain Pasche Date: Sat, 11 Sep 2021 19:26:38 +0200 Subject: [PATCH 388/388] Always generate grafana-config secret Since https://github.com/brancz/kubernetes-grafana/pull/115, upstream grafana contains a non-empty config. Generate the grafana-config secret unconditionally even if no user config is passed. --- .../kube-prometheus/components/grafana.libsonnet | 3 +-- kustomization.yaml | 1 + manifests/grafana-config.yaml | 15 +++++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 manifests/grafana-config.yaml diff --git a/jsonnet/kube-prometheus/components/grafana.libsonnet b/jsonnet/kube-prometheus/components/grafana.libsonnet index ce6cb40e..cf2c7ea2 100644 --- a/jsonnet/kube-prometheus/components/grafana.libsonnet +++ b/jsonnet/kube-prometheus/components/grafana.libsonnet @@ -68,8 +68,7 @@ function(params) { }, }, - // Add object only if user passes config and config is not empty - [if std.objectHas(params, 'config') && std.length(params.config) > 0 then 'config']: glib.grafana.config, + config: glib.grafana.config, service: glib.grafana.service, serviceAccount: glib.grafana.serviceAccount, deployment: glib.grafana.deployment, diff --git a/kustomization.yaml b/kustomization.yaml index 2f5b872e..ffea5b17 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -15,6 +15,7 @@ resources: - ./manifests/blackbox-exporter-service.yaml - ./manifests/blackbox-exporter-serviceAccount.yaml - ./manifests/blackbox-exporter-serviceMonitor.yaml +- ./manifests/grafana-config.yaml - ./manifests/grafana-dashboardDatasources.yaml - ./manifests/grafana-dashboardDefinitions.yaml - ./manifests/grafana-dashboardSources.yaml diff --git a/manifests/grafana-config.yaml b/manifests/grafana-config.yaml new file mode 100644 index 00000000..eeece25e --- /dev/null +++ b/manifests/grafana-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: grafana + app.kubernetes.io/name: grafana + app.kubernetes.io/part-of: kube-prometheus + app.kubernetes.io/version: 8.1.3 + name: grafana-config + namespace: monitoring +stringData: + grafana.ini: | + [date_formats] + default_timezone = UTC +type: Opaque