Wulf Thimm
30bfd69c3e
removed CAP_ from node-exporter daemonset
2022-02-16 14:41:20 +00:00
Matthias Loibl
5850e56501
Merge pull request #1643 from ArthurSens/as/fixme
...
Removes dead code
2022-02-15 19:05:54 +01:00
ArthurSens
78ca6d9579
Address FIXME
...
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-02-15 15:20:34 +00:00
Arthur Silva Sens
d270540308
Merge pull request #1628 from ravilr/fix_cluster_cpu_query
...
fix cluster:node_cpu:ratio query
2022-02-15 06:28:22 +00:00
Arthur Silva Sens
7612bc33cb
Merge pull request #1642 from wulfthimm/fix-node-exp-psp
...
added allowedCapabilities to node-exporter psp
2022-02-14 14:55:01 +00:00
Wulf Thimm
a5c5adba68
added allowedCapabilities to node-exporter psp
2022-02-14 14:38:13 +00:00
Philip Gough
7c715c8126
Merge pull request #1624 from ArthurSens/grafana-volume
...
Add extra-volume mount for plugins downloads
2022-02-14 11:15:14 +00:00
Philip Gough
bb85080094
Merge pull request #1634 from PhilipGough/docs
...
Update apiVersion from deprecated RBAC
2022-02-14 09:42:07 +00:00
Paweł Krupa
dde70ed05a
Merge pull request #1641 from dangviettuan/main
...
spelling correction
2022-02-14 10:22:01 +01:00
Paweł Krupa
6d00711044
Merge pull request #1640 from prometheus-operator/automated-updates-main
2022-02-14 10:21:48 +01:00
Tuan Dang
cc6a58359f
spelling correction
2022-02-14 15:25:29 +07:00
Prometheus Operator Bot
ac7f6b42ab
[bot] [main] Automated version update
2022-02-14 07:41:12 +00:00
Philip Gough
41a5ef110d
Update apiVersion from deprecated RBAC
2022-02-10 17:42:04 +00:00
Arthur Silva Sens
768e882ce8
Merge pull request #1633 from prometheus-operator/automated-updates-main
...
[bot] [main] Automated version update
2022-02-10 16:14:00 +00:00
Prometheus Operator Bot
2de3d810b1
[bot] [main] Automated version update
2022-02-10 15:40:58 +00:00
ravilr
1d1ca283b1
fix cluster:node_cpu:ratio query
2022-02-09 20:21:05 -08:00
Arthur Silva Sens
43879b5217
Add extra-volume mount for plugins downloads
...
Signed-off-by: GitHub <noreply@github.com>
2022-02-07 20:31:58 +00:00
Paweł Krupa
e4aae0fbb7
Merge pull request #1620 from prometheus-operator/dependabot/go_modules/scripts/github.com/yannh/kubeconform-0.4.12
2022-02-07 14:41:54 +01:00
Arthur Silva Sens
89184da7c6
Merge pull request #1622 from prometheus-operator/automated-updates-main
...
[bot] [main] Automated version update
2022-02-07 08:11:54 +00:00
Prometheus Operator Bot
7b602e1372
[bot] [main] Automated version update
2022-02-07 07:40:53 +00:00
Arthur Silva Sens
db61b3e18e
Merge pull request #1591 from paulfantom/automountServiceAccountToken
...
disable injecting unnecessary variables allowing access to k8s API
2022-02-05 18:28:33 +00:00
Paweł Krupa (paulfantom)
dd37165884
*: reduce kubescale threshold to single digit
2022-02-04 14:17:00 +01:00
dependabot[bot]
776b45a5b4
build(deps): bump github.com/yannh/kubeconform in /scripts
...
Bumps [github.com/yannh/kubeconform](https://github.com/yannh/kubeconform ) from 0.4.7 to 0.4.12.
- [Release notes](https://github.com/yannh/kubeconform/releases )
- [Changelog](https://github.com/yannh/kubeconform/blob/master/.goreleaser.yml )
- [Commits](https://github.com/yannh/kubeconform/compare/v0.4.7...v0.4.12 )
---
updated-dependencies:
- dependency-name: github.com/yannh/kubeconform
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-04 13:15:10 +00:00
Paweł Krupa
0a76dc71d0
Merge pull request #1617 from prometheus-operator/paulfantom-patch-1
2022-02-04 14:13:59 +01:00
Paweł Krupa (paulfantom)
8cb6979426
docs: add security considerations regarding automountServiceAccountToken
2022-02-04 14:10:01 +01:00
Paweł Krupa (paulfantom)
731843f4cd
manifests: regenerate
2022-02-04 14:09:43 +01:00
Paweł Krupa (paulfantom)
3429bc77a4
disable injecting unnecessary variables allowing access to k8s API
2022-02-04 14:08:52 +01:00
Paweł Krupa
3436e1a92e
Merge pull request #1612 from ArthurSens/remove-hostport
2022-02-04 12:58:13 +01:00
Paweł Krupa
f51e9b14e9
Merge pull request #1616 from ArthurSens/as/kubescape
2022-02-04 12:23:03 +01:00
Paweł Krupa
57be33120d
Create dependabot.yml
2022-02-04 12:17:58 +01:00
ArthurSens
ce98a61205
Loosen Kubescape threshold
...
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-02-04 10:13:07 +00:00
ArthurSens
fb92a6dbe0
Document better why we use hostPort on node-exporter
...
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-02-03 15:47:43 +00:00
Paweł Krupa
087f479b2a
Merge pull request #1614 from arajkumar/sanitize-all-denylist-regex
2022-02-03 16:07:41 +01:00
Arunprasad Rajkumar
0eabbb5d0c
Sanitize all regex denylist in ksm-lite addon
...
This is a follow up fix of https://github.com/prometheus-operator/kube-prometheus/pull/1613 . @simonpasquier recommended to sanitize all denylist metrics.
Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com>
2022-02-03 19:52:44 +05:30
Paweł Krupa
15137a39a7
Merge pull request #1613 from arajkumar/sanitize-regex-denylist
2022-02-03 14:07:45 +01:00
Arunprasad Rajkumar
f16277e8e0
Sanitize regex denylist in ksm-lite addon
...
The following metrics are missing from kube-state-metrics:
- kube_pod_container_status_terminated_reason
- kube_pod_init_container_status_terminated_reason
- kube_pod_status_scheduled_time
Previously, some metrics were removed from kube-state-metrics by adding the following --metric-denylist argument to the kube-state-metrics container
```
--metric-denylist=
kube_.+_created,
kube_.+_metadata_resource_version,
kube_replicaset_metadata_generation,
kube_replicaset_status_observed_generation,
kube_pod_restart_policy,
kube_pod_init_container_status_terminated,
kube_pod_init_container_status_running,
kube_pod_container_status_terminated,
kube_pod_container_status_running,
kube_pod_completion_time,
kube_pod_status_scheduled
```
--metric-denylist: Comma-separated list of metrics not to be enabled. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.
However, all the list of metrics is managed as RegEx, thus "kube_pod_container_status_terminated" denies .*kube_pod_container_status_terminated.*, that's why kube_pod_init_container_status_terminated_reason is missing
Co-authored-by: Florian Gleizes <fgleizes@redhat.com>
Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com>
2022-02-03 17:50:22 +05:30
Arthur Silva Sens
755d27bb46
Merge pull request #1610 from ArthurSens/as/linux-hardening
...
Drop Linux capabilities
2022-02-02 12:56:21 +00:00
Arthur Silva Sens
21e26c808a
Merge pull request #1609 from paulfantom/fix-1602
...
jsonnet: filter out kube-proxy alerts when kube-proxy is disabled
2022-02-01 17:23:51 +00:00
Paweł Krupa (paulfantom)
35f0bca4da
manifests: regenerate
2022-02-01 16:22:57 +01:00
Paweł Krupa (paulfantom)
86ac6f79b1
jsonnet: filter out kube-proxy alerts when kube-proxy is disabled
...
Signed-off-by: Paweł Krupa (paulfantom) <pawel@krupa.net.pl>
2022-02-01 16:22:48 +01:00
Arthur Silva Sens
931af3241d
Drop Linux capabilities
...
Signed-off-by: GitHub <noreply@github.com>
2022-02-01 09:25:21 +00:00
Paweł Krupa
6bfb07aac2
Merge pull request #1608 from ArthurSens/as/fixme
2022-01-31 19:44:45 +01:00
ArthurSens
e5610b2e8d
Address FIXME
...
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-01-31 17:25:00 +00:00
Arthur Silva Sens
2e5337ee8e
Merge pull request #1607 from prometheus-operator/automated-updates-main
...
[bot] [main] Automated version update
2022-01-31 17:09:07 +00:00
Prometheus Operator Bot
dad37c968d
[bot] [main] Automated version update
2022-01-31 17:04:19 +00:00
Paweł Krupa
85de14dd8d
Merge pull request #1606 from paulfantom/revert-1598
2022-01-31 18:01:24 +01:00
Paweł Krupa (paulfantom)
a44622ed54
Revert "workflows/versions: Enable auto-merge"
...
This reverts commit f0d9be27b3722bb4adf9279576e472b40c97311b.
2022-01-31 17:52:19 +01:00
Arthur Silva Sens
b113c45a18
Merge pull request #1600 from ArthurSens/readOnlyRootFilesystem
2022-01-28 11:59:47 +00:00
ArthurSens
98664db925
Adjust Kubescape threshold
...
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-01-27 16:05:39 +00:00
Arthur Silva Sens
57c46a2861
components/*: Forbid write access to root filesystem
...
Signed-off-by: GitHub <noreply@github.com>
2022-01-27 16:03:58 +00:00
