feat: more v1.29 module updates

This commit is contained in:
Stefan Reimer 2024-07-19 14:14:43 +00:00
parent af33435d51
commit 243b13892c
128 changed files with 23965 additions and 22207 deletions

View File

@ -25,18 +25,8 @@ control_plane_upgrade kubeadm_upgrade
# shellcheck disable=SC2015
#argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
### v1.28
# - remove old argocd app, all resources will be taken over by argo.argo-cd
argo_used && rc=$? || rc=$?
if [ $rc -eq 0 ]; then
kubectl patch app argocd -n argocd \
--type json \
--patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' && \
kubectl delete app argocd -n argocd || true
# remove legacy argocd app resources, but NOT kubezero-git-sync nor the appproject
kubectl api-resources --verbs=list --namespaced -o name | grep -ve 'app.*argoproj' | xargs -n 1 kubectl delete --ignore-not-found -l argocd.argoproj.io/instance=argocd -n argocd
fi
### v1.29
#
# upgrade modules
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
@ -49,9 +39,9 @@ echo "Applying remaining KubeZero modules..."
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
# Trigger backup of upgraded cluster state
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$VERSION -n kube-system
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$KUBE_VERSION -n kube-system
while true; do
kubectl wait --for=condition=complete job/kubezero-backup-$VERSION -n kube-system 2>/dev/null && kubectl delete job kubezero-backup-$VERSION -n kube-system && break
kubectl wait --for=condition=complete job/kubezero-backup-$KUBE_VERSION -n kube-system 2>/dev/null && kubectl delete job kubezero-backup-$KUBE_VERSION -n kube-system && break
sleep 1
done

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-cert-manager
description: KubeZero Umbrella Chart for cert-manager
type: application
version: 0.9.7
version: 0.9.8
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -16,6 +16,6 @@ dependencies:
version: ">= 0.1.6"
repository: https://cdn.zero-downtime.net/charts/
- name: cert-manager
version: v1.14.4
version: v1.15.1
repository: https://charts.jetstack.io
kubeVersion: ">= 1.26.0"

View File

@ -1,6 +1,6 @@
# kubezero-cert-manager
![Version: 0.9.7](https://img.shields.io/badge/Version-0.9.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.9.8](https://img.shields.io/badge/Version-0.9.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager
@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version |
|------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://charts.jetstack.io | cert-manager | v1.14.4 |
| https://charts.jetstack.io | cert-manager | v1.15.1 |
## AWS - OIDC IAM roles
@ -37,6 +37,7 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
| cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
| cert-manager.cainjector.tolerations[0].effect | string | `"NoSchedule"` | |
| cert-manager.cainjector.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
| cert-manager.crds.enabled | bool | `true` | |
| cert-manager.enableCertificateOwnerRef | bool | `true` | |
| cert-manager.enabled | bool | `true` | |
| cert-manager.extraArgs[0] | string | `"--logging-format=json"` | |

View File

@ -18,8 +18,8 @@
"subdir": "contrib/mixin"
}
},
"version": "5a53a708d8ab9ef936ac5b8062ffc66c77a2c18f",
"sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU="
"version": "010d462c0ff03a70f5c5fd32efbb76ad4c1e7c81",
"sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
},
{
"source": {
@ -58,8 +58,8 @@
"subdir": "gen/grafonnet-latest"
}
},
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
"sum": "GxEO83uxgsDclLp/fmlUJZDbSGpeUZY6Ap3G2cgdL1g="
"version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a",
"sum": "eyuJ0jOXeA4MrobbNgU4/v5a7ASDHslHZ0eS6hDdWoI="
},
{
"source": {
@ -68,18 +68,18 @@
"subdir": "gen/grafonnet-v10.0.0"
}
},
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
"sum": "W7sLuAvMSJPkC7Oo31t45Nz/cUdJV7jzNSJTd3F1daM="
"version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a",
"sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0="
},
{
"source": {
"git": {
"remote": "https://github.com/grafana/grafonnet.git",
"subdir": "gen/grafonnet-v10.4.0"
"subdir": "gen/grafonnet-v11.0.0"
}
},
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
"sum": "ZSmDT7i/qU9P8ggmuPuJT+jonq1ZEsBRCXycW/H5L/A="
"version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a",
"sum": "Fuo+qTZZzF+sHDBWX/8fkPsUmwW6qhH8hRVz45HznfI="
},
{
"source": {
@ -88,8 +88,8 @@
"subdir": "grafana-builder"
}
},
"version": "7561fd330312538d22b00e0c7caecb4ba66321ea",
"sum": "+z5VY+bPBNqXcmNAV8xbJcbsRA+pro1R3IM7aIY8OlU="
"version": "1d877bb0651ef92176f651d0be473c06e372a8a0",
"sum": "udZaafkbKYMGodLqsFhEe+Oy/St2p0edrK7hiMPEey0="
},
{
"source": {
@ -98,8 +98,8 @@
"subdir": ""
}
},
"version": "72a094ff162bbd93921803994241d73900592c9a",
"sum": "h+YvBTXL5A02165i3yt3SxSAbFftChtXYJ0nYFnOAqo="
"version": "b6a425db5c72b0159e3b8666b373e21bf487df9a",
"sum": "6KgWSzBFX09sycxfM3mYsY9Ua16ydCVpyFGYS0ZkpIo="
},
{
"source": {
@ -118,8 +118,8 @@
"subdir": ""
}
},
"version": "fc2e57a8839902ed4ba6cab5a99d642500f7102b",
"sum": "43waffw1QzvpY4rKcWoo3L7Vpee+DCYexwLDd5cPG0M="
"version": "63d430b69a95741061c2f7fc9d84b1a778511d9c",
"sum": "qiZi3axUSXCVzKUF83zSAxklwrnitMmrDK4XAfjPMdE="
},
{
"source": {
@ -128,8 +128,8 @@
"subdir": ""
}
},
"version": "a1c276d7a46c4b06fa5d8b4a64441939d398efe5",
"sum": "b/mEai1MvVnZ22YvZlXEO4jWDZledrtJg8eOS1ZUj0M="
"version": "3dfa72d1d1ab31a686b1f52ec28bbf77c972bd23",
"sum": "7ufhpvzoDqAYLrfAsGkTAIRmu2yWQkmHukTE//jOsJU="
},
{
"source": {
@ -138,8 +138,8 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
"sum": "msMZyUvcebzRILLzNlTIiSOwa1XgQKtP7jbZTkiqwM0="
"version": "7104d579e93d672754c018a924d6c3f7ec23874e",
"sum": "pvInhJNQVDOcC3NGWRMKRIP954mAvLXCQpTlafIg7fA="
},
{
"source": {
@ -148,7 +148,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
"version": "7104d579e93d672754c018a924d6c3f7ec23874e",
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
},
{
@ -158,8 +158,8 @@
"subdir": "jsonnet/kube-prometheus"
}
},
"version": "76f2e1ef95be0df752037baa040781c5219e1fb3",
"sum": "IgpAgyyBZ7VT2vr9kSYQP/lkZUNQnbqpGh2sYCtUKs0="
"version": "defa2bd1e242519c62a5c2b3b786b1caa6d906d4",
"sum": "INKeZ+QIIPImq+TrfHT8CpYdoRzzxRk0txG07XlOo/Q="
},
{
"source": {
@ -168,7 +168,7 @@
"subdir": "jsonnet/mixin"
}
},
"version": "71d9433ba612f4b826ffa38520b23a7985b50db3",
"version": "609424db53853b992277b7a9a0e5cf59f4cc24f3",
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
"name": "prometheus-operator-mixin"
},
@ -179,8 +179,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "71d9433ba612f4b826ffa38520b23a7985b50db3",
"sum": "S4LFa0h1AzANixqGMowtwVswVP+y6f+fXloxpO7hMes="
"version": "609424db53853b992277b7a9a0e5cf59f4cc24f3",
"sum": "z2/5LjQpWC7snhT+n/mtQqoy5986uI95sTqcKQziwGU="
},
{
"source": {
@ -189,7 +189,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
"version": "14cbe6301c732658d6fe877ec55ad5b738abcf06",
"version": "eb8369ec510d76f63901379a8437c4b55885d6c5",
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
"name": "alertmanager"
},
@ -200,8 +200,8 @@
"subdir": "docs/node-mixin"
}
},
"version": "3accd4cf8286e69d70516abdced6bf186274322a",
"sum": "vWhHvFqV7+fxrQddTeGVKi1e4EzB3VWtNyD8TjSmevY="
"version": "b9d0932179a0c5b3a8863f3d6cdafe8584cedc8e",
"sum": "rhUvbqviGjQ2mwsRhHKMN0TiS3YvnYpUXHew3XlQ+Wg="
},
{
"source": {
@ -210,8 +210,8 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "773170f372e0a57949854b74231ee3e09185f728",
"sum": "u/Fpz2MPkezy71/q+c7mF0vc3hE9fWt2W/YbvF0LP/8=",
"version": "ac85bd47e1cfa0d63520e4c0b4e26900c42c326b",
"sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
"name": "prometheus"
},
{
@ -232,7 +232,7 @@
"subdir": "mixin"
}
},
"version": "93c79b61825ec00889188e35a58635eee247bc36",
"version": "35c0dbec856f97683a846e9c53f83156a3a44ff3",
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
"name": "thanos-mixin"
}

View File

@ -19,6 +19,9 @@ localCA:
cert-manager:
enabled: true
crds:
enabled: true
global:
leaderElection:
namespace: "cert-manager"

View File

@ -1,6 +1,6 @@
# kubezero-metrics
![Version: 0.9.8](https://img.shields.io/badge/Version-0.9.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.9.9](https://img.shields.io/badge/Version-0.9.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations.
@ -19,9 +19,9 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version |
|------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 58.0.0 |
| https://prometheus-community.github.io/helm-charts | kube-prometheus-stack | 58.7.2 |
| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 4.10.0 |
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.10.0 |
| https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.14.0 |
## Values

View File

@ -7,7 +7,7 @@ annotations:
url: https://github.com/prometheus-operator/kube-prometheus
artifacthub.io/operator: "true"
apiVersion: v2
appVersion: v0.73.0
appVersion: v0.73.2
dependencies:
- condition: crds.enabled
name: crds
@ -16,11 +16,11 @@ dependencies:
- condition: kubeStateMetrics.enabled
name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 5.18.*
version: 5.19.*
- condition: nodeExporter.enabled
name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 4.32.*
version: 4.34.*
- condition: grafana.enabled
name: grafana
repository: https://grafana.github.io/helm-charts
@ -62,4 +62,4 @@ sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 58.0.0
version: 58.7.2

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: alertmanagerconfigs.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: alertmanagers.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: podmonitors.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: probes.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: prometheusagents.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: prometheuses.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: prometheusrules.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: scrapeconfigs.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: servicemonitors.monitoring.coreos.com
spec:

View File

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.73.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
operator.prometheus.io/version: 0.73.0
operator.prometheus.io/version: 0.73.2
argocd.argoproj.io/sync-options: ServerSideApply=true
name: thanosrulers.monitoring.coreos.com
spec:

View File

@ -6,7 +6,7 @@ annotations:
- name: Upstream Project
url: https://github.com/grafana/grafana
apiVersion: v2
appVersion: 10.4.0
appVersion: 10.4.1
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.com
icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116
@ -30,4 +30,4 @@ sources:
- https://github.com/grafana/grafana
- https://github.com/grafana/helm-charts
type: application
version: 7.3.7
version: 7.3.11

View File

@ -145,12 +145,10 @@ Return the appropriate apiVersion for ingress.
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
*/}}
{{- define "grafana.hpa.apiVersion" -}}
{{- if $.Capabilities.APIVersions.Has "autoscaling/v2/HorizontalPodAutoscaler" }}
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
{{- print "autoscaling/v2" }}
{{- else if $.Capabilities.APIVersions.Has "autoscaling/v2beta2/HorizontalPodAutoscaler" }}
{{- print "autoscaling/v2beta2" }}
{{- else }}
{{- print "autoscaling/v2beta1" }}
{{- print "autoscaling/v2beta2" }}
{{- end }}
{{- end }}

View File

@ -25,6 +25,9 @@ spec:
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }}
volumeName: {{ (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)).spec.volumeName }}
{{- end }}
{{- with .Values.persistence.storageClassName }}
storageClassName: {{ . }}
{{- end }}

View File

@ -41,6 +41,10 @@ spec:
- mountPath: /tests
name: tests
readOnly: true
{{- with .Values.testFramework.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: tests
configMap:

View File

@ -121,6 +121,13 @@ testFramework:
tag: "v1.4.1"
imagePullPolicy: IfNotPresent
securityContext: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# dns configuration for pod
dnsPolicy: ~

View File

@ -23,4 +23,4 @@ name: kube-state-metrics
sources:
- https://github.com/kubernetes/kube-state-metrics/
type: application
version: 5.18.1
version: 5.19.0

View File

@ -14,6 +14,10 @@ metadata:
{{- end }}
spec:
type: "{{ .Values.service.type }}"
{{- if .Values.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: "http"
protocol: TCP

View File

@ -56,6 +56,10 @@ service:
port: 8080
# Default to clusterIP for backward compatibility
type: ClusterIP
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
nodePort: 0
loadBalancerIP: ""
# Only allow access to the loadBalancerIP from these IPs

View File

@ -4,7 +4,7 @@ annotations:
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
apiVersion: v2
appVersion: 1.7.0
appVersion: 1.8.0
description: A Helm chart for prometheus node-exporter
home: https://github.com/prometheus/node_exporter/
keywords:
@ -22,4 +22,4 @@ name: prometheus-node-exporter
sources:
- https://github.com/prometheus/node_exporter/
type: application
version: 4.32.0
version: 4.34.0

View File

@ -14,6 +14,9 @@ spec:
{{- if .Values.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
type: {{ .Values.service.type }}
ports:

View File

@ -98,6 +98,7 @@ service:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
externalTrafficPolicy: ""
# Set a NetworkPolicy with:
# ingress only on service.port

View File

@ -57,9 +57,14 @@ The longest name that gets created adds and extra 37 characters, so truncation s
{{- end }}
{{- end }}
{{/* Fullname suffixed with thanos-ruler */}}
{{- define "kube-prometheus-stack.thanosRuler.fullname" -}}
{{- printf "%s-thanos-ruler" (include "kube-prometheus-stack.fullname" .) -}}
{{/* ThanosRuler custom resource instance name */}}
{{/* Subtracting 1 from 26 truncation of kube-prometheus-stack.fullname */}}
{{- define "kube-prometheus-stack.thanosRuler.crname" -}}
{{- if .Values.cleanPrometheusOperatorObjectNames }}
{{- include "kube-prometheus-stack.fullname" . }}
{{- else }}
{{- print (include "kube-prometheus-stack.fullname" . | trunc 25 | trimSuffix "-") "-thanos-ruler" -}}
{{- end }}
{{- end }}
{{/* Shortened name suffixed with thanos-ruler */}}

View File

@ -23,7 +23,7 @@ spec:
{{- else }}
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}"
{{- end }}
version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }}
version: {{ default .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.version }}
{{- if .Values.alertmanager.alertmanagerSpec.image.sha }}
sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }}
{{- end }}

View File

@ -65,4 +65,8 @@ spec:
timeoutSeconds: {{ .Values.alertmanager.service.sessionAffinityConfig.clientIP.timeoutSeconds }}
{{- end }}
type: "{{ .Values.alertmanager.service.type }}"
{{- if .Values.alertmanager.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.alertmanager.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.alertmanager.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- end }}

View File

@ -10,6 +10,10 @@ metadata:
namespace: kube-system
spec:
clusterIP: None
{{- if .Values.coreDns.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.coreDns.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.coreDns.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: {{ .Values.coreDns.serviceMonitor.port }}
port: {{ .Values.coreDns.service.port }}

View File

@ -10,6 +10,10 @@ metadata:
namespace: kube-system
spec:
clusterIP: None
{{- if .Values.kubeControllerManager.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.kubeControllerManager.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.kubeControllerManager.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }}

View File

@ -10,6 +10,10 @@ metadata:
namespace: kube-system
spec:
clusterIP: None
{{- if .Values.kubeDns.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.kubeDns.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.kubeDns.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: http-metrics-dnsmasq
port: {{ .Values.kubeDns.service.dnsmasq.port }}

View File

@ -10,6 +10,10 @@ metadata:
namespace: kube-system
spec:
clusterIP: None
{{- if .Values.kubeEtcd.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.kubeEtcd.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.kubeEtcd.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: {{ .Values.kubeEtcd.serviceMonitor.port }}
port: {{ .Values.kubeEtcd.service.port }}

View File

@ -10,6 +10,10 @@ metadata:
namespace: kube-system
spec:
clusterIP: None
{{- if .Values.kubeProxy.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.kubeProxy.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.kubeProxy.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: {{ .Values.kubeProxy.serviceMonitor.port }}
port: {{ .Values.kubeProxy.service.port }}

View File

@ -10,6 +10,10 @@ metadata:
namespace: kube-system
spec:
clusterIP: None
{{- if .Values.kubeScheduler.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.kubeScheduler.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.kubeScheduler.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
ports:
- name: {{ .Values.kubeScheduler.serviceMonitor.port }}
{{- $kubeSchedulerDefaultInsecurePort := 10251 }}

View File

@ -35,7 +35,7 @@ spec:
{{- end }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}

View File

@ -22,7 +22,7 @@ data:
datasources:
{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }}
{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }}
- name: Prometheus
- name: {{ .Values.grafana.sidecar.datasources.name }}
type: prometheus
uid: {{ .Values.grafana.sidecar.datasources.uid }}
{{- if .Values.grafana.sidecar.datasources.url }}
@ -45,7 +45,7 @@ data:
{{- end }}
{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }}
{{- range until (int .Values.prometheus.prometheusSpec.replicas) }}
- name: Prometheus-{{ . }}
- name: {{ .Values.grafana.sidecar.datasources.name }}-{{ . }}
type: prometheus
uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }}
url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }}
@ -61,7 +61,7 @@ data:
{{- end }}
{{- end }}
{{- if .Values.grafana.sidecar.datasources.alertmanager.enabled }}
- name: Alertmanager
- name: {{ .Values.grafana.sidecar.datasources.alertmanager.name }}
type: alertmanager
uid: {{ .Values.grafana.sidecar.datasources.alertmanager.uid }}
{{- if .Values.grafana.sidecar.datasources.alertmanager.url }}

View File

@ -1,5 +1,5 @@
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget -}}
apiVersion: policy/v1{{ ternary "" "beta1" ($.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") }}
apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook

View File

@ -18,6 +18,10 @@ spec:
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
clusterIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs }}
externalIPs:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs | indent 4 }}

View File

@ -14,10 +14,7 @@ metadata:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }}
template:
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create

View File

@ -14,10 +14,7 @@ metadata:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }}
template:
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch

View File

@ -1,4 +1,4 @@
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: v1
kind: ServiceAccount
metadata:
@ -10,6 +10,7 @@ metadata:
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}

View File

@ -74,4 +74,8 @@ webhooks:
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -74,4 +74,8 @@ webhooks:
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -59,6 +59,9 @@ spec:
args:
{{- if .Values.prometheusOperator.kubeletService.enabled }}
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ default $defaultKubeletSvcName .Values.prometheusOperator.kubeletService.name }}
{{- if .Values.prometheusOperator.kubeletService.selector }}
- --kubelet-selector={{ .Values.prometheusOperator.kubeletService.selector }}
{{- end }}
{{- end }}
{{- if .Values.prometheusOperator.logFormat }}
- --log-format={{ .Values.prometheusOperator.logFormat }}

View File

@ -17,6 +17,10 @@ spec:
{{- if .Values.prometheusOperator.service.clusterIP }}
clusterIP: {{ .Values.prometheusOperator.service.clusterIP }}
{{- end }}
{{- if .Values.prometheusOperator.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.prometheusOperator.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.prometheusOperator.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if .Values.prometheusOperator.service.externalIPs }}
externalIPs:
{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }}

View File

@ -103,7 +103,7 @@ spec:
{{- end }}
{{- if and (not .Values.prometheus.agentMode) .Values.prometheus.prometheusSpec.exemplars }}
exemplars:
{{ toYaml .Values.prometheus.prometheusSpec.exemplars | indent 4 }}
{{- toYaml .Values.prometheus.prometheusSpec.exemplars | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.enableFeatures }}
enableFeatures:

View File

@ -20,6 +20,10 @@ spec:
{{- if .Values.prometheus.service.clusterIP }}
clusterIP: {{ .Values.prometheus.service.clusterIP }}
{{- end }}
{{- if .Values.prometheus.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.prometheus.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.prometheus.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if .Values.prometheus.service.externalIPs }}
externalIPs:
{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }}

View File

@ -17,6 +17,10 @@ metadata:
spec:
type: {{ .Values.prometheus.thanosService.type }}
clusterIP: {{ .Values.prometheus.thanosService.clusterIP }}
{{- if .Values.prometheus.thanosService.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.prometheus.thanosService.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.prometheus.thanosService.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if ne .Values.prometheus.thanosService.type "ClusterIP" }}
externalTrafficPolicy: {{ .Values.prometheus.thanosService.externalTrafficPolicy }}
{{- end }}

View File

@ -24,6 +24,10 @@ items:
{{- if $serviceValues.clusterIP }}
clusterIP: {{ $serviceValues.clusterIP }}
{{- end }}
{{- if $serviceValues.ipDualStack.enabled }}
ipFamilies: {{ toYaml $serviceValues.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ $serviceValues.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if $serviceValues.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}

View File

@ -17,5 +17,5 @@ spec:
selector:
matchLabels:
app.kubernetes.io/name: thanos-ruler
thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.name" . }}
thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.crname" . }}
{{- end }}

View File

@ -2,7 +2,7 @@
apiVersion: monitoring.coreos.com/v1
kind: ThanosRuler
metadata:
name: {{ template "kube-prometheus-stack.thanosRuler.name" . }}
name: {{ template "kube-prometheus-stack.thanosRuler.crname" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ include "kube-prometheus-stack.thanosRuler.name" . }}
@ -34,12 +34,12 @@ spec:
externalPrefix: "{{ tpl .Values.thanosRuler.thanosRulerSpec.externalPrefix . }}"
{{- else if and .Values.thanosRuler.ingress.enabled .Values.thanosRuler.ingress.hosts }}
externalPrefix: "http://{{ tpl (index .Values.thanosRuler.ingress.hosts 0) . }}{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}"
{{- else }}
externalPrefix: http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}
{{- else if .Values.thanosRuler.thanosRulerSpec.externalPrefixNilUsesHelmValues }}
externalPrefix: "http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}"
{{- end }}
{{- if .Values.thanosRuler.thanosRulerSpec.additionalArgs }}
additionalArgs:
{{ toYaml .Values.thanosRuler.thanosRulerSpec.additionalArgs | indent 4 }}
{{ tpl (toYaml .Values.thanosRuler.thanosRulerSpec.additionalArgs) $ | indent 4 }}
{{- end }}
{{- if .Values.thanosRuler.thanosRulerSpec.nodeSelector }}
nodeSelector:
@ -123,7 +123,7 @@ spec:
{{- end }}
{{- if .Values.thanosRuler.thanosRulerSpec.labels }}
labels:
{{ toYaml .Values.thanosRuler.thanosRulerSpec.labels | indent 4 }}
{{ tpl (toYaml .Values.thanosRuler.thanosRulerSpec.labels) $ | indent 4 }}
{{- end }}
{{- if .Values.thanosRuler.thanosRulerSpec.podMetadata }}
podMetadata:
@ -142,7 +142,7 @@ spec:
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]}
- {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.name" . }}]}
- {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.crname" . }}]}
{{- else if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
@ -152,7 +152,7 @@ spec:
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]}
- {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.name" . }}]}
- {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.thanosRuler.crname" . }}]}
{{- end }}
{{- if .Values.thanosRuler.thanosRulerSpec.tolerations }}
tolerations:
@ -185,5 +185,15 @@ spec:
volumeMounts:
{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumeMounts | indent 4 }}
{{- end }}
portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }}
{{- if .Values.thanosRuler.thanosRulerSpec.alertDropLabels }}
alertDropLabels:
{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertDropLabels | indent 4 }}
{{- end }}
portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }}
{{- with .Values.thanosRuler.thanosRulerSpec.additionalConfig }}
{{- tpl (toYaml .) $ | nindent 2 }}
{{- end }}
{{- with .Values.thanosRuler.thanosRulerSpec.additionalConfigString }}
{{- tpl . $ | nindent 2 }}
{{- end }}
{{- end }}

View File

@ -19,6 +19,10 @@ spec:
{{- if .Values.thanosRuler.service.clusterIP }}
clusterIP: {{ .Values.thanosRuler.service.clusterIP }}
{{- end }}
{{- if .Values.thanosRuler.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.thanosRuler.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.thanosRuler.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
{{- if .Values.thanosRuler.service.externalIPs }}
externalIPs:
{{ toYaml .Values.thanosRuler.service.externalIPs | indent 4 }}
@ -48,6 +52,6 @@ spec:
{{- end }}
selector:
app.kubernetes.io/name: thanos-ruler
thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.name" . }}
thanos-ruler: {{ template "kube-prometheus-stack.thanosRuler.crname" . }}
type: "{{ .Values.thanosRuler.service.type }}"
{{- end }}

View File

@ -476,6 +476,10 @@ alertmanager:
annotations: {}
labels: {}
clusterIP: ""
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## Port for Alertmanager Service to listen on
##
@ -1052,6 +1056,7 @@ grafana:
defaultDatasourceEnabled: true
isDefaultDatasource: true
name: Prometheus
uid: prometheus
## URL of prometheus datasource
@ -1086,6 +1091,7 @@ grafana:
# traceIdLabelName: trace_id
alertmanager:
enabled: true
name: Alertmanager
uid: alertmanager
handleGrafanaManagedAlerts: false
implementation: prometheus
@ -1286,6 +1292,12 @@ kubelet:
##
https: true
## Skip TLS certificate validation when scraping.
## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed
## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs
##
insecureSkipVerify: true
## Enable scraping /metrics/cadvisor from kubelet's service
##
cAdvisor: true
@ -1454,6 +1466,10 @@ kubeControllerManager:
##
port: null
targetPort: null
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# selector:
# component: kube-controller-manager
@ -1540,6 +1556,11 @@ coreDns:
enabled: true
port: 9153
targetPort: 9153
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# selector:
# k8s-app: kube-dns
serviceMonitor:
@ -1616,6 +1637,10 @@ kubeDns:
skydns:
port: 10055
targetPort: 10055
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# selector:
# k8s-app: kube-dns
serviceMonitor:
@ -1713,6 +1738,10 @@ kubeEtcd:
enabled: true
port: 2381
targetPort: 2381
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# selector:
# component: etcd
@ -1817,6 +1846,10 @@ kubeScheduler:
##
port: null
targetPort: null
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# selector:
# component: kube-scheduler
@ -1910,6 +1943,10 @@ kubeProxy:
enabled: true
port: 10249
targetPort: 10249
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# selector:
# k8s-app: kube-proxy
@ -2080,6 +2117,10 @@ prometheus-node-exporter:
- --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
service:
portName: http-metrics
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
prometheus:
monitor:
enabled: true
@ -2189,6 +2230,8 @@ prometheusOperator:
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
namespaceSelector: {}
objectSelector: {}
deployment:
enabled: false
@ -2233,6 +2276,10 @@ prometheusOperator:
annotations: {}
labels: {}
clusterIP: ""
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## Port to expose on each node
## Only used if service.type is 'NodePort'
@ -2416,6 +2463,7 @@ prometheusOperator:
## Provide a priority class name to the webhook patching job
##
priorityClassName: ""
ttlSecondsAfterFinished: 60
annotations: {}
# argocd.argoproj.io/hook: PreSync
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
@ -2434,6 +2482,12 @@ prometheusOperator:
runAsUser: 2000
seccompProfile:
type: RuntimeDefault
## Service account for Prometheus Operator Webhook Job Patch to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
create: true
automountServiceAccountToken: true
# Security context for create job container
createSecretJob:
@ -2521,6 +2575,10 @@ prometheusOperator:
annotations: {}
labels: {}
clusterIP: ""
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## Port to expose on each node
## Only used if service.type is 'NodePort'
@ -2586,6 +2644,7 @@ prometheusOperator:
##
enabled: true
namespace: kube-system
selector: ""
## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default
name: ""
@ -2803,7 +2862,7 @@ prometheusOperator:
thanosImage:
registry: quay.io
repository: thanos/thanos
tag: v0.34.1
tag: v0.35.0
sha: ""
## Set a Label Selector to filter watched prometheus and prometheusAgent
@ -2898,6 +2957,13 @@ prometheus:
##
type: ClusterIP
## Service dual stack
##
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## gRPC port config
portName: grpc
port: 10901
@ -2980,6 +3046,10 @@ prometheus:
annotations: {}
labels: {}
clusterIP: ""
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## Port for Prometheus Service to listen on
##
@ -3072,6 +3142,13 @@ prometheus:
##
type: ClusterIP
## Service dual stack
##
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## Configure pod disruption budgets for Prometheus
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
##
@ -3350,7 +3427,7 @@ prometheus:
image:
registry: quay.io
repository: prometheus/prometheus
tag: v2.51.1
tag: v2.52.0
sha: ""
## Tolerations for use with node taints
@ -4217,6 +4294,10 @@ thanosRuler:
annotations: {}
labels: {}
clusterIP: ""
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
## Port for ThanosRuler Service to listen on
##
@ -4334,7 +4415,7 @@ thanosRuler:
image:
registry: quay.io
repository: thanos/thanos
tag: v0.34.1
tag: v0.35.0
sha: ""
## Namespaces to be selected for PrometheusRules discovery.
@ -4431,6 +4512,10 @@ thanosRuler:
##
externalPrefix:
## If true, http://{{ template "kube-prometheus-stack.thanosRuler.name" . }}.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }}
## will be used as value for externalPrefix
externalPrefixNilUsesHelmValues: true
## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
##
@ -4453,6 +4538,10 @@ thanosRuler:
# access_key: ""
# secret_key: ""
## Labels by name to drop before sending to alertmanager
## Maps to the --alert.label-drop flag of thanos ruler.
alertDropLabels: []
## QueryEndpoints defines Thanos querier endpoints from which to query metrics.
## Maps to the --query flag of thanos ruler.
queryEndpoints: []
@ -4593,6 +4682,13 @@ thanosRuler:
##
portName: "web"
## Additional configuration which is not covered by the properties above. (passed through tpl)
additionalConfig: {}
## Additional configuration which is not covered by the properties above.
## Useful, if you need advanced templating
additionalConfigString: ""
## ExtraSecret can be used to store various data in an extra secret
## (use it for example to store hashed basic auth credentials)
extraSecret:

View File

@ -17,7 +17,7 @@
"options": {
"content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only."
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"title": "Notice",
"type": "text"
},
@ -41,7 +41,7 @@
},
"id": 2,
"interval": "1m",
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -87,7 +87,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -121,7 +121,7 @@
},
"id": 4,
"interval": "1m",
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -219,7 +219,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -263,7 +263,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -306,7 +306,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -340,7 +340,7 @@
},
"id": 8,
"interval": "1m",
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -438,7 +438,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -482,7 +482,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -525,7 +525,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -568,7 +568,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -611,7 +611,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -657,7 +657,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -699,7 +699,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -742,7 +742,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -784,7 +784,7 @@
"mode": "single"
}
},
"pluginVersion": "v10.4.0",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
@ -800,7 +800,7 @@
}
],
"refresh": "10s",
"schemaVersion": 36,
"schemaVersion": 39,
"tags": [
"kubernetes"
],

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,376 +1,233 @@
{
"__inputs": [ ],
"__requires": [ ],
"annotations": {
"list": [ ]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [ ],
"refresh": "10s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": { },
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": { },
"id": 2,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"max": true,
"min": true,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": true
"datasource": {
"type": "datasource",
"uid": "-- Mixed --"
},
"lines": true,
"linewidth": 1,
"links": [ ],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [ ],
"spaceLength": 10,
"span": 9,
"stack": true,
"steppedLine": false,
"fieldConfig": {
"defaults": {
"custom": {
"fillOpacity": 10,
"showPoints": "never",
"spanNulls": true
},
"unit": "bytes"
}
},
"gridPos": {
"h": 7,
"w": 18,
"y": 0
},
"id": 1,
"interval": "1m",
"options": {
"legend": {
"asTable": true,
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Used Space",
"refId": "A"
"legendFormat": "Used Space"
},
{
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Free Space",
"refId": "B"
"legendFormat": "Free Space"
}
],
"thresholds": [ ],
"timeFrom": null,
"timeShift": null,
"title": "Volume Space Usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [ ]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
"type": "timeseries"
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"datasource": {
"type": "datasource",
"uid": "-- Mixed --"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"max": 100,
"min": 0,
"show": true
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "orange",
"value": 80
},
{
"color": "red",
"value": 90
}
]
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "$datasource",
"format": "percent",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": true,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": { },
"id": 3,
"interval": null,
"links": [ ],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
"unit": "percent"
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 0
},
"id": 2,
"interval": "1m",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
"instant": true
}
],
"thresholds": "80, 90",
"title": "Volume Space Usage",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
"type": "gauge"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": { },
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": { },
"id": 4,
"datasource": {
"type": "datasource",
"uid": "-- Mixed --"
},
"fieldConfig": {
"defaults": {
"custom": {
"fillOpacity": 10,
"showPoints": "never",
"spanNulls": true
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 18,
"y": 7
},
"id": 3,
"interval": "1m",
"options": {
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"max": true,
"min": true,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": true
"asTable": true,
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"lines": true,
"linewidth": 1,
"links": [ ],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [ ],
"spaceLength": 10,
"span": 9,
"stack": true,
"steppedLine": false,
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "v11.0.0",
"targets": [
{
"expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Used inodes",
"refId": "A"
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))",
"legendFormat": "Used inodes"
},
{
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": " Free inodes",
"refId": "B"
"legendFormat": "Free inodes"
}
],
"thresholds": [ ],
"timeFrom": null,
"timeShift": null,
"title": "Volume inodes Usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [ ]
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
"type": "timeseries"
},
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"datasource": {
"type": "datasource",
"uid": "-- Mixed --"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"max": 100,
"min": 0,
"show": true
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "orange",
"value": 80
},
{
"color": "red",
"value": 90
}
]
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "$datasource",
"format": "percent",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": true,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": { },
"id": 5,
"interval": null,
"links": [ ],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
"unit": "percent"
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 7
},
"id": 4,
"interval": "1m",
"pluginVersion": "v11.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
"instant": true
}
],
"thresholds": "80, 90",
"title": "Volume inodes Usage",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
"type": "gauge"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"refresh": "10s",
"schemaVersion": 39,
"tags": [
"kubernetes"
],
@ -385,105 +242,56 @@
"hide": 0,
"label": "Data source",
"name": "datasource",
"options": [ ],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": { },
"datasource": "$datasource",
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"hide": 2,
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [ ],
"query": "label_values(kubelet_volume_stats_capacity_bytes{job=\"kubelet\"}, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [ ],
"tagsQuery": "",
"type": "query",
"useTags": false
"type": "query"
},
{
"allValue": null,
"current": { },
"datasource": "$datasource",
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"hide": 0,
"includeAll": false,
"label": "Namespace",
"multi": false,
"name": "namespace",
"options": [ ],
"query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [ ],
"tagsQuery": "",
"type": "query",
"useTags": false
"type": "query"
},
{
"allValue": null,
"current": { },
"datasource": "$datasource",
"datasource": {
"type": "prometheus",
"uid": "${datasource}"
},
"hide": 0,
"includeAll": false,
"label": "PersistentVolumeClaim",
"multi": false,
"name": "volume",
"options": [ ],
"query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\"}, persistentvolumeclaim)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [ ],
"tagsQuery": "",
"type": "query",
"useTags": false
"type": "query"
}
]
},
"time": {
"from": "now-7d",
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Persistent Volumes",
"uid": "919b92a8e8041bd567af9edab12c840c",
"version": 0
"uid": "919b92a8e8041bd567af9edab12c840c"
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -18,8 +18,8 @@
"subdir": "contrib/mixin"
}
},
"version": "65ac859a1b613a3b1b509cd80400f9fcbeae97d6",
"sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU="
"version": "010d462c0ff03a70f5c5fd32efbb76ad4c1e7c81",
"sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws="
},
{
"source": {
@ -58,8 +58,8 @@
"subdir": "gen/grafonnet-latest"
}
},
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
"sum": "GxEO83uxgsDclLp/fmlUJZDbSGpeUZY6Ap3G2cgdL1g="
"version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a",
"sum": "eyuJ0jOXeA4MrobbNgU4/v5a7ASDHslHZ0eS6hDdWoI="
},
{
"source": {
@ -68,18 +68,18 @@
"subdir": "gen/grafonnet-v10.0.0"
}
},
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
"sum": "W7sLuAvMSJPkC7Oo31t45Nz/cUdJV7jzNSJTd3F1daM="
"version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a",
"sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0="
},
{
"source": {
"git": {
"remote": "https://github.com/grafana/grafonnet.git",
"subdir": "gen/grafonnet-v10.4.0"
"subdir": "gen/grafonnet-v11.0.0"
}
},
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
"sum": "ZSmDT7i/qU9P8ggmuPuJT+jonq1ZEsBRCXycW/H5L/A="
"version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a",
"sum": "Fuo+qTZZzF+sHDBWX/8fkPsUmwW6qhH8hRVz45HznfI="
},
{
"source": {
@ -88,8 +88,8 @@
"subdir": "grafana-builder"
}
},
"version": "b5e3f0ecb726452a92f68c5eeb983c9d972cb051",
"sum": "+z5VY+bPBNqXcmNAV8xbJcbsRA+pro1R3IM7aIY8OlU="
"version": "1d877bb0651ef92176f651d0be473c06e372a8a0",
"sum": "udZaafkbKYMGodLqsFhEe+Oy/St2p0edrK7hiMPEey0="
},
{
"source": {
@ -118,8 +118,8 @@
"subdir": ""
}
},
"version": "b247371d1780f530587a8d9dd04ccb19ea970ba0",
"sum": "7M2QHK3WhOc1xT7T7KhL9iKsCYTfsIXpmcItffAcbL0="
"version": "3dfa72d1d1ab31a686b1f52ec28bbf77c972bd23",
"sum": "7ufhpvzoDqAYLrfAsGkTAIRmu2yWQkmHukTE//jOsJU="
},
{
"source": {
@ -128,8 +128,8 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
"version": "9e855147a20f2539b0b8c3ea1aa7cd761c104797",
"sum": "msMZyUvcebzRILLzNlTIiSOwa1XgQKtP7jbZTkiqwM0="
"version": "7104d579e93d672754c018a924d6c3f7ec23874e",
"sum": "pvInhJNQVDOcC3NGWRMKRIP954mAvLXCQpTlafIg7fA="
},
{
"source": {
@ -138,7 +138,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
"version": "9e855147a20f2539b0b8c3ea1aa7cd761c104797",
"version": "7104d579e93d672754c018a924d6c3f7ec23874e",
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
},
{
@ -148,8 +148,8 @@
"subdir": "jsonnet/kube-prometheus"
}
},
"version": "76f2e1ef95be0df752037baa040781c5219e1fb3",
"sum": "IgpAgyyBZ7VT2vr9kSYQP/lkZUNQnbqpGh2sYCtUKs0="
"version": "defa2bd1e242519c62a5c2b3b786b1caa6d906d4",
"sum": "INKeZ+QIIPImq+TrfHT8CpYdoRzzxRk0txG07XlOo/Q="
},
{
"source": {
@ -158,7 +158,7 @@
"subdir": "jsonnet/mixin"
}
},
"version": "06bdd34e7691d13b560cf1694561c5777216472b",
"version": "609424db53853b992277b7a9a0e5cf59f4cc24f3",
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
"name": "prometheus-operator-mixin"
},
@ -169,8 +169,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "06bdd34e7691d13b560cf1694561c5777216472b",
"sum": "uZ0NldrHp01uGnOYEKB+Nq8W97bkf4EfMP9ePWIG+wk="
"version": "609424db53853b992277b7a9a0e5cf59f4cc24f3",
"sum": "z2/5LjQpWC7snhT+n/mtQqoy5986uI95sTqcKQziwGU="
},
{
"source": {
@ -179,7 +179,7 @@
"subdir": "doc/alertmanager-mixin"
}
},
"version": "14cbe6301c732658d6fe877ec55ad5b738abcf06",
"version": "eb8369ec510d76f63901379a8437c4b55885d6c5",
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
"name": "alertmanager"
},
@ -190,8 +190,8 @@
"subdir": "docs/node-mixin"
}
},
"version": "b6227af54b20d147463e1672a3e8bfca47fa10ee",
"sum": "vWhHvFqV7+fxrQddTeGVKi1e4EzB3VWtNyD8TjSmevY="
"version": "b9d0932179a0c5b3a8863f3d6cdafe8584cedc8e",
"sum": "rhUvbqviGjQ2mwsRhHKMN0TiS3YvnYpUXHew3XlQ+Wg="
},
{
"source": {
@ -200,8 +200,8 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "633224886a1c975dd3a8a8308a0b1d630048a21c",
"sum": "u/Fpz2MPkezy71/q+c7mF0vc3hE9fWt2W/YbvF0LP/8=",
"version": "ac85bd47e1cfa0d63520e4c0b4e26900c42c326b",
"sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=",
"name": "prometheus"
},
{
@ -222,7 +222,7 @@
"subdir": "mixin"
}
},
"version": "f7853dd12cc228960e24c78c10154099a9aeaec8",
"version": "35c0dbec856f97683a846e9c53f83156a3a44ff3",
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
"name": "thanos-mixin"
}

View File

@ -6,7 +6,7 @@
"app.kubernetes.io/component": "exporter",
"app.kubernetes.io/name": "kube-state-metrics",
"app.kubernetes.io/part-of": "kube-prometheus",
"app.kubernetes.io/version": "2.11.0",
"app.kubernetes.io/version": "2.12.0",
"prometheus": "k8s",
"role": "alert-rules"
},

View File

@ -114,7 +114,7 @@
"runbook_url": "https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubestatefulsetupdatenotrolledout",
"summary": "StatefulSet update has not been rolled out."
},
"expr": "(\n max without (revision) (\n kube_statefulset_status_current_revision{job=\"kube-state-metrics\"}\n unless\n kube_statefulset_status_update_revision{job=\"kube-state-metrics\"}\n )\n *\n (\n kube_statefulset_replicas{job=\"kube-state-metrics\"}\n !=\n kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}\n )\n) and (\n changes(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}[5m])\n ==\n 0\n)\n",
"expr": "(\n max by(namespace, statefulset) (\n kube_statefulset_status_current_revision{job=\"kube-state-metrics\"}\n unless\n kube_statefulset_status_update_revision{job=\"kube-state-metrics\"}\n )\n *\n (\n kube_statefulset_replicas{job=\"kube-state-metrics\"}\n !=\n kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}\n )\n) and (\n changes(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}[5m])\n ==\n 0\n)\n",
"for": "15m",
"labels": {
"severity": "warning"
@ -235,7 +235,7 @@
"runbook_url": "https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuovercommit",
"summary": "Cluster has overcommitted CPU resource requests."
},
"expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{job=\"kube-state-metrics\",}) by (cluster) - (sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster) - max(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster)) > 0\nand\n(sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster) - max(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster)) > 0\n",
"expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) by (cluster) - (sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster) - max(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster)) > 0\nand\n(sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster) - max(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\"}) by (cluster)) > 0\n",
"for": "10m",
"labels": {
"severity": "warning"

View File

@ -6,7 +6,7 @@
"app.kubernetes.io/component": "exporter",
"app.kubernetes.io/name": "node-exporter",
"app.kubernetes.io/part-of": "kube-prometheus",
"app.kubernetes.io/version": "1.7.0",
"app.kubernetes.io/version": "1.8.1",
"prometheus": "k8s",
"role": "alert-rules"
},

View File

@ -6,7 +6,7 @@
"app.kubernetes.io/component": "controller",
"app.kubernetes.io/name": "prometheus-operator",
"app.kubernetes.io/part-of": "kube-prometheus",
"app.kubernetes.io/version": "0.72.0",
"app.kubernetes.io/version": "0.75.1",
"prometheus": "k8s",
"role": "alert-rules"
},

View File

@ -7,7 +7,7 @@
"app.kubernetes.io/instance": "k8s",
"app.kubernetes.io/name": "prometheus",
"app.kubernetes.io/part-of": "kube-prometheus",
"app.kubernetes.io/version": "2.50.1",
"app.kubernetes.io/version": "2.53.0",
"prometheus": "k8s",
"role": "alert-rules"
},
@ -45,6 +45,19 @@
"severity": "warning"
}
},
{
"alert": "PrometheusKubernetesListWatchFailures",
"annotations": {
"description": "Kubernetes service discovery of Prometheus {{$labels.namespace}}/{{$labels.pod}} is experiencing {{ printf \"%.0f\" $value }} failures with LIST/WATCH requests to the Kubernetes API in the last 5 minutes.",
"runbook_url": "https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheuskuberneteslistwatchfailures",
"summary": "Requests in Kubernetes SD are failing."
},
"expr": "increase(prometheus_sd_kubernetes_failures_total{job=\"prometheus-k8s\",namespace=\"monitoring\"}[5m]) > 0\n",
"for": "15m",
"labels": {
"severity": "warning"
}
},
{
"alert": "PrometheusNotificationQueueRunningFull",
"annotations": {

File diff suppressed because one or more lines are too long

View File

@ -83,7 +83,7 @@ spec:
description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubestatefulsetupdatenotrolledout
summary: StatefulSet update has not been rolled out.
expr: "(\n max without (revision) (\n kube_statefulset_status_current_revision{job=\"kube-state-metrics\"}\n unless\n kube_statefulset_status_update_revision{job=\"kube-state-metrics\"}\n )\n *\n (\n kube_statefulset_replicas{job=\"kube-state-metrics\"}\n !=\n kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}\n )\n) and (\n changes(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}[5m])\n ==\n 0\n)\n"
expr: "(\n max by(namespace, statefulset) (\n kube_statefulset_status_current_revision{job=\"kube-state-metrics\"}\n unless\n kube_statefulset_status_update_revision{job=\"kube-state-metrics\"}\n )\n *\n (\n kube_statefulset_replicas{job=\"kube-state-metrics\"}\n !=\n kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}\n )\n) and (\n changes(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\"}[5m])\n ==\n 0\n)\n"
for: 15m
labels:
severity: warning
@ -171,7 +171,7 @@ spec:
description: Cluster {{`{{`}} $labels.cluster {{`}}`}} has overcommitted CPU resource requests for Pods by {{`{{`}} $value {{`}}`}} CPU shares and cannot tolerate node failure.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuovercommit
summary: Cluster has overcommitted CPU resource requests.
expr: 'sum(namespace_cpu:kube_pod_container_resource_requests:sum{job="kube-state-metrics",}) by (cluster) - (sum(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster) - max(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster)) > 0
expr: 'sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) by (cluster) - (sum(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster) - max(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster)) > 0
and

View File

@ -35,6 +35,17 @@ spec:
for: 20m
labels:
severity: warning
- alert: PrometheusKubernetesListWatchFailures
annotations:
description: Kubernetes service discovery of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is experiencing {{`{{`}} printf "%.0f" $value {{`}}`}} failures with LIST/WATCH requests to the Kubernetes API in the last 5 minutes.
runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheuskuberneteslistwatchfailures
summary: Requests in Kubernetes SD are failing.
expr: 'increase(prometheus_sd_kubernetes_failures_total{job="prometheus-k8s",namespace="monitoring"}[5m]) > 0
'
for: 15m
labels:
severity: warning
- alert: PrometheusNotificationQueueRunningFull
annotations:
description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full.

View File

@ -28,7 +28,7 @@ dependencies:
condition: aws-ebs-csi-driver.enabled
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
- name: aws-efs-csi-driver
version: 2.5.7
version: 3.0.6
condition: aws-efs-csi-driver.enabled
repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
- name: gemini

View File

@ -1,32 +0,0 @@
diff -rtuN charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml charts/aws-efs-csi-driver/templates/controller-deployment.yaml
--- charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml 2023-08-23 11:32:48.964952023 +0000
+++ charts/aws-efs-csi-driver/templates/controller-deployment.yaml 2023-08-23 11:32:48.968285371 +0000
@@ -76,9 +76,14 @@
- name: AWS_USE_FIPS_ENDPOINT
value: "true"
{{- end }}
+ {{- if .Values.controller.extraEnv }}
+ {{- toYaml .Values.controller.extraEnv | nindent 12 }}
+ {{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
+ - name: aws-token
+ mountPath: /var/run/secrets/sts.amazonaws.com/serviceaccount/
ports:
- name: healthz
containerPort: {{ .Values.controller.healthPort }}
@@ -137,6 +142,13 @@
volumes:
- name: socket-dir
emptyDir: {}
+ - name: aws-token
+ projected:
+ sources:
+ - serviceAccountToken:
+ path: token
+ expirationSeconds: 86400
+ audience: "sts.amazonaws.com"
{{- with .Values.controller.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}

View File

@ -1,4 +1,26 @@
# Helm chart
## v2.32.0
* Bump driver version to `v1.32.0`
* Bump CSI sidecar container versions
* Add `patch` permission to `PV` to `external-provisioner` role (required by v5 and later)
* Add terminationGracePeriodSeconds as a helm parameter ([#2060](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2060), [@ElijahQuinones](https://github.com/ElijahQuinones))
* Use release namespace in ClusterRoleBinding subject namespace ([#2059](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2059), [@etutuit](https://github.com/etutuit))
* Add parameter to override node DaemonSet namespace ([#2052](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2052), [@RuStyC0der](https://github.com/RuStyC0der))
* Set RuntimeDefault as default seccompProfile in securityContext ([#2061](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2061), [@torredil](https://github.com/torredil))
* Increase default provisioner, resizer, snapshotter `retry-interval-max` ([#2057](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2057), [@AndrewSirenko](https://github.com/AndrewSirenko))
## v2.31.0
* Bump driver version to `v1.31.0`
* Expose dnsConfig in Helm Chart for Custom DNS Configuration ([#2034](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2045), [@omerap12](https://github.com/omerap12))
* Make scrape interval configurable ([#2035](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2035), [@omerap12](https://github.com/omerap12))
* Add defaultStorageClass parameter ([#2039](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2039), [@torredil](https://github.com/torredil))
* Upgrade sidecar containers ([#2041](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2041), [@torredil](https://github.com/torredil))
## v2.30.0
* Bump driver version to `v1.30.0`
* Update voluemessnapshotcontents/status RBAC ([#1991](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1991), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Upgrade dependencies ([#2016](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2016), [@torredil](https://github.com/torredil))
## v2.29.1
* Bump driver version to `v1.29.1`
* Remove `--reuse-values` deprecation warning

View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.29.1
appVersion: 1.32.0
description: A Helm chart for AWS EBS CSI Driver
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
keywords:
@ -13,4 +13,4 @@ maintainers:
name: aws-ebs-csi-driver
sources:
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
version: 2.29.1
version: 2.32.0

View File

@ -5,7 +5,7 @@ kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ printf "%s-windows" .NodeName }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
spec:
@ -40,6 +40,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.node.serviceAccount.name }}
terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriodSeconds }}
priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }}
tolerations:
{{- if .Values.node.tolerateAllTaints }}
@ -49,10 +50,21 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.node.windowsHostProcess }}
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
{{- end }}
containers:
- name: ebs-plugin
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.node.windowsHostProcess }}
command:
- "aws-ebs-csi-driver.exe"
{{- end }}
args:
- node
- --endpoint=$(CSI_ENDPOINT)
@ -66,9 +78,16 @@ spec:
{{- if .Values.node.otelTracing }}
- --enable-otel-tracing=true
{{- end}}
{{- if .Values.node.windowsHostProcess }}
- --windows-host-process=true
{{- end }}
env:
- name: CSI_ENDPOINT
{{- if .Values.node.windowsHostProcess }}
value: unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
value: unix:/csi/csi.sock
{{- end }}
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
@ -91,12 +110,14 @@ spec:
mountPropagation: "None"
- name: plugin-dir
mountPath: C:\csi
{{- if not .Values.node.windowsHostProcess }}
- name: csi-proxy-disk-pipe
mountPath: \\.\pipe\csi-proxy-disk-v1
- name: csi-proxy-volume-pipe
mountPath: \\.\pipe\csi-proxy-volume-v1
- name: csi-proxy-filesystem-pipe
mountPath: \\.\pipe\csi-proxy-filesystem-v1
{{- end }}
ports:
- name: healthz
containerPort: 9808
@ -113,9 +134,11 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if not .Values.node.windowsHostProcess }}
securityContext:
windowsOptions:
runAsUserName: "ContainerAdministrator"
{{- end }}
lifecycle:
preStop:
exec:
@ -123,15 +146,34 @@ spec:
- name: node-driver-registrar
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }}
{{- if .Values.node.windowsHostProcess }}
command:
- "csi-node-driver-registrar.exe"
{{- end }}
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
{{- if .Values.node.windowsHostProcess }}
- --plugin-registration-path=$(PLUGIN_REG_DIR)
{{- end }}
- --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }}
env:
- name: ADDRESS
{{- if .Values.node.windowsHostProcess }}
value: unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
value: unix:/csi/csi.sock
{{- end }}
- name: DRIVER_REG_SOCK_PATH
{{- if .Values.node.windowsHostProcess }}
value: C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
value: C:\var\lib\kubelet\plugins\ebs.csi.aws.com\csi.sock
{{- end }}
{{- if .Values.node.windowsHostProcess }}
- name: PLUGIN_REG_DIR
value: C:\\var\\lib\\kubelet\\plugins_registry\\
{{- end }}
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
@ -161,8 +203,16 @@ spec:
- name: liveness-probe
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
{{- if .Values.node.windowsHostProcess }}
command:
- "livenessprobe.exe"
{{- end }}
args:
{{- if .Values.node.windowsHostProcess }}
- --csi-address=unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
- --csi-address=unix:/csi/csi.sock
{{- end }}
volumeMounts:
- name: plugin-dir
mountPath: C:\csi
@ -189,6 +239,7 @@ spec:
hostPath:
path: C:\var\lib\kubelet\plugins_registry
type: Directory
{{- if not .Values.node.windowsHostProcess }}
- name: csi-proxy-disk-pipe
hostPath:
path: \\.\pipe\csi-proxy-disk-v1
@ -201,6 +252,7 @@ spec:
hostPath:
path: \\.\pipe\csi-proxy-filesystem-v1
type: ""
{{- end }}
- name: probe-dir
{{- if .Values.node.probeDirVolume }}
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}

View File

@ -5,7 +5,7 @@ kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .NodeName }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
{{- with .Values.node.daemonSetAnnotations }}
@ -44,6 +44,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.node.serviceAccount.name }}
terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriodSeconds }}
priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }}
tolerations:
{{- if .Values.node.tolerateAllTaints }}

View File

@ -8,7 +8,7 @@ metadata:
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
verbs: [ "get", "list", "watch", "create", "patch", "delete" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update" ]

View File

@ -24,7 +24,7 @@ rules:
verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotcontents/status" ]
verbs: [ "update" ]
verbs: [ "update", "patch" ]
{{- with .Values.sidecars.snapshotter.additionalClusterRoleRules }}
{{- . | toYaml | nindent 2 }}
{{- end }}

View File

@ -8,7 +8,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: {{ .Values.node.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-csi-node-role

View File

@ -227,6 +227,9 @@ spec:
- --kube-api-burst=100
- --worker-threads=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.provisioner.additionalArgs)) }}
- --retry-interval-max=30m
{{- end }}
{{- range .Values.sidecars.provisioner.additionalArgs }}
- {{ . }}
{{- end }}
@ -280,6 +283,9 @@ spec:
- --kube-api-burst=100
- --worker-threads=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.attacher.additionalArgs)) }}
- --retry-interval-max=5m
{{- end }}
{{- range .Values.sidecars.attacher.additionalArgs }}
- {{ . }}
{{- end }}
@ -322,6 +328,9 @@ spec:
- --kube-api-burst=100
- --worker-threads=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.snapshotter.additionalArgs)) }}
- --retry-interval-max=30m
{{- end }}
{{- range .Values.sidecars.snapshotter.additionalArgs }}
- {{ . }}
{{- end }}
@ -435,6 +444,9 @@ spec:
- --kube-api-burst=100
- --workers=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.resizer.additionalArgs)) }}
- --retry-interval-max=30m
{{- end }}
{{- range .Values.sidecars.resizer.additionalArgs }}
- {{ . }}
{{- end }}
@ -501,3 +513,7 @@ spec:
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml .Values.controller.dnsConfig | nindent 4 }}
{{- end }}

View File

@ -0,0 +1,11 @@
{{- if .Values.defaultStorageClass.enabled }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ebs-csi-default-sc
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
{{- end }}

View File

@ -37,6 +37,6 @@ spec:
endpoints:
- targetPort: 3301
path: /metrics
interval: 15s
interval: {{ .Values.controller.serviceMonitor.interval | default "15s"}}
{{- end }}
{{- end }}

View File

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.node.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
{{- with .Values.node.serviceAccount.annotations }}

View File

@ -136,7 +136,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: ebs-csi-driver-test
namespace: kube-system
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-csi-driver-test
@ -214,11 +214,14 @@ spec:
kubectl config set-context kubetest2 --cluster=cluster
kubectl config set-credentials sa --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
kubectl config set-context kubetest2 --user=sa && kubectl config use-context kubetest2
export FOCUS_REGEX='\bebs.csi.aws.com\b.+(validate content|resize volume|offline PVC|AllowedTopologies|store data$SNAPSHOTS)'
export FOCUS_REGEX='\bebs.csi.aws.com\b.+(validate content|resize volume|offline PVC|AllowedTopologies|store data'
if kubectl get crd volumesnapshots.snapshot.storage.k8s.io; then
FORCUS_REGEX="${FOCUS_REGEX}|snapshot fields"
FOCUS_REGEX="${FOCUS_REGEX}|snapshot fields)"
else
FOCUS_REGEX="${FOCUS_REGEX})"
fi
kubetest2 noop --run-id='e2e-kubernetes' --test=ginkgo -- --test-package-version="$(curl -L https://dl.k8s.io/release/stable-1.29.txt)" --skip-regex='[Disruptive]|[Serial]' --focus-regex="$FOCUS_REGEX" --parallel=25 --test-args='-storage.testdriver=/etc/config/manifests.yaml'
export KUBE_VERSION=$(kubectl version --output json | jq -r '.serverVersion.major + "." + .serverVersion.minor')
kubetest2 noop --run-id='e2e-kubernetes' --test=ginkgo -- --test-package-version="$(curl -L https://dl.k8s.io/release/stable-${KUBE_VERSION}.txt)" --skip-regex='[Disruptive]|[Serial]' --focus-regex="$FOCUS_REGEX" --parallel=25 --test-args='-storage.testdriver=/etc/config/manifests.yaml'
volumeMounts:
- name: config-vol
mountPath: /etc/config

View File

@ -7,11 +7,9 @@ image:
# Overrides the image tag whose default is v{{ .Chart.AppVersion }}
tag: ""
pullPolicy: IfNotPresent
# -- Custom labels to add into metadata
customLabels:
{}
# k8s-app: aws-ebs-csi-driver
customLabels: {}
# k8s-app: aws-ebs-csi-driver
sidecars:
provisioner:
@ -19,7 +17,7 @@ sidecars:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
tag: "v4.0.0-eks-1-29-7"
tag: "v5.0.1-eks-1-30-8"
logLevel: 2
# Additional parameters provided by external-provisioner.
additionalArgs: []
@ -37,6 +35,8 @@ sidecars:
# renewDeadline: "10s"
# retryPeriod: "5s"
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
attacher:
@ -44,7 +44,7 @@ sidecars:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher
tag: "v4.5.0-eks-1-29-7"
tag: "v4.6.1-eks-1-30-8"
# Tune leader lease election for csi-attacher.
# Leader election is on by default.
leaderElection:
@ -62,6 +62,8 @@ sidecars:
additionalClusterRoleRules: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
snapshotter:
@ -71,7 +73,7 @@ sidecars:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter
tag: "v7.0.1-eks-1-29-7"
tag: "v8.0.1-eks-1-30-8"
logLevel: 2
# Additional parameters provided by csi-snapshotter.
additionalArgs: []
@ -79,13 +81,15 @@ sidecars:
additionalClusterRoleRules: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
livenessProbe:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
tag: "v2.12.0-eks-1-29-7"
tag: "v2.13.0-eks-1-30-8"
# Additional parameters provided by livenessprobe.
additionalArgs: []
resources: {}
@ -97,7 +101,7 @@ sidecars:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer
tag: "v1.10.0-eks-1-29-7"
tag: "v1.11.1-eks-1-30-8"
# Tune leader lease election for csi-resizer.
# Leader election is on by default.
leaderElection:
@ -115,6 +119,8 @@ sidecars:
additionalClusterRoleRules: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
nodeDriverRegistrar:
@ -122,7 +128,7 @@ sidecars:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
tag: "v2.10.0-eks-1-29-7"
tag: "v2.11.0-eks-1-30-8"
logLevel: 2
# Additional parameters provided by node-driver-registrar.
additionalArgs: []
@ -144,7 +150,7 @@ sidecars:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s
tag: "v0.2.1"
tag: "v0.3.0"
leaderElection:
enabled: true
# Optional values to tune lease behavior.
@ -158,22 +164,20 @@ sidecars:
additionalArgs: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
proxy:
http_proxy:
no_proxy:
imagePullSecrets: []
nameOverride:
fullnameOverride:
awsAccessSecret:
name: aws-secret
keyId: key_id
accessKey: access_key
controller:
batching: true
volumeModificationFeature:
@ -229,6 +233,7 @@ controller:
# Additional labels for ServiceMonitor object
labels:
release: prometheus
interval: "15s"
# If set to true, AWS API call metrics will be exported to the following
# TCP endpoint: "0.0.0.0:3301"
# ---
@ -310,6 +315,8 @@ controller:
# ---
# securityContext on the controller container (see sidecars for securityContext on sidecar containers)
containerSecurityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
initContainers: []
@ -325,6 +332,8 @@ controller:
# otelServiceName: ebs-csi-controller
# otelExporterEndpoint: "http://localhost:4317"
# Enable dnsConfig for the controller and node pods
dnsConfig: {}
node:
env: []
envFrom: []
@ -354,6 +363,7 @@ node:
daemonSetAnnotations: {}
podAnnotations: {}
podLabels: {}
terminationGracePeriodSeconds: 30
tolerateAllTaints: true
tolerations:
- operator: Exists
@ -397,6 +407,8 @@ node:
runAsUser: 0
runAsGroup: 0
fsGroup: 0
# allows you to deploy aws-ebs-csi-node daemonset to separate namespace (make sure namespace exists before deploy)
namespaceOverride: ""
# Add additional volume mounts on the node pods with node.volumes and node.volumeMounts
volumes: []
# Add additional volumes to be mounted onto the node pods:
@ -410,6 +422,7 @@ node:
# mountPath: /mount/path
# ---
# securityContext on the node container (see sidecars for securityContext on sidecar containers)
# Privileged containers always run as `Unconfined`, which means that they are not restricted by a seccomp profile.
containerSecurityContext:
readOnlyRootFilesystem: true
privileged: true
@ -417,19 +430,17 @@ node:
otelTracing: {}
# otelServiceName: ebs-csi-node
# otelExporterEndpoint: "http://localhost:4317"
additionalDaemonSets:
# Additional node DaemonSets, using the node config structure
# See docs/additional-daemonsets.md for more information
#
# example:
# nodeSelector:
# node.kubernetes.io/instance-type: c5.large
# volumeAttachLimit: 15
# Additional node DaemonSets, using the node config structure
# See docs/additional-daemonsets.md for more information
#
# example:
# nodeSelector:
# node.kubernetes.io/instance-type: c5.large
# volumeAttachLimit: 15
# Enable compatibility for the A1 instance family via use of an AL2-based image in a separate DaemonSet
# a1CompatibilityDaemonSet: true
storageClasses: []
# Add StorageClass resources like:
# - name: ebs-sc
@ -446,6 +457,8 @@ storageClasses: []
# parameters:
# encrypted: "true"
defaultStorageClass:
enabled: false
volumeSnapshotClasses: []
# Add VolumeSnapshotClass resources like:
# - name: ebs-vsc
@ -463,8 +476,7 @@ volumeSnapshotClasses: []
# Intended for use with older clusters that cannot easily replace the CSIDriver object
# This parameter should always be false for new installations
useOldCSIDriver: false
helmTester:
enabled: true
# Supply a custom image to the ebs-csi-driver-test pod in helm-tester.yaml
image: "gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240311-b09cdeb92c-master"
image: "gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240611-597c402033-master"

View File

@ -1,4 +1,18 @@
# Helm chart
# v3.0.6
* Bump app/driver version to `v2.0.5`
# v3.0.5
* Bump app/driver version to `v2.0.4`
# v3.0.4
* Bump app/driver version to `v2.0.3`
# v3.0.3
* Bump app/driver version to `v2.0.2`
# v3.0.2
* Update Helm to use the image from Public ECR rather than DockerHub
# v3.0.1
* Bump app/driver version to `v2.0.1`
# v3.0.0
* Bump app/driver version to `v2.0.0`
# v2.5.7
* Bump app/driver version to `v1.7.7`
# v2.5.6

View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.7.7
appVersion: 2.0.5
description: A Helm chart for AWS EFS CSI Driver
home: https://github.com/kubernetes-sigs/aws-efs-csi-driver
keywords:
@ -15,4 +15,4 @@ maintainers:
name: aws-efs-csi-driver
sources:
- https://github.com/kubernetes-sigs/aws-efs-csi-driver
version: 2.5.7
version: 3.0.6

View File

@ -93,14 +93,15 @@ spec:
- name: AWS_USE_FIPS_ENDPOINT
value: "true"
{{- end }}
{{- if .Values.controller.extraEnv }}
{{- toYaml .Values.controller.extraEnv | nindent 12 }}
{{- with .Values.controller.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: aws-token
mountPath: /var/run/secrets/sts.amazonaws.com/serviceaccount/
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: healthz
containerPort: {{ .Values.controller.healthPort }}
@ -155,6 +156,9 @@ spec:
volumeMounts:
- name: socket-dir
mountPath: /csi
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.livenessProbe.resources }}
resources: {{ toYaml . | nindent 12 }}
{{- end }}
@ -165,13 +169,9 @@ spec:
volumes:
- name: socket-dir
emptyDir: {}
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More