mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-08-25 16:31:38 +02:00
Code Issues Projects Releases Wiki Activity
2,591 Commits 23 Branches 15 Tags
Commit Graph

864 Commits

Author SHA1 Message Date
paulfantom
3ad08674b3 manifests: regenerate 
Signed-off-by: paulfantom <pawel@krupa.net.pl>
Signed-off-by: Paweł Krupa (paulfantom) <pawel@krupa.net.pl>
(cherry picked from commit d3ea3147a8fa643413fbcba368c0de88aec8f7eb)
(cherry picked from commit d24c347b2742d9474c8f441f2831262c63b8c79b)
 2022-03-09 07:48:01 +00:00
Arthur Silva Sens
3f3b56e247 alertmanager/networkPolicy: Allow cluster peer-to-peer communication 
Signed-off-by: GitHub <noreply@github.com>
(cherry picked from commit df68b8d1da5d2d91b9502d4be67063c2c497e0cb)
 2022-03-09 07:47:28 +00:00
Arthur Silva Sens
ea158da23f Add networkPolicies for alertmanager, grafana, prometheus-operator and prometheus 
Signed-off-by: GitHub <noreply@github.com>
(cherry picked from commit 86e16b539cc57710b50f4692848cab5645e3d2bc)
 2022-03-09 07:47:25 +00:00
Paweł Krupa (paulfantom)
030dec7656 *: add example for disabling NetworkPolicies 
(cherry picked from commit b4bf38ba6c0f4ad34bc080b0c655454c3ab1fbdb)
(cherry picked from commit c21bf4fbfa478fd163c091054d9fcc98836d7045)
 2022-03-09 07:46:44 +00:00
paulfantom
fddf642de7 jsonnet: add networkpolicies for components accessed by prometheus 
(cherry picked from commit f8c00b9963cc63a3cf98dd1c825943d4df92d9c4)
(cherry picked from commit f09b8e5de2e46db85f090549d37eeb878a81842f)
 2022-03-09 07:42:09 +00:00
Prometheus Operator Bot
4a9f97b41f [bot] [main] Automated version update 2022-03-07 07:41:44 +00:00
Prometheus Operator Bot
61c007ef56 [bot] [main] Automated version update 2022-02-28 07:40:53 +00:00
Prometheus Operator Bot
36ace1ce7a [bot] [main] Automated version update 2022-02-21 07:40:44 +00:00
Philip Gough
53542d5cce
Merge pull request #1637 from ahysing/custom-requests-kube-rbacc-proxy-self 
Added custom overrides for kube-rbac-proxy-self.
 2022-02-18 16:32:30 +00:00
Philip Gough
2918583c81 node_exporter: Add priorityClassName as system-cluster-critical 2022-02-17 12:11:31 +00:00
Paweł Krupa
5ff20b1718
Merge pull request #1630 from PhilipGough/fix-1603 2022-02-16 21:46:08 +01:00
Wulf Thimm
30bfd69c3e removed CAP_ from node-exporter daemonset 2022-02-16 14:41:20 +00:00
ArthurSens
78ca6d9579 Address FIXME 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
 2022-02-15 15:20:34 +00:00
Arthur Silva Sens
d270540308
Merge pull request #1628 from ravilr/fix_cluster_cpu_query 
fix cluster:node_cpu:ratio query
 2022-02-15 06:28:22 +00:00
Wulf Thimm
a5c5adba68 added allowedCapabilities to node-exporter psp 2022-02-14 14:38:13 +00:00
Philip Gough
7c715c8126
Merge pull request #1624 from ArthurSens/grafana-volume 
Add extra-volume mount for plugins downloads
 2022-02-14 11:15:14 +00:00
Prometheus Operator Bot
ac7f6b42ab [bot] [main] Automated version update 2022-02-14 07:41:12 +00:00
Andreas Dreyer Hysing
154019ad82 Added custom overrides for kube-rbac-proxy-self. 2022-02-11 15:29:58 +01:00
Prometheus Operator Bot
2de3d810b1 [bot] [main] Automated version update 2022-02-10 15:40:58 +00:00
Philip Gough
58fa27a40e Update PodMonitor for kube-proxy 2022-02-10 09:45:27 +00:00
ravilr
1d1ca283b1 fix cluster:node_cpu:ratio query 2022-02-09 20:21:05 -08:00
Arthur Silva Sens
43879b5217 Add extra-volume mount for plugins downloads 
Signed-off-by: GitHub <noreply@github.com>
 2022-02-07 20:31:58 +00:00
Prometheus Operator Bot
7b602e1372 [bot] [main] Automated version update 2022-02-07 07:40:53 +00:00
Arthur Silva Sens
db61b3e18e
Merge pull request #1591 from paulfantom/automountServiceAccountToken 
disable injecting unnecessary variables allowing access to k8s API
 2022-02-05 18:28:33 +00:00
Paweł Krupa (paulfantom)
3429bc77a4 disable injecting unnecessary variables allowing access to k8s API 2022-02-04 14:08:52 +01:00
Paweł Krupa
3436e1a92e
Merge pull request #1612 from ArthurSens/remove-hostport 2022-02-04 12:58:13 +01:00
ArthurSens
fb92a6dbe0 Document better why we use hostPort on node-exporter 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
 2022-02-03 15:47:43 +00:00
Arunprasad Rajkumar
0eabbb5d0c
Sanitize all regex denylist in ksm-lite addon 
This is a follow up fix of https://github.com/prometheus-operator/kube-prometheus/pull/1613. @simonpasquier recommended to sanitize all denylist metrics.

Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com>
 2022-02-03 19:52:44 +05:30
Arunprasad Rajkumar
f16277e8e0
Sanitize regex denylist in ksm-lite addon 
The following metrics are missing from kube-state-metrics:
- kube_pod_container_status_terminated_reason
- kube_pod_init_container_status_terminated_reason
- kube_pod_status_scheduled_time

Previously, some metrics were removed from kube-state-metrics by adding the following --metric-denylist argument to the kube-state-metrics container

```
--metric-denylist=
kube_.+_created,
kube_.+_metadata_resource_version,
kube_replicaset_metadata_generation,
kube_replicaset_status_observed_generation,
kube_pod_restart_policy,
kube_pod_init_container_status_terminated,
kube_pod_init_container_status_running,
kube_pod_container_status_terminated,
kube_pod_container_status_running,
kube_pod_completion_time,
kube_pod_status_scheduled
```

--metric-denylist: Comma-separated list of metrics not to be enabled. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.

However, all the list of metrics is managed as RegEx, thus "kube_pod_container_status_terminated" denies .*kube_pod_container_status_terminated.*, that's why kube_pod_init_container_status_terminated_reason is missing

Co-authored-by: Florian Gleizes <fgleizes@redhat.com>
Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com>
 2022-02-03 17:50:22 +05:30
Arthur Silva Sens
755d27bb46
Merge pull request #1610 from ArthurSens/as/linux-hardening 
Drop Linux capabilities
 2022-02-02 12:56:21 +00:00
Paweł Krupa (paulfantom)
86ac6f79b1 jsonnet: filter out kube-proxy alerts when kube-proxy is disabled 
Signed-off-by: Paweł Krupa (paulfantom) <pawel@krupa.net.pl>
 2022-02-01 16:22:48 +01:00
Arthur Silva Sens
931af3241d Drop Linux capabilities 
Signed-off-by: GitHub <noreply@github.com>
 2022-02-01 09:25:21 +00:00
ArthurSens
e5610b2e8d Address FIXME 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
 2022-01-31 17:25:00 +00:00
Prometheus Operator Bot
dad37c968d [bot] [main] Automated version update 2022-01-31 17:04:19 +00:00
Arthur Silva Sens
57c46a2861 components/*: Forbid write access to root filesystem 
Signed-off-by: GitHub <noreply@github.com>
 2022-01-27 16:03:58 +00:00
Paweł Krupa
b68f3f0f07
Merge pull request #1556 from arajkumar/fix-thanos-sidecar-selector 2022-01-27 13:06:59 +01:00
Arthur Silva Sens
4d004393e1
Merge pull request #1593 from prometheus-operator/as/forbid-privilege-scalation 
Explicitly declare allowPrivilegeEscalation to false in all components
 2022-01-24 10:38:33 +00:00
Arthur Silva Sens
b60b302499 Explicitly declare allowPrivilegeEscalation to false 
Although containers that do not run as privileged already have this set to false by kubernetes
Kubespace [asks us](https://hub.armo.cloud/docs/c-0016) to explicitly declare it to false where not needed.

Signed-off-by: Arthur Silva Sens <arthursens2005@gmail.com>
 2022-01-24 10:31:43 +00:00
Prometheus Operator Bot
ef40bc5759 [bot] [main] Automated version update 2022-01-24 07:43:49 +00:00
Philip Gough
f2559e0ced
Merge pull request #1566 from primeroz/fix/do-not-add-namespace-to-clusterwide-resources 
Hide namespace for prometheus clusterRole and clusterRolebinding
 2022-01-10 11:19:31 +00:00
Andrei Nistor
1d3dbe61cb
Inhibit info alerts unless other alerts fire (#1507) 
* Inhibit info alerts unless other alerts fire

* Fix nits
 2022-01-10 10:37:43 +01:00
Arunprasad Rajkumar
b7a135a101
Fix thanos sidecar selector 
Previous PR[1] which deprecated `thanosSelector` accidentally broke the
usage of it. This commit restores the old behaviour along with newly
introduced `thanos` config variable.

[1] https://github.com/prometheus-operator/kube-prometheus/pull/1543

Co-authored-by: Pawe? Krupa <pawel@krupa.net.pl>
Signed-off-by: Arunprasad Rajkumar <arajkuma@redhat.com>
 2022-01-05 16:23:24 +05:30
Paweł Krupa
529739d5ef
Merge pull request #1572 from ArthurSens/as/projected-psp 2022-01-04 13:37:13 +01:00
ArthurSens
f4a5ff3e3b addon/podsecuritypolicies: Add projected volumes permission 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
 2022-01-04 12:24:05 +00:00
Francesco Ciocchetti
f7738d7434
Set namespace to null for clusterwide resources and generate manifests 2022-01-04 10:03:14 +01:00
paulfantom
ec40014ac3 jsonnet: add grafana-mixin 
Signed-off-by: paulfantom <pawel@krupa.net.pl>
Signed-off-by: Paweł Krupa (paulfantom) <pawel@krupa.net.pl>
 2022-01-04 09:14:43 +01:00
Prometheus Operator Bot
8aca1fb1cb [bot] [main] Automated version update 2021-12-20 14:15:02 +00:00
Prometheus Operator Bot
245427cafb [bot] [main] Automated version update 2021-12-20 07:41:04 +00:00
Philip Gough
2a135c38d7 jsonnet: Track latest deps 2021-12-17 12:31:25 +00:00
Philip Gough
480cb2ced4 jsonnet: Pin deps for 0.10 2021-12-17 11:38:05 +00:00