From dcc584f737e1308f96819a937d8e1ca62e778e3f Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 24 Aug 2022 17:13:39 +0200 Subject: [PATCH] feat: first alpha release of v1.23.10 --- Dockerfile | 1 + admin/kubezero.sh | 126 +- admin/upgrade_cluster.sh | 29 +- charts/kubeadm/Chart.yaml | 2 +- charts/kubeadm/README.md | 12 +- .../resources/80-apiserver-dns-service.yaml | 2 - charts/kubeadm/values.yaml | 25 - charts/kubezero-addons/Chart.yaml | 6 +- charts/kubezero-addons/README.md | 8 +- .../templates/cluster-backup/cronjob.yaml | 2 +- .../templates/cluster-backup/secret.yaml | 2 +- charts/kubezero-addons/values.yaml | 3 + charts/kubezero-argocd/Chart.yaml | 6 +- charts/kubezero-argocd/README.md | 6 +- charts/kubezero-cert-manager/Chart.yaml | 6 +- charts/kubezero-cert-manager/README.md | 6 +- charts/kubezero-ci/README.md | 26 +- charts/kubezero-istio-gateway/Chart.yaml | 6 +- charts/kubezero-istio-gateway/README.md | 6 +- .../charts/gateway/Chart.yaml | 4 +- .../charts/gateway/templates/deployment.yaml | 2 +- .../charts/gateway/templates/hpa.yaml | 9 +- .../charts/gateway/templates/service.yaml | 5 + .../charts/gateway/values.schema.json | 4 + .../charts/gateway/values.yaml | 3 + charts/kubezero-istio/Chart.yaml | 12 +- charts/kubezero-istio/README.md | 12 +- .../charts/kiali-server/Chart.yaml | 20 - .../charts/kiali-server/templates/NOTES.txt | 5 - .../kiali-server/templates/_helpers.tpl | 143 -- .../kiali-server/templates/cabundle.yaml | 13 - .../kiali-server/templates/configmap.yaml | 25 - .../kiali-server/templates/deployment.yaml | 165 -- .../charts/kiali-server/templates/hpa.yaml | 17 - .../kiali-server/templates/ingress.yaml | 56 - .../charts/kiali-server/templates/oauth.yaml | 17 - .../templates/role-controlplane.yaml | 15 - .../kiali-server/templates/role-viewer.yaml | 89 - .../charts/kiali-server/templates/role.yaml | 99 -- .../templates/rolebinding-controlplane.yaml | 17 - .../kiali-server/templates/rolebinding.yaml | 20 - .../charts/kiali-server/templates/route.yaml | 30 - .../kiali-server/templates/service.yaml | 45 - .../templates/serviceaccount.yaml | 9 - .../charts/kiali-server/values.yaml | 82 - charts/kubezero-istio/update.sh | 4 - charts/kubezero-istio/values.yaml | 2 +- charts/kubezero-logging/Chart.yaml | 15 +- charts/kubezero-logging/README.md | 14 +- .../charts/eck-operator/Chart.yaml | 4 +- .../charts/eck-operator/README.md | 2 +- .../charts/eck-operator/crds/all-crds.yaml | 984 +++++++---- .../eck-operator/templates/_helpers.tpl | 16 + .../eck-operator/templates/configmap.yaml | 1 + .../eck-operator/templates/statefulset.yaml | 3 + .../templates/validate-chart.yaml | 6 + .../charts/eck-operator/values.yaml | 6 + .../charts/fluent-bit/Chart.yaml | 6 +- .../fluent-bit/templates/clusterrole.yaml | 10 + .../fluent-bit/templates/configmap.yaml | 4 + .../charts/fluent-bit/templates/scc.yaml | 37 + .../charts/fluent-bit/templates/service.yaml | 3 + .../charts/fluent-bit/values.yaml | 20 + .../charts/fluentd/Chart.yaml | 4 +- .../charts/fluentd/templates/_pod.tpl | 4 + .../charts/fluentd/values.yaml | 2 + charts/kubezero-logging/values.yaml | 2 +- charts/kubezero-metrics/Chart.yaml | 10 +- charts/kubezero-metrics/README.md | 10 +- .../charts/kube-prometheus-stack/Chart.yaml | 11 +- .../charts/kube-prometheus-stack/README.md | 93 +- .../charts/grafana/Chart.yaml | 4 +- .../charts/grafana/README.md | 30 +- .../grafana/ci/with-affinity-values.yaml | 16 + .../ci/with-extraconfigmapmounts-values.yaml | 7 + .../charts/grafana/ci/with-persistence.yaml | 3 + .../charts/grafana/templates/_helpers.tpl | 22 + .../charts/grafana/templates/_pod.tpl | 107 +- .../charts/grafana/templates/clusterrole.yaml | 4 +- .../charts/grafana/templates/configmap.yaml | 29 +- .../charts/grafana/templates/deployment.yaml | 2 +- .../templates/image-renderer-deployment.yaml | 6 +- .../image-renderer-network-policy.yaml | 5 +- .../grafana/templates/networkpolicy.yaml | 15 + .../templates/poddisruptionbudget.yaml | 2 +- .../grafana/templates/podsecuritypolicy.yaml | 2 +- .../charts/grafana/templates/role.yaml | 4 +- .../grafana/templates/serviceaccount.yaml | 3 +- .../grafana/templates/servicemonitor.yaml | 4 +- .../charts/grafana/templates/statefulset.yaml | 4 +- .../charts/grafana/templates/tests/test.yaml | 7 +- .../charts/grafana/values.yaml | 85 +- .../charts/kube-state-metrics/Chart.yaml | 4 +- .../templates/deployment.yaml | 37 +- .../kube-state-metrics/templates/pdb.yaml | 4 + .../kube-state-metrics/templates/role.yaml | 3 + .../kube-state-metrics/templates/service.yaml | 3 + .../templates/servicemonitor.yaml | 14 + .../charts/kube-state-metrics/values.yaml | 39 +- .../prometheus-node-exporter/Chart.yaml | 3 +- .../templates/daemonset.yaml | 26 + .../templates/servicemonitor.yaml | 4 + .../prometheus-node-exporter/values.yaml | 28 + .../crds/crd-alertmanagerconfigs.yaml | 526 +++++- .../crds/crd-alertmanagers.yaml | 1384 +++++++++------- .../crds/crd-podmonitors.yaml | 77 +- .../crds/crd-probes.yaml | 72 +- .../crds/crd-prometheuses.yaml | 1457 ++++++++++------- .../crds/crd-prometheusrules.yaml | 13 +- .../crds/crd-servicemonitors.yaml | 80 +- .../crds/crd-thanosrulers.yaml | 1258 ++++++++------ .../templates/_helpers.tpl | 63 +- .../templates/alertmanager/alertmanager.yaml | 12 +- .../templates/alertmanager/ingress.yaml | 2 +- .../alertmanager/podDisruptionBudget.yaml | 2 +- .../templates/alertmanager/secret.yaml | 2 +- .../templates/alertmanager/service.yaml | 2 +- .../alertmanager/serviceaccount.yaml | 2 +- .../alertmanager/serviceperreplica.yaml | 4 +- .../exporters/core-dns/servicemonitor.yaml | 3 + .../kube-api-server/servicemonitor.yaml | 3 + .../kube-controller-manager/endpoints.yaml | 6 +- .../servicemonitor.yaml | 3 + .../exporters/kube-dns/servicemonitor.yaml | 3 + .../exporters/kube-etcd/servicemonitor.yaml | 3 + .../exporters/kube-proxy/servicemonitor.yaml | 3 + .../exporters/kube-scheduler/endpoints.yaml | 4 +- .../kube-scheduler/servicemonitor.yaml | 3 + .../exporters/kubelet/servicemonitor.yaml | 25 + .../grafana/configmaps-datasources.yaml | 14 +- .../job-patch/serviceaccount.yaml | 2 +- .../mutatingWebhookConfiguration.yaml | 1 + .../prometheus-operator/clusterrole.yaml | 1 + .../prometheus-operator/deployment.yaml | 7 + .../prometheus-operator/serviceaccount.yaml | 2 +- .../templates/prometheus/ingress.yaml | 2 +- .../prometheus/podDisruptionBudget.yaml | 2 +- .../templates/prometheus/prometheus.yaml | 28 +- .../templates/prometheus/service.yaml | 2 +- .../prometheus/serviceThanosSidecar.yaml | 2 +- .../serviceThanosSidecarExternal.yaml | 2 +- .../templates/prometheus/serviceaccount.yaml | 2 +- .../servicemonitorThanosSidecar.yaml | 4 +- .../prometheus/serviceperreplica.yaml | 6 +- .../templates/thanos-ruler/extrasecret.yaml | 20 + .../templates/thanos-ruler/ingress.yaml | 77 + .../thanos-ruler/podDisruptionBudget.yaml | 21 + .../templates/thanos-ruler/ruler.yaml | 168 ++ .../templates/thanos-ruler/service.yaml | 53 + .../thanos-ruler/serviceaccount.yaml | 20 + .../thanos-ruler/servicemonitor.yaml | 45 + .../charts/kube-prometheus-stack/values.yaml | 584 ++++++- .../charts/prometheus-pushgateway/Chart.yaml | 2 +- .../templates/_helpers.tpl | 90 +- .../templates/deployment.yaml | 78 +- .../prometheus-pushgateway/templates/pdb.yaml | 4 + .../templates/pushgateway-pvc.yaml | 2 + .../templates/service.yaml | 4 +- .../templates/serviceaccount.yaml | 4 + .../templates/servicemonitor.yaml | 9 + .../templates/statefulset.yaml | 47 + .../charts/prometheus-pushgateway/values.yaml | 36 + charts/kubezero-metrics/jsonnet/build.sh | 2 +- .../jsonnet/jsonnetfile.lock.json | 12 +- charts/kubezero-metrics/zdt.patch | 2 +- charts/kubezero-network/Chart.yaml | 6 +- charts/kubezero-network/README.md | 28 +- .../templates/multus/config.yaml | 3 +- charts/kubezero-network/values.yaml | 2 +- charts/kubezero-storage/Chart.yaml | 12 +- charts/kubezero-storage/README.md | 11 +- .../charts/aws-ebs-csi-driver/CHANGELOG.md | 49 + .../charts/aws-ebs-csi-driver/Chart.yaml | 4 +- .../aws-ebs-csi-driver/templates/_helpers.tpl | 2 +- .../templates/clusterrole-snapshotter.yaml | 2 +- .../templates/controller.yaml | 57 +- .../templates/node-windows.yaml | 12 +- .../aws-ebs-csi-driver/templates/node.yaml | 46 +- .../serviceaccount-csi-controller.yaml | 4 +- .../charts/aws-ebs-csi-driver/values.yaml | 66 +- .../charts/aws-efs-csi-driver/CHANGELOG.md | 5 +- .../charts/aws-efs-csi-driver/Chart.yaml | 4 +- .../templates/controller-deployment.yaml | 10 +- .../templates/controller-serviceaccount.yaml | 1 + .../charts/aws-efs-csi-driver/values.yaml | 11 +- .../charts/lvm-localpv/Chart.yaml | 4 +- .../charts/lvm-localpv/README.md | 2 +- .../charts/lvm-localpv/values.yaml | 4 +- charts/kubezero-storage/efs.patch | 18 +- .../jsonnet/jsonnetfile.lock.json | 12 +- charts/kubezero-storage/values.yaml | 4 +- charts/kubezero/Chart.yaml | 4 +- charts/kubezero/README.md | 24 +- charts/kubezero/values.yaml | 20 +- charts/manticore/README.md | 28 +- 195 files changed, 6313 insertions(+), 3508 deletions(-) delete mode 100644 charts/kubezero-istio/charts/kiali-server/Chart.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/NOTES.txt delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/_helpers.tpl delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/cabundle.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/configmap.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/deployment.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/hpa.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/ingress.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/oauth.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/role-controlplane.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/role-viewer.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/role.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/rolebinding-controlplane.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/rolebinding.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/route.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/service.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/templates/serviceaccount.yaml delete mode 100644 charts/kubezero-istio/charts/kiali-server/values.yaml create mode 100644 charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml create mode 100644 charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml create mode 100644 charts/kubezero-metrics/charts/prometheus-pushgateway/templates/statefulset.yaml diff --git a/Dockerfile b/Dockerfile index f356e4d..0c8c556 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN cd /etc/apk/keys && \ apk --no-cache add \ jq \ yq \ + diffutils \ cri-tools@kubezero \ kubeadm@kubezero~=${KUBE_VERSION} \ kubectl@kubezero~=${KUBE_VERSION} \ diff --git a/admin/kubezero.sh b/admin/kubezero.sh index e25d33b..2eb8213 100755 --- a/admin/kubezero.sh +++ b/admin/kubezero.sh @@ -9,7 +9,8 @@ fi export WORKDIR=/tmp/kubezero export HOSTFS=/host export CHARTS=/charts -export VERSION=$(kubeadm version --output json | jq -r .clientVersion.gitVersion) +export KUBE_VERSION=$(kubeadm version -o json | jq -r .clientVersion.gitVersion) +export KUBE_VERSION_MINOR="v1.$(kubectl version -o json | jq .clientVersion.minor -r)" export KUBECONFIG="${HOSTFS}/root/.kube/config" @@ -63,13 +64,11 @@ render_kubeadm() { parse_kubezero() { [ -f ${HOSTFS}/etc/kubernetes/kubezero.yaml ] || { echo "Missing /etc/kubernetes/kubezero.yaml!"; return 1; } - export KUBE_VERSION=$(kubeadm version -o yaml | yq eval .clientVersion.gitVersion -) export CLUSTERNAME=$(yq eval '.clusterName' ${HOSTFS}/etc/kubernetes/kubezero.yaml) export ETCD_NODENAME=$(yq eval '.etcd.nodeName' ${HOSTFS}/etc/kubernetes/kubezero.yaml) export NODENAME=$(yq eval '.nodeName' ${HOSTFS}/etc/kubernetes/kubezero.yaml) - + export PROVIDER_ID=$(yq eval '.providerID' ${HOSTFS}/etc/kubernetes/kubezero.yaml) export AWS_IAM_AUTH=$(yq eval '.api.awsIamAuth.enabled' ${HOSTFS}/etc/kubernetes/kubezero.yaml) - export AWS_NTH=$(yq eval '.addons.aws-node-termination-handler.enabled' ${HOSTFS}/etc/kubernetes/kubezero.yaml) # From here on bail out, allows debug_shell even in error cases set -e @@ -114,13 +113,16 @@ post_kubeadm() { } -# First parse kubezero.yaml -parse_kubezero - -if [ "$1" == 'upgrade' ]; then +cluster_upgrade() { ### PRE 1.23 specific ##################### + # Migrate addons and network values into CM from kubezero.yaml + kubectl get cm -n kube-system kubezero-values || \ + kubectl create configmap -n kube-system kubezero-values \ + --from-literal addons="$(yq e '.addons | del .clusterBackup.repository | del .clusterBackup.password' ${HOSTFS}/etc/kubernetes/kubezero.yaml)" \ + --from-literal network="$(yq e .network ${HOSTFS}/etc/kubernetes/kubezero.yaml)" + ##################### render_kubeadm @@ -142,16 +144,6 @@ if [ "$1" == 'upgrade' ]; then ###################### - # network - yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml - helm template $CHARTS/kubezero-network --namespace kube-system --include-crds --name-template network \ - -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG - - # addons - yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml - helm template $CHARTS/kubezero-addons --namespace kube-system --include-crds --name-template addons \ - -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG - # Cleanup after kubeadm on the host rm -rf ${HOSTFS}/etc/kubernetes/tmp @@ -163,23 +155,28 @@ if [ "$1" == 'upgrade' ]; then # Removed: # - update oidc do we need that ? +} -elif [[ "$1" == 'node-upgrade' ]]; then + +node_upgrade() { echo "Starting node upgrade ..." echo "All done." +} -elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then + +control_plane_node() { + CMD=$1 render_kubeadm # Ensure clean slate if bootstrap, restore PKI otherwise - if [[ "$1" =~ "^(bootstrap)$" ]]; then + if [[ "$CMD" =~ "^(bootstrap)$" ]]; then rm -rf ${HOSTFS}/var/lib/etcd/member else # restore latest backup - retry 10 60 30 restic restore latest --no-lock -t / --tag $VERSION + retry 10 60 30 restic restore latest --no-lock -t / --tag $KUBE_VERSION_MINOR # Make last etcd snapshot available cp ${WORKDIR}/etcd_snapshot ${HOSTFS}/etc/kubernetes @@ -191,7 +188,7 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config # Only restore etcd data during "restore" and none exists already - if [[ "$1" =~ "^(restore)$" ]]; then + if [[ "$CMD" =~ "^(restore)$" ]]; then if [ ! -d ${HOSTFS}/var/lib/etcd/member ]; then etcdctl snapshot restore ${HOSTFS}/etc/kubernetes/etcd_snapshot \ --name $ETCD_NODENAME \ @@ -218,7 +215,7 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then _kubeadm init phase preflight _kubeadm init phase kubeconfig all - if [[ "$1" =~ "^(join)$" ]]; then + if [[ "$CMD" =~ "^(join)$" ]]; then # Delete any former self in case forseti did not delete yet kubectl delete node ${NODENAME} --wait=true || true # Wait for all pods to be deleted otherwise we end up with stale pods eg. kube-proxy and all goes to .... @@ -277,8 +274,7 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then retry 0 5 30 kubectl cluster-info --request-timeout 3 >/dev/null # Update providerID as underlying VM changed during restore - if [[ "$1" =~ "^(restore)$" ]]; then - PROVIDER_ID=$(yq eval '.providerID' ${HOSTFS}/etc/kubernetes/kubezero.yaml) + if [[ "$CMD" =~ "^(restore)$" ]]; then if [ -n "$PROVIDER_ID" ]; then etcdhelper \ -cacert ${HOSTFS}/etc/kubernetes/pki/etcd/ca.crt \ @@ -289,7 +285,7 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then fi fi - if [[ ! "$1" =~ "^(join)$" ]]; then + if [[ "$CMD" =~ "^(bootstrap|restore)$" ]]; then _kubeadm init phase upload-config all _kubeadm init phase upload-certs --skip-certificate-key-print @@ -300,7 +296,7 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then _kubeadm init phase mark-control-plane _kubeadm init phase kubelet-finalize all - if [[ ! "$1" =~ "^(join)$" ]]; then + if [[ "$CMD" =~ "^(bootstrap|restore)$" ]]; then _kubeadm init phase addon all fi @@ -315,34 +311,42 @@ elif [[ "$1" =~ "^(bootstrap|restore|join)$" ]]; then yq eval -M ".clusters[0].cluster.certificate-authority-data = \"$(cat ${HOSTFS}/etc/kubernetes/pki/ca.crt | base64 -w0)\"" ${WORKDIR}/kubeadm/templates/admin-aws-iam.yaml > ${HOSTFS}/etc/kubernetes/admin-aws-iam.yaml fi - # install / update network and addons - if [[ "$1" =~ "^(bootstrap|join)$" ]]; then - # network - yq eval '.network // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml - - # Ensure multus is first - helm template $CHARTS/kubezero-network --namespace kube-system --include-crds --name-template network \ - --set multus.enabled=true --kube-version $KUBE_VERSION | kubectl apply -f - $LOG - - helm template $CHARTS/kubezero-network --namespace kube-system --include-crds --name-template network \ - -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG - - # addons - yq eval '.addons // ""' ${HOSTFS}/etc/kubernetes/kubezero.yaml > _values.yaml - helm template $CHARTS/kubezero-addons --namespace kube-system --include-crds --name-template addons \ - -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG - fi - post_kubeadm echo "${1} cluster $CLUSTERNAME successfull." +} + + +apply_module() { + MODULE=$1 + + # network + kubectl get configmap -n kube-system kubezero-values -o custom-columns=NAME:".data.$MODULE" --no-headers=true > _values.yaml + + helm template $CHARTS/kubezero-$MODULE --namespace kube-system --name-template $MODULE --skip-crds --set installCRDs=false -f _values.yaml --kube-version $KUBE_VERSION > helm-no-crds.yaml + helm template $CHARTS/kubezero-$MODULE --namespace kube-system --name-template $MODULE --include-crds --set installCRDs=true -f _values.yaml --kube-version $KUBE_VERSION > helm-crds.yaml + diff -e helm-no-crds.yaml helm-crds.yaml | head -n-1 | tail -n+2 > crds.yaml + + # Only apply if there are actually any crds + if [ -s crds.yaml ]; then + kubectl apply -f crds.yaml --server-side $LOG + fi + + helm template $CHARTS/kubezero-$MODULE --namespace kube-system --include-crds --name-template $MODULE \ + -f _values.yaml --kube-version $KUBE_VERSION | kubectl apply --namespace kube-system -f - $LOG + + echo "Applied KubeZero module: $MODULE" +} # backup etcd + /etc/kubernetes/pki -elif [ "$1" == 'backup' ]; then +backup() { + # Display all ENVs, careful this exposes the password ! + [ -n "$DEBUG" ] && env + restic snapshots || restic init || exit 1 - CV=$(kubectl version --short=true -o json | jq .serverVersion.minor -r) + CV=$(kubectl version -o json | jq .serverVersion.minor -r) let PCV=$CV-1 CLUSTER_VERSION="v1.$CV" @@ -368,16 +372,32 @@ elif [ "$1" == 'backup' ]; then # Defrag etcd backend etcdctl --endpoints=https://${ETCD_NODENAME}:2379 defrag +} -elif [ "$1" == 'debug_shell' ]; then +debug_shell() { echo "Entering debug shell" printf "For manual etcdctl commands use:\n # export ETCDCTL_ENDPOINTS=$ETCD_NODENAME:2379\n" /bin/sh +} -else - echo "Unknown command!" - exit 1 -fi +# First parse kubezero.yaml +parse_kubezero + +# Execute tasks +for t in $@; do + case "$t" in + cluster_upgrade) cluster_upgrade;; + node_upgrade) node_upgrade;; + bootstrap) control_plane_node bootstrap;; + join) control_plane_node join;; + restore) control_plane_node restore;; + apply_network) apply_module network;; + apply_addons) apply_module addons;; + backup) backup;; + debug_shell) debug_shell;; + *) echo "Unknown command: '$t'";; + esac +done diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index e5cebf6..8b9cc6c 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -1,14 +1,15 @@ #!/bin/bash -e -VERSION="v1.22" +VERSION="v1.23" [ -n "$DEBUG" ] && set -x # unset any AWS_DEFAULT_PROFILE as it will break aws-iam-auth unset AWS_DEFAULT_PROFILE -echo "Deploying node upgrade daemonSet..." -cat <= 1.20.0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| addons.aws-node-termination-handler.enabled | bool | `false` | | -| addons.aws-node-termination-handler.queueURL | string | `""` | arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTERNAME}_Nth | -| addons.clusterBackup.enabled | bool | `false` | | -| addons.clusterBackup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase | -| addons.clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup | -| addons.external-dns.enabled | bool | `false` | | | api.apiAudiences | string | `"istio-ca"` | | | api.awsIamAuth.enabled | bool | `false` | | | api.awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | | @@ -43,10 +37,6 @@ Kubernetes: `>= 1.20.0` | etcd.state | string | `"new"` | | | highAvailable | bool | `false` | | | listenAddress | string | `"0.0.0.0"` | Needs to be set to primary node IP | -| network.calico.enabled | bool | `false` | | -| network.cilium.enabled | bool | `false` | | -| network.multus.enabled | bool | `false` | | -| network.multus.tag | string | `"v3.8"` | | | nodeName | string | `"kubezero-node"` | set to $HOSTNAME | | protectKernelDefaults | bool | `false` | | | systemd | bool | `false` | Set to false for openrc, eg. on Gentoo or Alpine | diff --git a/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml b/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml index ff1409e..7947e0c 100644 --- a/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml +++ b/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml @@ -1,4 +1,3 @@ -{{- if index .Values "addons" "external-dns" "enabled" }} apiVersion: v1 kind: Service metadata: @@ -13,4 +12,3 @@ spec: selector: component: kube-apiserver tier: control-plane -{{- end }} diff --git a/charts/kubeadm/values.yaml b/charts/kubeadm/values.yaml index 0a8bb99..33a9af2 100644 --- a/charts/kubeadm/values.yaml +++ b/charts/kubeadm/values.yaml @@ -22,31 +22,6 @@ api: workerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode" kubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode" -addons: - aws-node-termination-handler: - enabled: false - # -- arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTERNAME}_Nth - queueURL: "" - - clusterBackup: - enabled: false - # -- s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup - repository: "" - # -- /etc/cloudbender/clusterBackup.passphrase - passwordFile: "" - - external-dns: - enabled: false - -network: - multus: - enabled: false - tag: "v3.8" - cilium: - enabled: false - calico: - enabled: false - highAvailable: false etcd: diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index 8cd7a56..f18a9e6 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.5.5 -appVersion: v1.22.8 +version: 0.6.0 +appVersion: v1.23.10 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -20,7 +20,7 @@ dependencies: # repository: https://aws.github.io/eks-charts condition: aws-node-termination-handler.enabled - name: external-dns - version: 1.7.1 + version: 1.11.0 repository: https://kubernetes-sigs.github.io/external-dns/ condition: external-dns.enabled kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md index f9113f9..f17bc4d 100644 --- a/charts/kubezero-addons/README.md +++ b/charts/kubezero-addons/README.md @@ -1,6 +1,6 @@ # kubezero-addons -![Version: 0.5.5](https://img.shields.io/badge/Version-0.5.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.22.8](https://img.shields.io/badge/AppVersion-v1.22.8-informational?style=flat-square) +![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.23.10](https://img.shields.io/badge/AppVersion-v1.23.10-informational?style=flat-square) KubeZero umbrella chart for various optional cluster addons @@ -19,7 +19,7 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| | | aws-node-termination-handler | 0.18.5 | -| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.7.1 | +| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 | # MetalLB @@ -63,8 +63,8 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | clusterBackup.enabled | bool | `false` | | | clusterBackup.extraEnv | list | `[]` | | | clusterBackup.image.name | string | `"public.ecr.aws/zero-downtime/kubezero-admin"` | | -| clusterBackup.password | string | `""` | | -| clusterBackup.repository | string | `""` | | +| clusterBackup.password | string | `""` | /etc/cloudbender/clusterBackup.passphrase | +| clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup | | external-dns.enabled | bool | `false` | | | external-dns.env[0] | object | `{"name":"AWS_ROLE_ARN","value":""}` | "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS" | | external-dns.env[1].name | string | `"AWS_WEB_IDENTITY_TOKEN_FILE"` | | diff --git a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml index 3d3d5ce..401a8ee 100644 --- a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml +++ b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml @@ -27,7 +27,7 @@ spec: mountPath: /tmp env: - name: DEBUG - value: "1" + value: "" - name: RESTIC_REPOSITORY valueFrom: secretKeyRef: diff --git a/charts/kubezero-addons/templates/cluster-backup/secret.yaml b/charts/kubezero-addons/templates/cluster-backup/secret.yaml index e87f17a..b0b020e 100644 --- a/charts/kubezero-addons/templates/cluster-backup/secret.yaml +++ b/charts/kubezero-addons/templates/cluster-backup/secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.clusterBackup.enabled .Values.clusterBackup.repository }} +{{- if and .Values.clusterBackup.enabled .Values.clusterBackup.repository .Values.clusterBackup.password }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index d93f3e5..057e0c3 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -5,8 +5,11 @@ clusterBackup: name: public.ecr.aws/zero-downtime/kubezero-admin # tag: v1.22.8 + # -- s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup repository: "" + # -- /etc/cloudbender/clusterBackup.passphrase password: "" + extraEnv: [] forseti: diff --git a/charts/kubezero-argocd/Chart.yaml b/charts/kubezero-argocd/Chart.yaml index b962e7b..3bfb8d2 100644 --- a/charts/kubezero-argocd/Chart.yaml +++ b/charts/kubezero-argocd/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application name: kubezero-argocd -version: 0.10.1 +version: 0.10.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -13,9 +13,9 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: argo-cd - version: 4.5.4 + version: 4.10.9 repository: https://argoproj.github.io/argo-helm kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-argocd/README.md b/charts/kubezero-argocd/README.md index 5a6329c..2a37feb 100644 --- a/charts/kubezero-argocd/README.md +++ b/charts/kubezero-argocd/README.md @@ -1,6 +1,6 @@ # kubezero-argocd -![Version: 0.10.1](https://img.shields.io/badge/Version-0.10.1-informational?style=flat-square) +![Version: 0.10.2](https://img.shields.io/badge/Version-0.10.2-informational?style=flat-square) KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application @@ -18,8 +18,8 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argo-cd | 4.5.4 | -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | +| https://argoproj.github.io/argo-helm | argo-cd | 4.10.9 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | ## Values diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index ec9a103..da35efa 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-cert-manager description: KubeZero Umbrella Chart for cert-manager type: application -version: 0.9.1 +version: 0.9.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -13,9 +13,9 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: cert-manager - version: 1.8.0 + version: 1.9.1 repository: https://charts.jetstack.io kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index ee18087..82459cc 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,6 +1,6 @@ # kubezero-cert-manager -![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.9.2](https://img.shields.io/badge/Version-0.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for cert-manager @@ -18,8 +18,8 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | -| https://charts.jetstack.io | cert-manager | 1.8.0 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | +| https://charts.jetstack.io | cert-manager | 1.9.1 | ## AWS - OIDC IAM roles diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md index e3b509f..536cde9 100644 --- a/charts/kubezero-ci/README.md +++ b/charts/kubezero-ci/README.md @@ -1,6 +1,6 @@ # kubezero-ci -![Version: 0.4.54](https://img.shields.io/badge/Version-0.4.54-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.5.12](https://img.shields.io/badge/Version-0.5.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things CI @@ -18,10 +18,10 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.15 | +| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.16 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | -| https://charts.jenkins.io | jenkins | 4.1.10 | -| https://dl.gitea.io/charts/ | gitea | 5.0.5 | +| https://charts.jenkins.io | jenkins | 4.1.16 | +| https://dl.gitea.io/charts/ | gitea | 5.0.9 | | https://gocd.github.io/helm-chart | gocd | 1.40.8 | # Jenkins @@ -54,7 +54,7 @@ Kubernetes: `>= 1.20.0` | gitea.gitea.metrics.enabled | bool | `false` | | | gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | | | gitea.image.rootless | bool | `true` | | -| gitea.image.tag | string | `"1.16.8"` | | +| gitea.image.tag | string | `"1.17.1"` | | | gitea.istio.enabled | bool | `false` | | | gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | gitea.istio.url | string | `"git.example.com"` | | @@ -85,9 +85,9 @@ Kubernetes: `>= 1.20.0` | jenkins.agent.resources.requests.cpu | string | `"512m"` | | | jenkins.agent.resources.requests.memory | string | `"1024Mi"` | | | jenkins.agent.showRawYaml | bool | `false` | | -| jenkins.agent.tag | string | `"v0.2.5-1"` | | +| jenkins.agent.tag | string | `"v0.3.2"` | | | jenkins.agent.yamlMergeStrategy | string | `"merge"` | | -| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\""` | | +| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | | | jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | | | jenkins.controller.disableRememberMe | bool | `true` | | | jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | | @@ -95,15 +95,16 @@ Kubernetes: `>= 1.20.0` | jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | | | jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | | | jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | | -| jenkins.controller.installPlugins[0] | string | `"kubernetes:3651.v908e7db_10d06"` | | +| jenkins.controller.installPlugins[0] | string | `"kubernetes:3670.v6ca_059233222"` | | | jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | | -| jenkins.controller.installPlugins[2] | string | `"git:4.11.3"` | | -| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1429.v09b_044a_c93de"` | | +| jenkins.controller.installPlugins[2] | string | `"git:4.11.4"` | | +| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1512.vb_79d418d5fc8"` | | | jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:2.7"` | | | jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | | | jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.30"` | | | jenkins.controller.installPlugins[7] | string | `"build-discarder:60.v1747b0eb632a"` | | -| jenkins.controller.installPlugins[8] | string | `"dark-theme:156.v6cf16af6f9ef"` | | +| jenkins.controller.installPlugins[8] | string | `"dark-theme:185.v276b_5a_8966a_e"` | | +| jenkins.controller.installPlugins[9] | string | `"kubernetes-credentials-provider:1.196.va_55f5e31e3c2"` | | | jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` | | | jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=180 --sessionEviction=3600"` | | | jenkins.controller.prometheus.enabled | bool | `false` | | @@ -111,7 +112,7 @@ Kubernetes: `>= 1.20.0` | jenkins.controller.resources.limits.memory | string | `"4096Mi"` | | | jenkins.controller.resources.requests.cpu | string | `"250m"` | | | jenkins.controller.resources.requests.memory | string | `"1280Mi"` | | -| jenkins.controller.tag | string | `"2.356-alpine-jdk17"` | | +| jenkins.controller.tag | string | `"2.362-alpine-jdk17"` | | | jenkins.controller.testEnabled | bool | `false` | | | jenkins.enabled | bool | `false` | | | jenkins.istio.agent.enabled | bool | `false` | | @@ -124,6 +125,7 @@ Kubernetes: `>= 1.20.0` | jenkins.istio.webhook.gateway | string | `"istio-ingress/ingressgateway"` | | | jenkins.istio.webhook.url | string | `"jenkins-webhook.example.com"` | | | jenkins.persistence.size | string | `"4Gi"` | | +| jenkins.rbac.readSecrets | bool | `true` | | | jenkins.serviceAccountAgent.create | bool | `true` | | | jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | | | trivy.enabled | bool | `false` | | diff --git a/charts/kubezero-istio-gateway/Chart.yaml b/charts/kubezero-istio-gateway/Chart.yaml index ca9bac4..3c38b1b 100644 --- a/charts/kubezero-istio-gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio-gateway description: KubeZero Umbrella Chart for Istio gateways type: application -version: 0.8.1 +version: 0.8.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -14,9 +14,9 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: gateway - version: 1.13.5 + version: 1.14.3 repository: https://istio-release.storage.googleapis.com/charts kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-istio-gateway/README.md b/charts/kubezero-istio-gateway/README.md index f27820a..8470de7 100644 --- a/charts/kubezero-istio-gateway/README.md +++ b/charts/kubezero-istio-gateway/README.md @@ -1,6 +1,6 @@ # kubezero-istio-gateway -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio gateways @@ -20,8 +20,8 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | -| https://istio-release.storage.googleapis.com/charts | gateway | 1.13.5 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | +| https://istio-release.storage.googleapis.com/charts | gateway | 1.14.3 | ## Values diff --git a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml index 864fe8c..b3c19cd 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.13.5 +appVersion: 1.14.3 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - http://github.com/istio/istio type: application -version: 1.13.5 +version: 1.14.3 diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml index 30dfc02..f907f88 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: {{ .Values.kind | default "Deployment" }} metadata: name: {{ include "gateway.name" . }} namespace: {{ .Release.Namespace }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml index 956a5ee..e287406 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/hpa.yaml @@ -1,5 +1,9 @@ -{{- if .Values.autoscaling.enabled }} +{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} +{{- if (semverCompare ">=1.23-0" .Capabilities.KubeVersion.GitVersion)}} +apiVersion: autoscaling/v2 +{{- else }} apiVersion: autoscaling/v2beta2 +{{- end }} kind: HorizontalPodAutoscaler metadata: name: {{ include "gateway.name" . }} @@ -11,7 +15,7 @@ metadata: spec: scaleTargetRef: apiVersion: apps/v1 - kind: Deployment + kind: {{ .Values.kind | default "Deployment" }} name: {{ include "gateway.name" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} @@ -24,5 +28,4 @@ spec: averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} type: Utilization {{- end }} - {{- end }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml index bfef1ff..d4fe9e3 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/service.yaml @@ -46,6 +46,11 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: {{- range .Values.service.externalIPs }} + - {{.}} + {{- end }} {{- end }} selector: {{- include "gateway.selectorLabels" . | nindent 4 }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/values.schema.json b/charts/kubezero-istio-gateway/charts/gateway/values.schema.json index 3109d60..be6017e 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/values.schema.json +++ b/charts/kubezero-istio-gateway/charts/gateway/values.schema.json @@ -15,6 +15,10 @@ "containerSecurityContext": { "type": ["object", "null"] }, + "kind":{ + "type": "string", + "enum": ["Deployment", "DaemonSet"] + }, "annotations": { "additionalProperties": { "type": [ diff --git a/charts/kubezero-istio-gateway/charts/gateway/values.yaml b/charts/kubezero-istio-gateway/charts/gateway/values.yaml index f225cee..e054afb 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/values.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/values.yaml @@ -5,6 +5,8 @@ revision: "" replicaCount: 1 +kind: Deployment + rbac: # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed # when using http://gateway-api.org/. @@ -52,6 +54,7 @@ service: loadBalancerIP: "" loadBalancerSourceRanges: [] externalTrafficPolicy: "" + externalIPs: [] resources: requests: diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml index 82d5053..f78c86f 100644 --- a/charts/kubezero-istio/Chart.yaml +++ b/charts/kubezero-istio/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio description: KubeZero Umbrella Chart for Istio type: application -version: 0.8.1 +version: 0.8.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -13,16 +13,16 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: base - version: 1.13.5 + version: 1.14.3 repository: https://istio-release.storage.googleapis.com/charts - name: istiod - version: 1.13.5 + version: 1.14.3 repository: https://istio-release.storage.googleapis.com/charts - name: kiali-server - version: 1.38.1 - # repository: https://github.com/kiali/helm-charts/tree/master/docs + version: 1.54 + repository: https://kiali.org/helm-charts condition: kiali-server.enabled kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index 350e38d..83297a0 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -1,6 +1,6 @@ # kubezero-istio -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio @@ -20,10 +20,10 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | kiali-server | 1.38.1 | -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | -| https://istio-release.storage.googleapis.com/charts | base | 1.13.5 | -| https://istio-release.storage.googleapis.com/charts | istiod | 1.13.5 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | +| https://istio-release.storage.googleapis.com/charts | base | 1.14.3 | +| https://istio-release.storage.googleapis.com/charts | istiod | 1.14.3 | +| https://kiali.org/helm-charts | kiali-server | 1.54 | ## Values @@ -32,7 +32,7 @@ Kubernetes: `>= 1.20.0` | global.defaultPodDisruptionBudget.enabled | bool | `false` | | | global.logAsJson | bool | `true` | | | global.priorityClassName | string | `"system-cluster-critical"` | | -| global.tag | string | `"1.13.5-distroless"` | | +| global.tag | string | `"1.14.3-distroless"` | | | istiod.meshConfig.accessLogEncoding | string | `"JSON"` | | | istiod.meshConfig.accessLogFile | string | `"/dev/stdout"` | | | istiod.meshConfig.tcpKeepalive.interval | string | `"60s"` | | diff --git a/charts/kubezero-istio/charts/kiali-server/Chart.yaml b/charts/kubezero-istio/charts/kiali-server/Chart.yaml deleted file mode 100644 index 76dd122..0000000 --- a/charts/kubezero-istio/charts/kiali-server/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -appVersion: v1.38.1 -description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. -home: https://github.com/kiali/kiali -icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png -keywords: -- istio -- kiali -maintainers: -- email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io -name: kiali-server -sources: -- https://github.com/kiali/kiali -- https://github.com/kiali/kiali-ui -- https://github.com/kiali/kiali-operator -- https://github.com/kiali/helm-charts -version: 1.38.1 diff --git a/charts/kubezero-istio/charts/kiali-server/templates/NOTES.txt b/charts/kubezero-istio/charts/kiali-server/templates/NOTES.txt deleted file mode 100644 index 7510194..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Welcome to Kiali! For more details on Kiali, see: https://kiali.io - -The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. - -(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/charts/kubezero-istio/charts/kiali-server/templates/_helpers.tpl b/charts/kubezero-istio/charts/kiali-server/templates/_helpers.tpl deleted file mode 100644 index 1cabf2c..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/_helpers.tpl +++ /dev/null @@ -1,143 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a default fully qualified instance name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride. -For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali, -use fullnameOverride, otherwise use deployment.instance_name. -*/}} -{{- define "kiali-server.fullname" -}} -{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }} - {{- .Values.fullnameOverride | trunc 63 }} -{{- else }} - {{- .Values.deployment.instance_name | trunc 63 }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kiali-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Identifies the log_level with the old verbose_mode and the new log_level considered. -*/}} -{{- define "kiali-server.logLevel" -}} -{{- if .Values.deployment.verbose_mode -}} -{{- .Values.deployment.verbose_mode -}} -{{- else -}} -{{- .Values.deployment.logger.log_level -}} -{{- end -}} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "kiali-server.labels" -}} -helm.sh/chart: {{ include "kiali-server.chart" . }} -app: kiali -{{ include "kiali-server.selectorLabels" . }} -version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} -app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/part-of: "kiali" -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kiali-server.selectorLabels" -}} -app.kubernetes.io/name: kiali -app.kubernetes.io/instance: {{ include "kiali-server.fullname" . }} -{{- end }} - -{{/* -Determine the default login token signing key. -*/}} -{{- define "kiali-server.login_token.signing_key" -}} -{{- if .Values.login_token.signing_key }} - {{- .Values.login_token.signing_key }} -{{- else }} - {{- randAlphaNum 16 }} -{{- end }} -{{- end }} - -{{/* -Determine the default web root. -*/}} -{{- define "kiali-server.server.web_root" -}} -{{- if .Values.server.web_root }} - {{- .Values.server.web_root | trimSuffix "/" }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/" }} - {{- else }} - {{- "/kiali" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default identity cert file. There is no default if on k8s; only on OpenShift. -*/}} -{{- define "kiali-server.identity.cert_file" -}} -{{- if hasKey .Values.identity "cert_file" }} - {{- .Values.identity.cert_file }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/kiali-cert/tls.crt" }} - {{- else }} - {{- "" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the default identity private key file. There is no default if on k8s; only on OpenShift. -*/}} -{{- define "kiali-server.identity.private_key_file" -}} -{{- if hasKey .Values.identity "private_key_file" }} - {{- .Values.identity.private_key_file }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- "/kiali-cert/tls.key" }} - {{- else }} - {{- "" }} - {{- end }} -{{- end }} -{{- end }} - -{{/* -Determine the istio namespace - default is where Kiali is installed. -*/}} -{{- define "kiali-server.istio_namespace" -}} -{{- if .Values.istio_namespace }} - {{- .Values.istio_namespace }} -{{- else }} - {{- .Release.Namespace }} -{{- end }} -{{- end }} - -{{/* -Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. -*/}} -{{- define "kiali-server.auth.strategy" -}} -{{- if .Values.auth.strategy }} - {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} - {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} - {{- end }} - {{- .Values.auth.strategy }} -{{- else }} - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - {{- if not .Values.kiali_route_url }} - {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} - {{- end }} - {{- "openshift" }} - {{- else }} - {{- "token" }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubezero-istio/charts/kiali-server/templates/cabundle.yaml b/charts/kubezero-istio/charts/kiali-server/templates/cabundle.yaml deleted file mode 100644 index 7462b95..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/cabundle.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kiali-server.fullname" . }}-cabundle - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - service.beta.openshift.io/inject-cabundle: "true" -... -{{- end }} diff --git a/charts/kubezero-istio/charts/kiali-server/templates/configmap.yaml b/charts/kubezero-istio/charts/kiali-server/templates/configmap.yaml deleted file mode 100644 index f4bfa09..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -data: - config.yaml: | - {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} - {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} - {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} - {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} - {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} - {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} - {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} - {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} - {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }} - {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} - {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} - {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} - {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} - {{- toYaml $cm | nindent 4 }} -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/deployment.yaml b/charts/kubezero-istio/charts/kiali-server/templates/deployment.yaml deleted file mode 100644 index ce47d8a..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/deployment.yaml +++ /dev/null @@ -1,165 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.deployment.replicas }} - selector: - matchLabels: - {{- include "kiali-server.selectorLabels" . | nindent 6 }} - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 8 }} - {{- if .Values.deployment.pod_labels }} - {{- toYaml .Values.deployment.pod_labels | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.server.metrics_enabled }} - prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.server.metrics_port | quote }} - {{- else }} - prometheus.io/scrape: "false" - prometheus.io/port: "" - {{- end }} - kiali.io/dashboards: go,kiali - {{- if .Values.deployment.pod_annotations }} - {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "kiali-server.fullname" . }} - {{- if .Values.deployment.priority_class_name }} - priorityClassName: {{ .Values.deployment.priority_class_name | quote }} - {{- end }} - {{- if .Values.deployment.image_pull_secrets }} - imagePullSecrets: - {{- range .Values.deployment.image_pull_secrets }} - - name: {{ . }} - {{- end }} - {{- end }} - containers: - - image: "{{ .Values.deployment.image_name }}:{{ .Values.deployment.image_version }}" - imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} - name: {{ include "kiali-server.fullname" . }} - command: - - "/opt/kiali/kiali" - - "-config" - - "/kiali-configuration/config.yaml" - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - ports: - - name: api-port - containerPort: {{ .Values.server.port | default 20001 }} - {{- if .Values.server.metrics_enabled }} - - name: http-metrics - containerPort: {{ .Values.server.metrics_port | default 9090 }} - {{- end }} - readinessProbe: - httpGet: - path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz - port: api-port - {{- if (include "kiali-server.identity.cert_file" .) }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - httpGet: - path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz - port: api-port - {{- if (include "kiali-server.identity.cert_file" .) }} - scheme: HTTPS - {{- else }} - scheme: HTTP - {{- end }} - initialDelaySeconds: 5 - periodSeconds: 30 - env: - - name: ACTIVE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LOG_LEVEL - value: "{{ include "kiali-server.logLevel" . }}" - - name: LOG_FORMAT - value: "{{ .Values.deployment.logger.log_format }}" - - name: LOG_TIME_FIELD_FORMAT - value: "{{ .Values.deployment.logger.time_field_format }}" - - name: LOG_SAMPLER_RATE - value: "{{ .Values.deployment.logger.sampler_rate }}" - volumeMounts: - - name: {{ include "kiali-server.fullname" . }}-configuration - mountPath: "/kiali-configuration" - - name: {{ include "kiali-server.fullname" . }}-cert - mountPath: "/kiali-cert" - - name: {{ include "kiali-server.fullname" . }}-secret - mountPath: "/kiali-secret" - - name: {{ include "kiali-server.fullname" . }}-cabundle - mountPath: "/kiali-cabundle" - {{- if .Values.deployment.resources }} - resources: - {{- toYaml .Values.deployment.resources | nindent 10 }} - {{- end }} - volumes: - - name: {{ include "kiali-server.fullname" . }}-configuration - configMap: - name: {{ include "kiali-server.fullname" . }} - - name: {{ include "kiali-server.fullname" . }}-cert - secret: - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - secretName: {{ include "kiali-server.fullname" . }}-cert-secret - {{- else }} - secretName: istio.{{ include "kiali-server.fullname" . }}-service-account - {{- end }} - {{- if not (include "kiali-server.identity.cert_file" .) }} - optional: true - {{- end }} - - name: {{ include "kiali-server.fullname" . }}-secret - secret: - secretName: {{ .Values.deployment.secret_name }} - optional: true - - name: {{ include "kiali-server.fullname" . }}-cabundle - configMap: - name: {{ include "kiali-server.fullname" . }}-cabundle - {{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} - optional: true - {{- end }} - {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} - affinity: - {{- if .Values.deployment.affinity.node }} - nodeAffinity: - {{- toYaml .Values.deployment.affinity.node | nindent 10 }} - {{- end }} - {{- if .Values.deployment.affinity.pod }} - podAffinity: - {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} - {{- end }} - {{- if .Values.deployment.affinity.pod_anti }} - podAntiAffinity: - {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} - {{- end }} - {{- end }} - {{- if .Values.deployment.tolerations }} - tolerations: - {{- toYaml .Values.deployment.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.deployment.node_selector }} - nodeSelector: - {{- toYaml .Values.deployment.node_selector | nindent 8 }} - {{- end }} -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/hpa.yaml b/charts/kubezero-istio/charts/kiali-server/templates/hpa.yaml deleted file mode 100644 index 934c4c1..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/hpa.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.deployment.hpa.spec }} ---- -apiVersion: {{ .Values.deployment.hpa.api_version }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "kiali-server.fullname" . }} - {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} -... -{{- end }} diff --git a/charts/kubezero-istio/charts/kiali-server/templates/ingress.yaml b/charts/kubezero-istio/charts/kiali-server/templates/ingress.yaml deleted file mode 100644 index 6868695..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} -{{- if .Values.deployment.ingress_enabled }} ---- -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -apiVersion: networking.k8s.io/v1 -{{- else }} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} - {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} - {{- else }} - # For ingress-nginx versions older than 0.20.0 use secure-backends. - # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) - # For ingress-nginx versions 0.20.0 and later use backend-protocol. - {{- if (include "kiali-server.identity.cert_file" .) }} - nginx.ingress.kubernetes.io/secure-backends: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - {{- else }} - nginx.ingress.kubernetes.io/secure-backends: "false" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - {{- end }} - {{- end }} -spec: - {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} - {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} - {{- else }} - rules: - - http: - paths: - - path: {{ include "kiali-server.server.web_root" . }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - pathType: Prefix - backend: - service: - name: {{ include "kiali-server.fullname" . }} - port: - number: {{ .Values.server.port }} - {{- else }} - backend: - serviceName: {{ include "kiali-server.fullname" . }} - servicePort: {{ .Values.server.port }} - {{- end }} - {{- if not (empty .Values.server.web_fqdn) }} - host: {{ .Values.server.web_fqdn }} - {{- end }} - {{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/kubezero-istio/charts/kiali-server/templates/oauth.yaml b/charts/kubezero-istio/charts/kiali-server/templates/oauth.yaml deleted file mode 100644 index a178bb8..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/oauth.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} -{{- if .Values.kiali_route_url }} ---- -apiVersion: oauth.openshift.io/v1 -kind: OAuthClient -metadata: - name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -redirectURIs: -- {{ .Values.kiali_route_url }} -grantMethod: auto -allowAnyScope: true -... -{{- end }} -{{- end }} diff --git a/charts/kubezero-istio/charts/kiali-server/templates/role-controlplane.yaml b/charts/kubezero-istio/charts/kiali-server/templates/role-controlplane.yaml deleted file mode 100644 index a22c767..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/role-controlplane.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "kiali-server.fullname" . }}-controlplane - namespace: {{ include "kiali-server.istio_namespace" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - secrets - verbs: - - list -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/role-viewer.yaml b/charts/kubezero-istio/charts/kiali-server/templates/role-viewer.yaml deleted file mode 100644 index 706b956..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/role-viewer.yaml +++ /dev/null @@ -1,89 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kiali-server.fullname" . }}-viewer - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - pods/log - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - namespaces - - pods - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - pods/portforward - verbs: - - create - - post -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - networking.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch -- apiGroups: ["apps.openshift.io"] - resources: - - deploymentconfigs - verbs: - - get - - list - - watch -- apiGroups: ["project.openshift.io"] - resources: - - projects - verbs: - - get -- apiGroups: ["route.openshift.io"] - resources: - - routes - verbs: - - get -- apiGroups: ["iter8.tools"] - resources: - - experiments - verbs: - - get - - list - - watch -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: - - create -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/role.yaml b/charts/kubezero-istio/charts/kiali-server/templates/role.yaml deleted file mode 100644 index 4ce52ee..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/role.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - resources: - - configmaps - - endpoints - - pods/log - verbs: - - get - - list - - watch -- apiGroups: [""] - resources: - - namespaces - - pods - - replicationcontrollers - - services - verbs: - - get - - list - - watch - - patch -- apiGroups: [""] - resources: - - pods/portforward - verbs: - - create - - post -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - get - - list - - watch - - patch -- apiGroups: ["batch"] - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - patch -- apiGroups: - - networking.istio.io - - security.istio.io - resources: ["*"] - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: ["apps.openshift.io"] - resources: - - deploymentconfigs - verbs: - - get - - list - - watch - - patch -- apiGroups: ["project.openshift.io"] - resources: - - projects - verbs: - - get -- apiGroups: ["route.openshift.io"] - resources: - - routes - verbs: - - get -- apiGroups: ["iter8.tools"] - resources: - - experiments - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: - - create -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/rolebinding-controlplane.yaml b/charts/kubezero-istio/charts/kiali-server/templates/rolebinding-controlplane.yaml deleted file mode 100644 index 5a00158..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/rolebinding-controlplane.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }}-controlplane - namespace: {{ include "kiali-server.istio_namespace" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "kiali-server.fullname" . }}-controlplane -subjects: -- kind: ServiceAccount - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/rolebinding.yaml b/charts/kubezero-istio/charts/kiali-server/templates/rolebinding.yaml deleted file mode 100644 index 1eaabd6..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "kiali-server.fullname" . }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - {{- if .Values.deployment.view_only_mode }} - name: {{ include "kiali-server.fullname" . }}-viewer - {{- else }} - name: {{ include "kiali-server.fullname" . }} - {{- end }} -subjects: -- kind: ServiceAccount - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/route.yaml b/charts/kubezero-istio/charts/kiali-server/templates/route.yaml deleted file mode 100644 index 27940dc..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/route.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} -{{- if .Values.deployment.ingress_enabled }} -# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} - annotations: - {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} - {{- end }} -spec: - {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} - {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} - {{- else }} - tls: - termination: reencrypt - insecureEdgeTerminationPolicy: Redirect - to: - kind: Service - targetPort: {{ .Values.server.port }} - name: {{ include "kiali-server.fullname" . }} - {{- end }} -... -{{- end }} -{{- end }} diff --git a/charts/kubezero-istio/charts/kiali-server/templates/service.yaml b/charts/kubezero-istio/charts/kiali-server/templates/service.yaml deleted file mode 100644 index e7618d6..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} - annotations: - {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} - service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret - {{- end }} - {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} - {{- if empty .Values.server.web_port }} - kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} - {{- else }} - kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} - {{- end }} - {{- end }} - {{- if .Values.deployment.service_annotations }} - {{- toYaml .Values.deployment.service_annotations | nindent 4 }} - {{- end }} -spec: - {{- if .Values.deployment.service_type }} - type: {{ .Values.deployment.service_type }} - {{- end }} - ports: - {{- if (include "kiali-server.identity.cert_file" .) }} - - name: tcp - {{- else }} - - name: http - {{- end }} - protocol: TCP - port: {{ .Values.server.port }} - {{- if .Values.server.metrics_enabled }} - - name: http-metrics - protocol: TCP - port: {{ .Values.server.metrics_port }} - {{- end }} - selector: - {{- include "kiali-server.selectorLabels" . | nindent 4 }} - {{- if .Values.deployment.additional_service_yaml }} - {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} - {{- end }} -... diff --git a/charts/kubezero-istio/charts/kiali-server/templates/serviceaccount.yaml b/charts/kubezero-istio/charts/kiali-server/templates/serviceaccount.yaml deleted file mode 100644 index 9151b6f..0000000 --- a/charts/kubezero-istio/charts/kiali-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "kiali-server.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kiali-server.labels" . | nindent 4 }} -... diff --git a/charts/kubezero-istio/charts/kiali-server/values.yaml b/charts/kubezero-istio/charts/kiali-server/values.yaml deleted file mode 100644 index 4c299a3..0000000 --- a/charts/kubezero-istio/charts/kiali-server/values.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead. -# This is only supported for backward compatibility and will be removed in a future version. -# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali", -# then 'deployment.instance_name' will take the value of 'fullnameOverride' value. -# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used. -fullnameOverride: "kiali" - -# This is required for "openshift" auth strategy. -# You have to know ahead of time what your Route URL will be because -# right now the helm chart can't figure this out at runtime (it would -# need to wait for the Kiali Route to be deployed and for OpenShift -# to start it up). If someone knows how to update this helm chart to -# do this, a PR would be welcome. -kiali_route_url: "" - -# -# Settings that mimic the Kiali CR which are placed in the ConfigMap. -# Note that only those values used by the Helm Chart will be here. -# - -istio_namespace: "" # default is where Kiali is installed - -auth: - openid: {} - openshift: {} - strategy: "" - -deployment: - # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. - # For more control over what the Kial Service Account can see, use the Kiali Operator - accessible_namespaces: - - "**" - additional_service_yaml: {} - affinity: - node: {} - pod: {} - pod_anti: {} - hpa: - api_version: "autoscaling/v2beta2" - spec: {} - image_name: quay.io/kiali/kiali - image_pull_policy: "Always" - image_pull_secrets: [] - image_version: v1.38.1 - ingress_enabled: true - instance_name: "kiali" - logger: - log_format: "text" - log_level: "info" - time_field_format: "2006-01-02T15:04:05Z07:00" - sampler_rate: "1" - node_selector: {} - override_ingress_yaml: - metadata: {} - pod_annotations: {} - pod_labels: {} - priority_class_name: "" - replicas: 1 - resources: {} - secret_name: "kiali" - service_annotations: {} - service_type: "" - tolerations: [] - version_label: v1.38.1 - view_only_mode: false - -external_services: - custom_dashboards: - enabled: true - -identity: {} - #cert_file: - #private_key_file: - -login_token: - signing_key: "" - -server: - port: 20001 - metrics_enabled: true - metrics_port: 9090 - web_root: "" diff --git a/charts/kubezero-istio/update.sh b/charts/kubezero-istio/update.sh index 7461be9..2f43c3a 100755 --- a/charts/kubezero-istio/update.sh +++ b/charts/kubezero-istio/update.sh @@ -11,7 +11,3 @@ helm dep update # Fetch dashboards from Grafana.com and update ZDT CM ../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml - -# Kiali -rm -rf charts/kiali-server -curl -sL https://github.com/kiali/helm-charts/blob/master/docs/kiali-server-${KIALI_VERSION}.tgz?raw=true | tar xz -C charts diff --git a/charts/kubezero-istio/values.yaml b/charts/kubezero-istio/values.yaml index 97bd635..20e93f6 100644 --- a/charts/kubezero-istio/values.yaml +++ b/charts/kubezero-istio/values.yaml @@ -1,6 +1,6 @@ global: # hub: docker.io/istio - tag: 1.13.5-distroless + tag: 1.14.3-distroless logAsJson: true diff --git a/charts/kubezero-logging/Chart.yaml b/charts/kubezero-logging/Chart.yaml index f13a022..cdf6075 100644 --- a/charts/kubezero-logging/Chart.yaml +++ b/charts/kubezero-logging/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-logging description: KubeZero Umbrella Chart for complete EFK stack type: application -version: 0.8.1 +version: 0.8.2 appVersion: 1.6.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png @@ -13,19 +13,20 @@ keywords: - fluentd - fluent-bit maintainers: - - name: Quarky9 + - name: Stefan Reimer + email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.3" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: eck-operator - version: 2.1.0 + version: 2.4.0 # repository: https://helm.elastic.co condition: eck-operator.enabled - name: fluentd - version: 0.3.7 + version: 0.3.9 condition: fluentd.enabled - name: fluent-bit - version: 0.19.23 + version: 0.20.6 condition: fluent-bit.enabled -kubeVersion: ">= 1.18.0" +kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md index 830e3a8..7d5cbb8 100644 --- a/charts/kubezero-logging/README.md +++ b/charts/kubezero-logging/README.md @@ -1,6 +1,6 @@ # kubezero-logging -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) +![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) KubeZero Umbrella Chart for complete EFK stack @@ -10,18 +10,18 @@ KubeZero Umbrella Chart for complete EFK stack | Name | Email | Url | | ---- | ------ | --- | -| Quarky9 | | | +| Stefan Reimer | | | ## Requirements -Kubernetes: `>= 1.18.0` +Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | eck-operator | 2.1.0 | -| | fluent-bit | 0.19.23 | -| | fluentd | 0.3.7 | -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.3 | +| | eck-operator | 2.4.0 | +| | fluent-bit | 0.20.6 | +| | fluentd | 0.3.9 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | ## Changes from upstream ### ECK diff --git a/charts/kubezero-logging/charts/eck-operator/Chart.yaml b/charts/kubezero-logging/charts/eck-operator/Chart.yaml index 18bd9be..2ab535f 100644 --- a/charts/kubezero-logging/charts/eck-operator/Chart.yaml +++ b/charts/kubezero-logging/charts/eck-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.1.0 +appVersion: 2.4.0 description: 'A Helm chart for deploying the Elastic Cloud on Kubernetes (ECK) operator: the official Kubernetes operator for orchestrating Elasticsearch, Kibana, APM Server, Enterprise Search, and Beats.' home: https://github.com/elastic/cloud-on-k8s icon: https://helm.elastic.co/icons/eck.png @@ -17,4 +17,4 @@ maintainers: name: Elastic name: eck-operator type: application -version: 2.1.0 +version: 2.4.0 diff --git a/charts/kubezero-logging/charts/eck-operator/README.md b/charts/kubezero-logging/charts/eck-operator/README.md index 29eccfb..86452e3 100644 --- a/charts/kubezero-logging/charts/eck-operator/README.md +++ b/charts/kubezero-logging/charts/eck-operator/README.md @@ -12,7 +12,7 @@ For more information about the ECK Operator, see: ## Requirements - Supported Kubernetes versions are listed in the documentation: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s_supported_versions.html -- Helm >= 3.0.0 +- Helm >= 3.2.0 ## Usage diff --git a/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml b/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml index 7666c5e..2894a90 100644 --- a/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml +++ b/charts/kubezero-logging/charts/eck-operator/crds/all-crds.yaml @@ -4,14 +4,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: agents.agent.k8s.elastic.co spec: group: agent.k8s.elastic.co @@ -229,7 +229,8 @@ spec: items: properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults @@ -237,6 +238,18 @@ spec: type: string outputName: type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: + the password of the user to be authenticated to the Elastic + resource - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the other fields + name, namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -244,8 +257,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object type: array fleetServerEnabled: @@ -258,12 +269,25 @@ spec: unless `mode` is set to `fleet`. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -271,8 +295,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object http: description: HTTP holds the HTTP layer configuration for the Agent @@ -317,8 +339,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -485,12 +506,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -512,7 +537,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -693,12 +718,25 @@ spec: is set to `fleet`. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -706,8 +744,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object mode: description: Mode specifies the source of configuration for the Agent. @@ -718,6 +754,16 @@ spec: - standalone - fleet type: string + policyID: + description: PolicyID optionally determines into which Agent Policy + this Agent will be enrolled. If left empty the default policy will + be used. + type: string + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying DaemonSet or Deployment. + format: int32 + type: integer secureSettings: description: SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Agent. @@ -793,6 +839,15 @@ spec: kibanaAssociationStatus: description: AssociationStatus is the status of an association resource. type: string + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this Elastic Agent. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Elastic Agent controller has not yet processed the changes contained + in the Elastic Agent specification. + format: int64 + type: integer version: description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value @@ -804,26 +859,20 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: apmservers.apm.k8s.elastic.co spec: group: apm.k8s.elastic.co @@ -886,12 +935,25 @@ spec: cluster running in the same Kubernetes cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -899,8 +961,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object http: description: HTTP holds the HTTP layer configuration for the APM Server @@ -945,8 +1005,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -1113,12 +1172,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -1140,7 +1203,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -1320,12 +1383,25 @@ spec: management in Kibana. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -1333,8 +1409,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object podTemplate: description: PodTemplate provides customisation options (labels, annotations, @@ -1342,6 +1416,11 @@ spec: pods. type: object x-kubernetes-preserve-unknown-fields: true + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying Deployment. + format: int32 + type: integer secureSettings: description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for APM Server. @@ -1380,7 +1459,7 @@ spec: type: array serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. + resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -1413,6 +1492,15 @@ spec: description: KibanaAssociationStatus is the status of any auto-linking to Kibana. type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the status is based upon. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + APM Server controller has not yet processed the changes contained + in the APM Server specification. + format: int64 + type: integer secretTokenSecret: description: SecretTokenSecretName is the name of the Secret that contains the secret token @@ -1539,8 +1627,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -1707,12 +1794,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -1734,7 +1825,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -1990,26 +2081,20 @@ spec: type: object served: false storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: beats.beat.k8s.elastic.co spec: group: beat.k8s.elastic.co @@ -2229,12 +2314,25 @@ spec: running in the same Kubernetes cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -2242,8 +2340,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object image: description: Image is the Beat Docker image to deploy. Version and @@ -2255,12 +2351,25 @@ spec: and visualizations. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -2268,9 +2377,12 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying DaemonSet or Deployment. + format: int32 + type: integer secureSettings: description: SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat. @@ -2316,7 +2428,7 @@ spec: type: string type: description: Type is the type of the Beat to deploy (filebeat, metricbeat, - heartbeat, auditbeat, journalbeat, packetbeat, etc.). Any string + heartbeat, auditbeat, journalbeat, packetbeat, and so on). Any string can be used, but well-known types will have the image field defaulted and have the appropriate Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`. @@ -2347,6 +2459,15 @@ spec: kibanaAssociationStatus: description: AssociationStatus is the status of an association resource. type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the status is based upon. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Beats controller has not yet processed the changes contained in + the Beats specification. + format: int64 + type: integer version: description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value @@ -2358,26 +2479,20 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: elasticmapsservers.maps.k8s.elastic.co spec: group: maps.k8s.elastic.co @@ -2453,12 +2568,25 @@ spec: running in the same Kubernetes cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -2466,8 +2594,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object http: description: HTTP holds the HTTP layer configuration for Elastic Maps @@ -2512,8 +2638,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -2680,12 +2805,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -2707,7 +2836,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -2887,9 +3016,14 @@ spec: Server pods type: object x-kubernetes-preserve-unknown-fields: true + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying Deployment. + format: int32 + type: integer serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. + resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -2917,6 +3051,15 @@ spec: health: description: Health of the deployment. type: string + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this Elastic Maps Server. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Elastic Maps controller has not yet processed the changes contained + in the Elastic Maps specification. + format: int64 + type: integer selector: description: Selector is the label selector used to find all pods. type: string @@ -2935,26 +3078,20 @@ spec: specReplicasPath: .spec.count statusReplicasPath: .status.count status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: elasticsearches.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co @@ -3078,8 +3215,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -3246,12 +3382,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -3273,7 +3413,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -3465,15 +3605,31 @@ spec: cluster is currently supported. items: description: ObjectSelector defines a reference to a Kubernetes - object. + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests @@ -3482,8 +3638,6 @@ spec: the default HTTP service of the referenced resource is used. type: string - required: - - name type: object type: array type: object @@ -3498,15 +3652,31 @@ spec: cluster is currently supported. items: description: ObjectSelector defines a reference to a Kubernetes - object. + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests @@ -3515,8 +3685,6 @@ spec: the default HTTP service of the referenced resource is used. type: string - required: - - name type: object type: array type: object @@ -3595,18 +3763,18 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics + description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new @@ -3634,28 +3802,30 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) or + a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if + the type of the specified object matches some installed + volume populator or dynamic provisioner. This field + will replace the functionality of the DataSource + field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of + them is empty and the other is non-empty. There + are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows + any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Alpha) Using this field requires the + specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -3677,8 +3847,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -3711,8 +3882,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -3758,9 +3929,10 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -3768,17 +3940,17 @@ spec: implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status + description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access + description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: @@ -3791,18 +3963,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume - expansion capacity request is lowered, allocatedResources - is only lowered if there are no expansion operations - in progress and if the actual volume capacity is - equal or lower than the requested capacity. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. + For storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation. If a volume expansion capacity + request is lowered, allocatedResources is only lowered + if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. This is an alpha field + and requires enabling RecoverVolumeExpansionFailure feature. type: object capacity: @@ -3812,36 +3985,40 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: Represents the actual resources of the - underlying volume. + description: capacity represents the actual resources + of the underlying volume. type: object conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. + description: conditions is the current Condition of + persistent volume claim. If underlying persistent + volume is being resized then the Condition will + be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: - description: Last time we probed the condition. + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: lastTransitionTime is the time + the condition transitioned from one status + to another. format: date-time type: string message: - description: Human-readable message indicating - details about last transition. + description: message is the human-readable message + indicating details about last transition. type: string reason: - description: Unique, this should be a short, - machine understandable string that gives the - reason for condition's last transition. If - it reports "ResizeStarted" that means the - underlying persistent volume is being resized. + description: reason is a unique, this should + be a short, machine understandable string + that gives the reason for condition's last + transition. If it reports "ResizeStarted" + that means the underlying persistent volume + is being resized. type: string status: type: string @@ -3855,11 +4032,11 @@ spec: type: object type: array phase: - description: Phase represents the current phase of + description: phase represents the current phase of PersistentVolumeClaim. type: string resizeStatus: - description: ResizeStatus stores status of resize + description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This @@ -3926,10 +4103,9 @@ spec: x-kubernetes-int-or-string: true selector: description: Label query over pods whose evictions are managed - by the disruption budget. A null selector selects no pods. - An empty selector ({}) also selects no pods, which differs - from standard behavior of selecting all pods. In policy/v1, - an empty selector will select all pods in the namespace. + by the disruption budget. A null selector will match no + pods, while an empty ({}) selector will select all pods + within the namespace. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -3973,6 +4149,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object type: object remoteClusters: @@ -3987,7 +4164,8 @@ spec: cluster running within the same k8s cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, @@ -4000,8 +4178,6 @@ spec: resource. If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object name: description: Name is the name of the remote cluster as it is @@ -4013,6 +4189,11 @@ spec: - name type: object type: array + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying StatefulSets. + format: int32 + type: integer secureSettings: description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch. @@ -4051,9 +4232,9 @@ spec: type: array serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a resource (eg. a remote Elasticsearch cluster) in a - different namespace. Can only be used if ECK is enforcing RBAC on - references. + resource to a resource (for ex. a remote Elasticsearch cluster) + in a different namespace. Can only be used if ECK is enforcing RBAC + on references. type: string transport: description: Transport holds transport layer settings for Elasticsearch. @@ -4097,8 +4278,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -4265,12 +4445,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -4292,7 +4476,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -4590,8 +4774,6 @@ spec: can be made. It is only available for clusters managed with the Elasticsearch shutdown API. type: boolean - required: - - nodes type: object upgrade: description: UpgradeOperation provides an overview of the pending @@ -4634,8 +4816,6 @@ spec: - status type: object type: array - required: - - nodes type: object upscale: description: UpscaleOperation provides an overview of in progress @@ -4667,8 +4847,6 @@ spec: - status type: object type: array - required: - - nodes type: object required: - downscale @@ -4790,8 +4968,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -4958,12 +5135,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -4985,7 +5166,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -5230,18 +5411,18 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics + description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new @@ -5269,28 +5450,30 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) or + a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if + the type of the specified object matches some installed + volume populator or dynamic provisioner. This field + will replace the functionality of the DataSource + field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of + them is empty and the other is non-empty. There + are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows + any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Alpha) Using this field requires the + specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -5312,8 +5495,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -5346,8 +5530,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -5393,9 +5577,10 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -5403,17 +5588,17 @@ spec: implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object status: - description: 'Status represents the current information/status + description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access + description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: @@ -5426,18 +5611,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume - expansion capacity request is lowered, allocatedResources - is only lowered if there are no expansion operations - in progress and if the actual volume capacity is - equal or lower than the requested capacity. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. + For storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation. If a volume expansion capacity + request is lowered, allocatedResources is only lowered + if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. This is an alpha field + and requires enabling RecoverVolumeExpansionFailure feature. type: object capacity: @@ -5447,36 +5633,40 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: Represents the actual resources of the - underlying volume. + description: capacity represents the actual resources + of the underlying volume. type: object conditions: - description: Current Condition of persistent volume - claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. + description: conditions is the current Condition of + persistent volume claim. If underlying persistent + volume is being resized then the Condition will + be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: - description: Last time we probed the condition. + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: lastTransitionTime is the time + the condition transitioned from one status + to another. format: date-time type: string message: - description: Human-readable message indicating - details about last transition. + description: message is the human-readable message + indicating details about last transition. type: string reason: - description: Unique, this should be a short, - machine understandable string that gives the - reason for condition's last transition. If - it reports "ResizeStarted" that means the - underlying persistent volume is being resized. + description: reason is a unique, this should + be a short, machine understandable string + that gives the reason for condition's last + transition. If it reports "ResizeStarted" + that means the underlying persistent volume + is being resized. type: string status: type: string @@ -5490,11 +5680,11 @@ spec: type: object type: array phase: - description: Phase represents the current phase of + description: phase represents the current phase of PersistentVolumeClaim. type: string resizeStatus: - description: ResizeStatus stores status of resize + description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This @@ -5609,6 +5799,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object type: object secureSettings: @@ -5707,26 +5898,20 @@ spec: type: object served: false storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: group: enterprisesearch.k8s.elastic.co @@ -5801,12 +5986,25 @@ spec: cluster running in the same Kubernetes cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -5814,8 +6012,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object http: description: HTTP holds the HTTP layer configuration for Enterprise @@ -5860,8 +6056,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -6028,12 +6223,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -6055,7 +6254,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -6235,9 +6434,14 @@ spec: Search pods. type: object x-kubernetes-preserve-unknown-fields: true + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying Deployment. + format: int32 + type: integer serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. + resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -6264,6 +6468,15 @@ spec: health: description: Health of the deployment. type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the status is based upon. It corresponds to the metadata generation, + which is updated on mutation by the API Server. If the generation + observed in status diverges from the generation in metadata, the + Enterprise Search controller has not yet processed the changes contained + in the Enterprise Search specification. + format: int64 + type: integer selector: description: Selector is the label selector used to find all pods. type: string @@ -6346,12 +6559,25 @@ spec: cluster running in the same Kubernetes cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -6359,8 +6585,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object http: description: HTTP holds the HTTP layer configuration for Enterprise @@ -6405,8 +6629,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -6573,12 +6796,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -6600,7 +6827,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -6782,7 +7009,7 @@ spec: x-kubernetes-preserve-unknown-fields: true serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. + resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -6827,26 +7054,20 @@ spec: storage: false subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: eck-operator-crds/templates/all-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.1 creationTimestamp: null labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.1.0' - helm.sh/chart: 'eck-operator-crds-2.1.0' + app.kubernetes.io/version: '2.4.0' + helm.sh/chart: 'eck-operator-crds-2.4.0' name: kibanas.kibana.k8s.elastic.co spec: group: kibana.k8s.elastic.co @@ -6909,12 +7130,25 @@ spec: running in the same Kubernetes cluster. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -6922,8 +7156,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object enterpriseSearchRef: description: EnterpriseSearchRef is a reference to an EnterpriseSearch @@ -6931,12 +7163,25 @@ spec: Enterprise Search UI starting version 7.14. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing Kubernetes + secret that contains connection information for associating + an Elastic resource not managed by the operator. The referenced + secret must contain the following: - `url`: the URL to reach + the Elastic resource - `username`: the username of the user + to be authenticated to the Elastic resource - `password`: the + password of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). This + field cannot be used in combination with the other fields name, + namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. @@ -6944,8 +7189,6 @@ spec: If left empty, the default HTTP service of the referenced resource is used. type: string - required: - - name type: object http: description: HTTP holds the HTTP layer configuration for Kibana. @@ -6989,8 +7232,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -7157,12 +7399,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -7184,7 +7430,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -7376,15 +7622,31 @@ spec: cluster is currently supported. items: description: ObjectSelector defines a reference to a Kubernetes - object. + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests @@ -7393,8 +7655,6 @@ spec: the default HTTP service of the referenced resource is used. type: string - required: - - name type: object type: array type: object @@ -7409,15 +7669,31 @@ spec: cluster is currently supported. items: description: ObjectSelector defines a reference to a Kubernetes - object. + object which can be an Elastic resource managed by the + operator or a Secret describing an external Elastic resource + not managed by the operator. properties: name: - description: Name of the Kubernetes object. + description: Name of an existing Kubernetes object corresponding + to an Elastic resource managed by ECK. type: string namespace: description: Namespace of the Kubernetes object. If empty, defaults to the current namespace. type: string + secretName: + description: 'SecretName is the name of an existing + Kubernetes secret that contains connection information + for associating an Elastic resource not managed by + the operator. The referenced secret must contain the + following: - `url`: the URL to reach the Elastic resource + - `username`: the username of the user to be authenticated + to the Elastic resource - `password`: the password + of the user to be authenticated to the Elastic resource + - `ca.crt`: the CA certificate in PEM format (optional). + This field cannot be used in combination with the + other fields name, namespace or serviceName.' + type: string serviceName: description: ServiceName is the name of an existing Kubernetes service which is used to make requests @@ -7426,8 +7702,6 @@ spec: the default HTTP service of the referenced resource is used. type: string - required: - - name type: object type: array type: object @@ -7437,6 +7711,11 @@ spec: affinity rules, resource requests, and so on) for the Kibana pods type: object x-kubernetes-preserve-unknown-fields: true + revisionHistoryLimit: + description: RevisionHistoryLimit is the number of revisions to retain + to allow rollback in the underlying Deployment. + format: int32 + type: integer secureSettings: description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Kibana. @@ -7475,7 +7754,7 @@ spec: type: array serviceAccountName: description: ServiceAccountName is used to check access from the current - resource to a resource (eg. Elasticsearch) in a different namespace. + resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references. type: string version: @@ -7646,8 +7925,7 @@ spec: be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other - type. This field is beta-level and is only honored by - servers that enable the ServiceLBNodePortControl feature. + type. type: boolean clusterIP: description: 'clusterIP is the IP address of the service @@ -7814,12 +8092,16 @@ spec: a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer - LoadBalancer will get created with the IP specified - in this field. This feature depends on whether the underlying - cloud-provider supports specifying the loadBalancerIP - when a load balancer is created. This field will be - ignored if the cloud-provider does not support the feature.' + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific + annotations when available. This field may be removed + in a future API version.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -7841,7 +8123,7 @@ spec: description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. type: string @@ -8086,9 +8368,3 @@ spec: type: object served: false storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl b/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl index a47c2c4..69e8ec7 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl +++ b/charts/kubezero-logging/charts/eck-operator/templates/_helpers.tpl @@ -126,6 +126,22 @@ updating docs/operating-eck/eck-permissions.asciidoc file. - subjectaccessreviews verbs: - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - elastic-operator-leader + verbs: + - get + - watch + - update - apiGroups: - "" resources: diff --git a/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml b/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml index d84de6d..a1e08e6 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/configmap.yaml @@ -45,3 +45,4 @@ data: {{- if .Values.managedNamespaces }} namespaces: [{{ join "," .Values.managedNamespaces }}] {{- end }} + enable-leader-election: {{ .Values.config.enableLeaderElection }} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml b/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml index e40146d..5c1fd03 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/statefulset.yaml @@ -31,6 +31,9 @@ spec: spec: terminationGracePeriodSeconds: 10 serviceAccountName: {{ include "eck-operator.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/charts/kubezero-logging/charts/eck-operator/templates/validate-chart.yaml b/charts/kubezero-logging/charts/eck-operator/templates/validate-chart.yaml index c0b7f7d..326b70b 100644 --- a/charts/kubezero-logging/charts/eck-operator/templates/validate-chart.yaml +++ b/charts/kubezero-logging/charts/eck-operator/templates/validate-chart.yaml @@ -21,3 +21,9 @@ {{- fail "Storage class validation cannot be enabled when cluster-scoped resource creation is disabled" -}} {{- end -}} {{- end -}} + +{{- if (not .Values.config.enableLeaderElection) -}} + {{- if gt (int .Values.replicaCount) 1 -}} + {{- fail "Leader election must be enabled with more than one replica" -}} + {{- end -}} +{{- end -}} diff --git a/charts/kubezero-logging/charts/eck-operator/values.yaml b/charts/kubezero-logging/charts/eck-operator/values.yaml index a708632..efc9ac1 100644 --- a/charts/kubezero-logging/charts/eck-operator/values.yaml +++ b/charts/kubezero-logging/charts/eck-operator/values.yaml @@ -25,6 +25,9 @@ image: # tag is the container image tag. If not defined, defaults to chart appVersion. tag: null +# priorityClassName defines the PriorityClass to be used by the operator pods. +priorityClassName: "" + # imagePullSecrets defines the secrets to use when pulling the operator container image. imagePullSecrets: [] @@ -176,6 +179,9 @@ config: # Can be disabled if cluster-wide storage class RBAC access is not available. validateStorageClass: true + # enableLeaderElection specifies whether leader election should be enabled + enableLeaderElection: true + # Prometheus PodMonitor configuration # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmonitor podMonitor: diff --git a/charts/kubezero-logging/charts/fluent-bit/Chart.yaml b/charts/kubezero-logging/charts/fluent-bit/Chart.yaml index b743b80..447a087 100644 --- a/charts/kubezero-logging/charts/fluent-bit/Chart.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/Chart.yaml @@ -1,9 +1,9 @@ annotations: artifacthub.io/changes: | - kind: changed - description: "Update fluent-bit image to 1.8.15." + description: "Additional upstream config option added" apiVersion: v1 -appVersion: 1.8.15 +appVersion: 1.9.7 description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD family operating systems. home: https://fluentbit.io/ @@ -24,4 +24,4 @@ maintainers: name: fluent-bit sources: - https://github.com/fluent/fluent-bit/ -version: 0.19.23 +version: 0.20.6 diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml index df1a3ba..7bdcd6c 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml @@ -29,4 +29,14 @@ rules: verbs: - use {{- end }} + {{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }} + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - {{ include "fluent-bit.fullname" . }} + verbs: + - use + {{- end }} {{- end -}} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml index 47c0e40..5174d5d 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/configmap.yaml @@ -13,6 +13,10 @@ data: {{- (tpl .Values.config.inputs $) | nindent 4 }} {{- (tpl .Values.config.filters $) | nindent 4 }} {{- (tpl .Values.config.outputs $) | nindent 4 }} + {{- range $key, $val := .Values.config.upstream }} + {{ $key }}: | + {{- (tpl $val $) | nindent 4 }} + {{- end }} {{- range $key, $val := .Values.config.extraFiles }} {{ $key }}: | {{- (tpl $val $) | nindent 4 }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml new file mode 100644 index 0000000..300a8ed --- /dev/null +++ b/charts/kubezero-logging/charts/fluent-bit/templates/scc.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: {{ include "fluent-bit.fullname" . }} +{{- if .Values.openShift.securityContextConstraints.annotations }} + annotations: + {{- toYaml .Values.openShift.securityContextConstraints.annotations | nindent 4 }} +{{- end }} +allowPrivilegedContainer: true +allowPrivilegeEscalation: true +allowHostDirVolumePlugin: true +defaultAllowPrivilegeEscalation: false +# forbid host namespaces +allowHostNetwork: false +allowHostIPC: false +allowHostPorts: false +allowHostPID: false +allowedCapabilities: [] +forbiddenSysctls: +- "*" +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +volumes: + - configMap + - emptyDir + - hostPath + - persistentVolumeClaim + - secret +{{- end }} diff --git a/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml b/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml index d8d7b5c..e61d1ee 100644 --- a/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml @@ -13,6 +13,9 @@ metadata: {{- end }} spec: type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} ports: - port: {{ .Values.service.port }} targetPort: http diff --git a/charts/kubezero-logging/charts/fluent-bit/values.yaml b/charts/kubezero-logging/charts/fluent-bit/values.yaml index 72f2027..92bbe1c 100644 --- a/charts/kubezero-logging/charts/fluent-bit/values.yaml +++ b/charts/kubezero-logging/charts/fluent-bit/values.yaml @@ -36,6 +36,14 @@ podSecurityPolicy: create: false annotations: {} +openShift: + # Sets Openshift support + enabled: false + # Creates SCC for Fluent-bit when Openshift support is enabled + securityContextConstraints: + create: true + annotations: {} + podSecurityContext: {} # fsGroup: 2000 @@ -72,6 +80,7 @@ service: port: 2020 labels: {} # nodePort: 30020 + # clusterIP: 172.16.10.1 annotations: {} # prometheus.io/path: "/api/v1/metrics/prometheus" # prometheus.io/port: "2020" @@ -322,6 +331,17 @@ config: Logstash_Prefix node Retry_Limit False + ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/upstream-servers + upstream: {} +# upstream.conf: | +# [UPSTREAM] +# upstream1 +# +# [NODE] +# name node-1 +# host 127.0.0.1 +# port 43000 + ## https://docs.fluentbit.io/manual/pipeline/parsers customParsers: | [PARSER] diff --git a/charts/kubezero-logging/charts/fluentd/Chart.yaml b/charts/kubezero-logging/charts/fluentd/Chart.yaml index edc21e7..cad0e09 100644 --- a/charts/kubezero-logging/charts/fluentd/Chart.yaml +++ b/charts/kubezero-logging/charts/fluentd/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v1.12.4 +appVersion: v1.14.6 description: A Helm chart for Kubernetes home: https://www.fluentd.org/ icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png @@ -12,4 +12,4 @@ name: fluentd sources: - https://github.com/fluent/fluentd/ - https://github.com/fluent/fluentd-kubernetes-daemonset -version: 0.3.7 +version: 0.3.9 diff --git a/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl b/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl index 8e27bfa..db217d6 100644 --- a/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl +++ b/charts/kubezero-logging/charts/fluentd/templates/_pod.tpl @@ -13,6 +13,10 @@ securityContext: {{- with .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ . }} {{- end }} +{{- with .Values.initContainers }} +initContainers: + {{- toYaml . | nindent 2 }} +{{- end }} containers: - name: {{ .Chart.Name }} securityContext: diff --git a/charts/kubezero-logging/charts/fluentd/values.yaml b/charts/kubezero-logging/charts/fluentd/values.yaml index ce705e3..ebee339 100644 --- a/charts/kubezero-logging/charts/fluentd/values.yaml +++ b/charts/kubezero-logging/charts/fluentd/values.yaml @@ -173,6 +173,8 @@ env: envFrom: [] +initContainers: [] + volumes: - name: varlog hostPath: diff --git a/charts/kubezero-logging/values.yaml b/charts/kubezero-logging/values.yaml index 58cedb6..3dea21e 100644 --- a/charts/kubezero-logging/values.yaml +++ b/charts/kubezero-logging/values.yaml @@ -244,7 +244,7 @@ fluent-bit: image: #repository: public.ecr.aws/zero-downtime/fluent-bit - tag: 1.9.3 + tag: 1.9.7 serviceMonitor: enabled: false diff --git a/charts/kubezero-metrics/Chart.yaml b/charts/kubezero-metrics/Chart.yaml index 2059ae6..0bb82dc 100644 --- a/charts/kubezero-metrics/Chart.yaml +++ b/charts/kubezero-metrics/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-metrics description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations. type: application -version: 0.8.0 +version: 0.8.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -15,18 +15,18 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: kube-prometheus-stack - version: 34.9.0 + version: 39.9.0 # Switch back to upstream once all alerts are fixed eg. etcd gpcr # repository: https://prometheus-community.github.io/helm-charts - name: prometheus-adapter - version: 3.2.0 + version: 3.4.0 repository: https://prometheus-community.github.io/helm-charts condition: prometheus-adapter.enabled - name: prometheus-pushgateway - version: 1.16.1 + version: 1.18.2 # Switch back to upstream once namespaces are supported # repository: https://prometheus-community.github.io/helm-charts condition: prometheus-pushgateway.enabled diff --git a/charts/kubezero-metrics/README.md b/charts/kubezero-metrics/README.md index cc9b868..2e20e64 100644 --- a/charts/kubezero-metrics/README.md +++ b/charts/kubezero-metrics/README.md @@ -1,6 +1,6 @@ # kubezero-metrics -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations. @@ -18,10 +18,10 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | kube-prometheus-stack | 34.9.0 | -| | prometheus-pushgateway | 1.16.1 | -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | -| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.2.0 | +| | kube-prometheus-stack | 39.9.0 | +| | prometheus-pushgateway | 1.18.2 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | +| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.4.0 | ## Values diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml index d1e7b1f..79485c1 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml @@ -6,20 +6,20 @@ annotations: url: https://github.com/prometheus-operator/kube-prometheus artifacthub.io/operator: "true" apiVersion: v2 -appVersion: 0.55.0 +appVersion: 0.58.0 dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts - version: 4.7.* + version: 4.15.* - condition: nodeExporter.enabled name: prometheus-node-exporter repository: https://prometheus-community.github.io/helm-charts - version: 3.1.* + version: 3.3.* - condition: grafana.enabled name: grafana repository: https://grafana.github.io/helm-charts - version: 6.26.* + version: 6.32.* description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus @@ -34,7 +34,6 @@ kubeVersion: '>=1.16.0-0' maintainers: - email: andrew@quadcorps.co.uk name: andrewgkew -- name: bismarck - email: cedric@desaintmartin.fr name: desaintmartin - email: gianrubio@gmail.com @@ -52,4 +51,4 @@ sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus type: application -version: 34.9.0 +version: 39.9.0 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md b/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md index 88ee1a6..fa6e2aa 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md @@ -11,20 +11,19 @@ _Note: This chart was formerly named `prometheus-operator` chart, now renamed to - Kubernetes 1.16+ - Helm 3+ -## Get Repo Info +## Get Helm Repository Info ```console helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update ``` -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ +_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ -## Install Chart +## Install Helm Chart ```console -# Helm -$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack ``` _See [configuration](#configuration) below._ @@ -43,11 +42,10 @@ To disable dependencies during installation, see [multiple releases](#multiple-r _See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ -## Uninstall Chart +## Uninstall Helm Chart ```console -# Helm -$ helm uninstall [RELEASE_NAME] +helm uninstall [RELEASE_NAME] ``` This removes all the Kubernetes components associated with the chart and deletes the release. @@ -70,8 +68,7 @@ kubectl delete crd thanosrulers.monitoring.coreos.com ## Upgrading Chart ```console -# Helm -$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack ``` With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. @@ -83,10 +80,71 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. +### From 38.x to 39.x + +This upgraded prometheus-operator to v0.58.0 and prometheus to v2.37.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 37.x to 38.x + +Reverted one of the default metrics relabelings for cAdvisor added in 36.x, due to it breaking container_network_* and various other statistics. If you do not want this change, you will need to override the `kubelet.cAdvisorMetricRelabelings`. + +### From 36.x to 37.x + +This includes some default metric relabelings for cAdvisor and apiserver metrics to reduce cardinality. If you do not want these defaults, you will need to override the `kubeApiServer.metricRelabelings` and or `kubelet.cAdvisorMetricRelabelings`. + +### From 35.x to 36.x + +This upgraded prometheus-operator to v0.57.0 and prometheus to v2.36.1 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 34.x to 35.x + +This upgraded prometheus-operator to v0.56.0 and prometheus to v2.35.0 + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + ### From 33.x to 34.x + This upgrades to prometheus-operator to v0.55.0 and prometheus to v2.33.5. Run these commands to update the CRDs before applying the upgrade. + ```console kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml @@ -98,14 +156,16 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-oper kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml ``` - ### From 32.x to 33.x -This upgrades the node exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation. + +This upgrades the prometheus-node-exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation. ### From 31.x to 32.x + This upgrades to prometheus-operator to v0.54.0 and prometheus to v2.33.1. It also changes the default for `grafana.serviceMonitor.enabled` to `true. Run these commands to update the CRDs before applying the upgrade. + ```console kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml @@ -117,7 +177,6 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-oper kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml ``` - ### From 30.x to 31.x This version removes the built-in grafana ServiceMonitor and instead relies on the ServiceMonitor of the sub-chart. @@ -145,7 +204,7 @@ If you are using PodSecurityPolicies you can enable the previous behaviour by se ### From 26.x to 27.x -This version splits Node Exporter recording and altering rules in separate config values. +This version splits prometheus-node-exporter chart recording and altering rules in separate config values. Instead of `defaultRules.rules.node` the 2 new variables `defaultRules.rules.nodeExporterAlerting` and `defaultRules.rules.nodeExporterRecording` are used. Also the following defaultRules.rules has been removed as they had no effect: `kubeApiserverError`, `kubePrometheusNodeAlerting`, `kubernetesAbsent`, `time`. @@ -173,7 +232,7 @@ kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-oper ### From 23.x to 24.x -The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. +The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built-in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. For _kube-state-metrics_ the `ServiceMonitor` customisation is now set via `kube-state-metrics.prometheus.monitor` and the `kubeStateMetrics.serviceMonitor.selfMonitor.enabled` value has moved to `kube-state-metrics.selfMonitor.enabled`. @@ -395,7 +454,7 @@ With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. -1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits. +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. 2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. 3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. 4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations @@ -412,7 +471,7 @@ Because the operator can only run as a single pod, there is potential for this c ## Developing Prometheus Rules and Grafana Dashboards -This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. +This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. ## Further Information diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml index 8994eba..e34c67e 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 8.4.5 +appVersion: 9.0.5 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png @@ -19,4 +19,4 @@ name: grafana sources: - https://github.com/grafana/grafana type: application -version: 6.26.0 +version: 6.32.10 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md index 4391114..bbe3f0c 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md @@ -59,17 +59,17 @@ This version requires Helm >= 3.1.0. | `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | | `priorityClassName` | Name of Priority Class to assign pods | `nil` | | `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Image tag (`Must be >= 5.0.0`) | `8.2.5` | -| `image.sha` | Image sha (optional) | `2acf04c016c77ca2e89af3536367ce847ee326effb933121881c7c89781051d3` | +| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` | +| `image.sha` | Image sha (optional) | `` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `{}` | +| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` | | `service.enabled` | Enable grafana service | `true` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `80` | | `service.portName` | Name of the port on the service | `service` | | `service.targetPort` | Internal service is port | `3000` | | `service.nodePort` | Kubernetes service nodePort | `nil` | -| `service.annotations` | Service annotations | `{}` | +| `service.annotations` | Service annotations (can be templated) | `{}` | | `service.labels` | Custom labels | `{}` | | `service.clusterIP` | internal cluster service IP | `nil` | | `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | @@ -98,12 +98,12 @@ This version requires Helm >= 3.1.0. | `persistence.enabled` | Use persistent volume to store data | `false` | | `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | | `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` | | `persistence.storageClassName` | Type of persistent volume claim | `nil` | | `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | | `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | | `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | -| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` | | `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | | `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | | `initChownData.enabled` | If false, don't reset data ownership at startup | true | @@ -122,7 +122,8 @@ This version requires Helm >= 3.1.0. | `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | -| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `createConfigmap` | Enable creating the grafana configmap | `true` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | | `plugins` | Plugins to be loaded along with Grafana | `[]` | | `datasources` | Configure grafana datasources (passed through tpl) | `{}` | @@ -139,8 +140,9 @@ This version requires Helm >= 3.1.0. | `podAnnotations` | Pod annotations | `{}` | | `podLabels` | Pod labels | `{}` | | `podPortName` | Name of the grafana port on the pod | `grafana` | +| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.15.6` | +| `sidecar.image.tag` | Sidecar image tag | `1.19.2` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | @@ -158,7 +160,7 @@ This version requires Helm >= 3.1.0. | `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | | `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | | `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | -| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `""` | | `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | | `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | | `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | @@ -168,7 +170,7 @@ This version requires Helm >= 3.1.0. | `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | | `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | -| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` | | `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | | `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | @@ -180,7 +182,7 @@ This version requires Helm >= 3.1.0. | `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | | `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | | `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | -| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | | `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | | `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | | `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | @@ -239,9 +241,15 @@ This version requires Helm >= 3.1.0. | `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | | `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | | `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | +| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | +| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` | +| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` | | `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` | | `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | +| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` | +| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` | +| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` | | `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` | diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml new file mode 100644 index 0000000..f5b9b53 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-affinity-values.yaml @@ -0,0 +1,16 @@ +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: grafana-test + app.kubernetes.io/name: grafana + topologyKey: failure-domain.beta.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/instance: grafana-test + app.kubernetes.io/name: grafana + topologyKey: kubernetes.io/hostname diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml new file mode 100644 index 0000000..f2d55a8 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-extraconfigmapmounts-values.yaml @@ -0,0 +1,7 @@ +extraConfigmapMounts: + - name: '{{ template "grafana.fullname" . }}' + configMap: '{{ template "grafana.fullname" . }}' + mountPath: /var/lib/grafana/dashboards/test-dashboard.json + # This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap + subPath: grafana.ini + readOnly: true diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml new file mode 100644 index 0000000..b92ca02 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/ci/with-persistence.yaml @@ -0,0 +1,3 @@ +persistence: + type: pvc + enabled: true diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl index f0c06aa..7b146e5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl @@ -141,6 +141,28 @@ Return the appropriate apiVersion for ingress. {{- end -}} {{- end -}} +{{/* +Return the appropriate apiVersion for podSecurityPolicy. +*/}} +{{- define "grafana.podSecurityPolicy.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1") (semverCompare ">= 1.16-0" .Capabilities.KubeVersion.Version) -}} + {{- print "policy/v1beta1" -}} + {{- else -}} + {{- print "extensions/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podDisruptionBudget. +*/}} +{{- define "grafana.podDisruptionBudget.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} + {{- print "policy/v1" -}} + {{- else -}} + {{- print "policy/v1beta1" -}} + {{- end -}} +{{- end -}} + {{/* Return if ingress is stable. */}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl index 9444221..1a71c83 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl @@ -37,7 +37,7 @@ initContainers: - name: storage mountPath: "/var/lib/grafana" {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} + subPath: {{ tpl .Values.persistence.subPath . }} {{- end }} {{- end }} {{- if .Values.dashboards }} @@ -69,7 +69,7 @@ initContainers: - name: storage mountPath: "/var/lib/grafana" {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} + subPath: {{ tpl .Values.persistence.subPath . }} {{- end }} {{- range .Values.extraSecretMounts }} - name: {{ .name }} @@ -149,6 +149,14 @@ initContainers: - name: SKIP_TLS_VERIFY value: "{{ .Values.sidecar.skipTlsVerify }}" {{- end }} +{{- if .Values.sidecar.livenessProbe }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} +{{- end }} +{{- if .Values.sidecar.readinessProbe }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} +{{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} {{- if .Values.sidecar.securityContext }} @@ -164,8 +172,9 @@ initContainers: {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: +{{- $root := . }} {{- range .Values.image.pullSecrets }} - - name: {{ . }} + - name: {{ tpl . $root }} {{- end}} {{- end }} {{- if not .Values.enableKubeBackwardCompatibility }} @@ -189,6 +198,10 @@ containers: - name: LABEL_VALUE value: {{ quote .Values.sidecar.dashboards.labelValue }} {{- end }} + {{- if .Values.sidecar.logLevel }} + - name: LOG_LEVEL + value: {{ quote .Values.sidecar.logLevel }} + {{- end }} - name: FOLDER value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - name: RESOURCE @@ -221,6 +234,14 @@ containers: - name: WATCH_CLIENT_TIMEOUT value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}" {{- end }} +{{- if .Values.sidecar.livenessProbe }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} +{{- end }} +{{- if .Values.sidecar.readinessProbe }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} +{{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} {{- if .Values.sidecar.securityContext }} @@ -271,14 +292,14 @@ containers: - name: REQ_USERNAME valueFrom: secretKeyRef: - name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} key: {{ .Values.admin.userKey | default "admin-user" }} {{- end }} {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} key: {{ .Values.admin.passwordKey | default "admin-password" }} {{- end }} {{- if not .Values.sidecar.datasources.skipReload }} @@ -287,6 +308,14 @@ containers: - name: REQ_METHOD value: POST {{- end }} +{{- if .Values.sidecar.livenessProbe }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} +{{- end }} +{{- if .Values.sidecar.readinessProbe }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} +{{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} {{- if .Values.sidecar.securityContext }} @@ -334,14 +363,14 @@ containers: - name: REQ_USERNAME valueFrom: secretKeyRef: - name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} key: {{ .Values.admin.userKey | default "admin-user" }} {{- end }} {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: REQ_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} key: {{ .Values.admin.passwordKey | default "admin-password" }} {{- end }} {{- if not .Values.sidecar.plugins.skipReload }} @@ -350,6 +379,14 @@ containers: - name: REQ_METHOD value: POST {{- end }} +{{- if .Values.sidecar.livenessProbe }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} +{{- end }} +{{- if .Values.sidecar.readinessProbe }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} +{{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} {{- if .Values.sidecar.securityContext }} @@ -362,9 +399,9 @@ containers: {{- end}} - name: {{ .Chart.Name }} {{- if .Values.image.sha }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}" {{- else }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.command }} @@ -386,16 +423,17 @@ containers: mountPath: "/etc/grafana/ldap.toml" subPath: ldap.toml {{- end }} + {{- $root := . }} {{- range .Values.extraConfigmapMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath | default "" }} + - name: {{ tpl .name $root }} + mountPath: {{ tpl .mountPath $root }} + subPath: {{ (tpl .subPath $root) | default "" }} readOnly: {{ .readOnly }} {{- end }} - name: storage mountPath: "/var/lib/grafana" {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} + subPath: {{ tpl .Values.persistence.subPath . }} {{- end }} {{- if .Values.dashboards }} {{- range $provider, $dashboards := .Values.dashboards }} @@ -484,14 +522,14 @@ containers: - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: - name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} key: {{ .Values.admin.userKey | default "admin-user" }} {{- end }} {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} key: {{ .Values.admin.passwordKey | default "admin-password" }} {{- end }} {{- if .Values.plugins }} @@ -561,6 +599,9 @@ containers: {{ toYaml .Values.livenessProbe | indent 6 }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 6 }} +{{- if .Values.lifecycleHooks }} + lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }} +{{- end }} resources: {{ toYaml .Values.resources | indent 6 }} {{- with .Values.extraContainers }} @@ -570,9 +611,10 @@ containers: nodeSelector: {{ toYaml . | indent 2 }} {{- end }} +{{- $root := . }} {{- with .Values.affinity }} affinity: -{{ toYaml . | indent 2 }} +{{ tpl (toYaml .) $root | indent 2 }} {{- end }} {{- with .Values.tolerations }} tolerations: @@ -582,10 +624,14 @@ volumes: - name: config configMap: name: {{ template "grafana.fullname" . }} +{{- $root := . }} {{- range .Values.extraConfigmapMounts }} - - name: {{ .name }} + - name: {{ tpl .name $root }} configMap: - name: {{ .configMap }} + name: {{ tpl .configMap $root }} + {{- if .items }} + items: {{ toYaml .items | nindent 6 }} + {{- end }} {{- end }} {{- if .Values.dashboards }} {{- range (keys .Values.dashboards | sortAlpha) }} @@ -617,7 +663,7 @@ volumes: {{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} - name: storage persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} + claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }} {{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} # nothing {{- else }} @@ -634,7 +680,12 @@ volumes: {{- end -}} {{- if .Values.sidecar.dashboards.enabled }} - name: sc-dashboard-volume +{{- if .Values.sidecar.dashboards.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.sidecar.dashboards.sizeLimit }} +{{- else }} emptyDir: {} +{{- end -}} {{- if .Values.sidecar.dashboards.SCProvider }} - name: sc-dashboard-provider configMap: @@ -643,22 +694,40 @@ volumes: {{- end }} {{- if .Values.sidecar.datasources.enabled }} - name: sc-datasources-volume +{{- if .Values.sidecar.datasources.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.sidecar.datasources.sizeLimit }} +{{- else }} emptyDir: {} {{- end -}} +{{- end -}} {{- if .Values.sidecar.plugins.enabled }} - name: sc-plugins-volume +{{- if .Values.sidecar.plugins.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.sidecar.plugins.sizeLimit }} +{{- else }} emptyDir: {} {{- end -}} +{{- end -}} {{- if .Values.sidecar.notifiers.enabled }} - name: sc-notifiers-volume +{{- if .Values.sidecar.notifiers.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.sidecar.notifiers.sizeLimit }} +{{- else }} emptyDir: {} {{- end -}} +{{- end -}} {{- range .Values.extraSecretMounts }} {{- if .secretName }} - name: {{ .name }} secret: secretName: {{ .secretName }} defaultMode: {{ .defaultMode }} + {{- if .items }} + items: {{ toYaml .items | nindent 6 }} + {{- end }} {{- else if .projected }} - name: {{ .name }} projected: {{- toYaml .projected | nindent 6 }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml index f09e065..154658b 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/clusterrole.yaml @@ -9,9 +9,9 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} name: {{ template "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +{{- if or .Values.sidecar.dashboards.enabled (or .Values.rbac.extraClusterRoleRules (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }} rules: -{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }} - apiGroups: [""] # "" indicates the core API group resources: ["configmaps", "secrets"] verbs: ["get", "watch", "list"] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml index c72219f..0746a39 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.createConfigmap }} apiVersion: v1 kind: ConfigMap metadata: @@ -14,7 +15,19 @@ data: plugins: {{ join "," .Values.plugins }} {{- end }} grafana.ini: | +{{- range $elem, $elemVal := index .Values "grafana.ini" }} + {{- if not (kindIs "map" $elemVal) }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} +{{- end }} {{- range $key, $value := index .Values "grafana.ini" }} + {{- if kindIs "map" $value }} [{{ $key }}] {{- range $elem, $elemVal := $value }} {{- if kindIs "invalid" $elemVal }} @@ -25,6 +38,7 @@ data: {{ $elem }} = {{ $elemVal }} {{- end }} {{- end }} + {{- end }} {{- end }} {{- if .Values.datasources }} @@ -60,7 +74,7 @@ data: {{- end }} {{- end }} {{- end }} - + {{ $dashboardProviders := .Values.dashboardProviders }} {{- range $provider, $dashboards := .Values.dashboards }} {{- range $key, $value := $dashboards }} {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} @@ -74,9 +88,16 @@ data: {{- end }} -H "Content-Type: application/json;charset=UTF-8" \ {{ end }} - {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ - > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- $dpPath := "" -}} + {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers -}} + {{- if eq $kd.name $provider -}} + {{- $dpPath = $kd.options.path -}} {{- end -}} - {{- end }} + {{- end -}} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" + {{- end }} + {{- end -}} {{- end }} {{- end }} +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml index 8dbe5e1..d0465b1 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/deployment.yaml @@ -1,4 +1,4 @@ -{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +{{ if (and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc"))) }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml index 3976995..1a9d4c5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-deployment.yaml @@ -56,8 +56,9 @@ spec: {{- end }} {{- if .Values.imageRenderer.image.pullSecrets }} imagePullSecrets: + {{- $root := . }} {{- range .Values.imageRenderer.image.pullSecrets }} - - name: {{ . }} + - name: {{ tpl . $root }} {{- end}} {{- end }} containers: @@ -105,9 +106,10 @@ spec: nodeSelector: {{ toYaml . | indent 8 }} {{- end }} + {{- $root := . }} {{- with .Values.imageRenderer.affinity }} affinity: -{{ toYaml . | indent 8 }} +{{ tpl (toYaml .) $root | indent 8 }} {{- end }} {{- with .Values.imageRenderer.tolerations }} tolerations: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml index f8ca73a..8136ff8 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/image-renderer-network-policy.yaml @@ -64,10 +64,7 @@ spec: - port: {{ .Values.service.port }} protocol: TCP to: - - namespaceSelector: - matchLabels: - name: {{ template "grafana.namespace" . }} - podSelector: + - podSelector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 14 }} {{- if .Values.podLabels }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml index fc24382..d277a9d 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/networkpolicy.yaml @@ -14,9 +14,23 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} spec: + policyTypes: + {{- if .Values.networkPolicy.ingress }} + - Ingress + {{- end }} + {{- if .Values.networkPolicy.egress.enabled }} + - Egress + {{- end }} podSelector: matchLabels: {{- include "grafana.selectorLabels" . | nindent 6 }} + + {{- if .Values.networkPolicy.egress.enabled }} + egress: + - ports: + {{ .Values.networkPolicy.egress.ports | toJson }} + {{- end }} + {{- if .Values.networkPolicy.ingress }} ingress: - ports: - port: {{ .Values.service.targetPort }} @@ -34,4 +48,5 @@ spec: {{- include "grafana.labels" . | nindent 14 }} role: read {{- end }} + {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml index 61813a4..70901b7 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/poddisruptionbudget.yaml @@ -1,5 +1,5 @@ {{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1beta1 +apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }} kind: PodDisruptionBudget metadata: name: {{ template "grafana.fullname" . }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml index 7de6c02..881df6f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/podsecuritypolicy.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 +apiVersion: {{ include "grafana.podSecurityPolicy.apiVersion" . }} kind: PodSecurityPolicy metadata: name: {{ template "grafana.fullname" . }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml index 6a1890f..ff2160f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/role.yaml @@ -10,7 +10,7 @@ metadata: annotations: {{ toYaml . | indent 4 }} {{- end }} -{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }} rules: {{- if .Values.rbac.pspEnabled }} - apiGroups: ['extensions'] @@ -18,7 +18,7 @@ rules: verbs: ['use'] resourceNames: [{{ template "grafana.fullname" . }}] {{- end }} -{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }} - apiGroups: [""] # "" indicates the core API group resources: ["configmaps", "secrets"] verbs: ["get", "watch", "list"] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml index 7576eee..4ccee15 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/serviceaccount.yaml @@ -4,9 +4,10 @@ kind: ServiceAccount metadata: labels: {{- include "grafana.labels" . | nindent 4 }} +{{- $root := . }} {{- with .Values.serviceAccount.annotations }} annotations: -{{ toYaml . | indent 4 }} +{{ tpl (toYaml . | indent 4) $root }} {{- end }} name: {{ template "grafana.serviceAccountName" . }} namespace: {{ template "grafana.namespace" . }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml index 4b6437e..56bc68e 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/servicemonitor.yaml @@ -6,6 +6,8 @@ metadata: name: {{ template "grafana.fullname" . }} {{- if .Values.serviceMonitor.namespace }} namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ template "grafana.namespace" . }} {{- end }} labels: {{- include "grafana.labels" . | nindent 4 }} @@ -38,5 +40,5 @@ spec: {{- include "grafana.selectorLabels" . | nindent 8 }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ template "grafana.namespace" . }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml index ad3dd06..b308dec 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")))}} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -35,6 +35,7 @@ spec: {{- end }} spec: {{- include "grafana.pod" . | nindent 6 }} + {{- if .Values.persistence.enabled}} volumeClaimTemplates: - metadata: name: storage @@ -49,4 +50,5 @@ spec: matchLabels: {{ toYaml . | indent 10 }} {{- end }} + {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml index cdc86e5..ef43d80 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test.yaml @@ -7,25 +7,28 @@ metadata: {{- include "grafana.labels" . | nindent 4 }} annotations: "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" namespace: {{ template "grafana.namespace" . }} spec: serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} {{- if .Values.testFramework.securityContext }} securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} {{- end }} + {{- $root := . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} - - name: {{ . }} + - name: {{ tpl . $root }} {{- end}} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 4 }} {{- end }} + {{- $root := . }} {{- with .Values.affinity }} affinity: -{{ toYaml . | indent 4 }} +{{ tpl (toYaml .) $root | indent 4 }} {{- end }} {{- with .Values.tolerations }} tolerations: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml index fdd52eb..985bcf5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml @@ -17,6 +17,7 @@ serviceAccount: create: true name: nameTest: +## Service account annotations. Can be templated. # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here autoMount: true @@ -73,13 +74,15 @@ livenessProbe: image: repository: grafana/grafana - tag: 8.4.5 + # Overrides the Grafana image tag whose default is the chart appVersion + tag: "" sha: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Can be templated. ## # pullSecrets: # - myRegistrKeySecretName @@ -99,6 +102,11 @@ securityContext: containerSecurityContext: {} +# Enable creating the grafana configmap +createConfigmap: true + +# Extra configmaps to mount in grafana pods +# Values are templated. extraConfigmapMounts: [] # - name: certs-configmap # mountPath: /etc/grafana/ssl/ @@ -236,7 +244,7 @@ nodeSelector: {} ## tolerations: [] -## Affinity for pod assignment +## Affinity for pod assignment (evaluated as template) ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} @@ -286,7 +294,9 @@ persistence: finalizers: - kubernetes.io/pvc-protection # selectorLabels: {} + ## Sub-directory of the PV to mount. Can be templated. # subPath: "" + ## Name of an existing PVC. Can be templated. # existingClaim: ## If persistence is not enabled, this allows to mount the @@ -332,6 +342,7 @@ adminUser: admin # Use an existing secret for the admin user. admin: + ## Name of the secret. Can be templated. existingSecret: "" userKey: admin-user passwordKey: admin-password @@ -458,6 +469,12 @@ extraVolumeMounts: [] # readOnly: true # hostPath: /usr/shared/ +## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request +lifecycleHooks: {} + # postStart: + # exec: + # command: [] + ## Pass the plugins you want installed as a list. ## plugins: [] @@ -634,7 +651,7 @@ smtp: sidecar: image: repository: quay.io/kiwigrid/k8s-sidecar - tag: 1.15.6 + tag: 1.19.2 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -648,13 +665,17 @@ sidecar: # skipTlsVerify Set to true to skip tls verification for kube api calls # skipTlsVerify: true enableUniqueFilenames: false + readinessProbe: {} + livenessProbe: {} + # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. + logLevel: INFO dashboards: enabled: false SCProvider: true # label that the configmaps with dashboards are marked with label: grafana_dashboard # value of label that the configmaps with dashboards are set to - labelValue: null + labelValue: "" # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) folder: /tmp/dashboards # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead @@ -700,12 +721,14 @@ sidecar: foldersFromFilesStructure: false # Additional dashboard sidecar volume mounts extraMounts: [] + # Sets the size limit of the dashboard sidecar emptyDir volume + sizeLimit: {} datasources: enabled: false # label that the configmaps with datasources are marked with label: grafana_datasource # value of label that the configmaps with datasources are set to - labelValue: null + labelValue: "" # If specified, the sidecar will search for datasource config-maps inside this namespace. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces @@ -720,12 +743,14 @@ sidecar: # Deploy the datasource sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any datasources defined at startup time. initDatasources: false + # Sets the size limit of the datasource sidecar emptyDir volume + sizeLimit: {} plugins: enabled: false # label that the configmaps with plugins are marked with label: grafana_plugin # value of label that the configmaps with plugins are set to - labelValue: null + labelValue: "" # If specified, the sidecar will search for plugin config-maps inside this namespace. # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces @@ -740,6 +765,8 @@ sidecar: # Deploy the datasource sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any plugins defined at startup time. initPlugins: false + # Sets the size limit of the plugin sidecar emptyDir volume + sizeLimit: {} notifiers: enabled: false # label that the configmaps with notifiers are marked with @@ -750,6 +777,8 @@ sidecar: searchNamespace: null # search in configmap, secret or both resource: both + # Sets the size limit of the notifier sidecar emptyDir volume + sizeLimit: {} ## Override the deployment namespace ## @@ -815,6 +844,20 @@ imageRenderer: # requests: # cpu: 50m # memory: 50Mi + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment (evaluated as template) + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. @@ -826,6 +869,10 @@ networkPolicy: ## When true, grafana will accept connections from any source ## (with the correct destination port). ## + ingress: true + ## @param networkPolicy.ingress When true enables the creation + ## an ingress network policy + ## allowExternal: true ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace @@ -841,10 +888,34 @@ networkPolicy: ## - {key: role, operator: In, values: [frontend]} ## explicitNamespacesSelector: {} + ## + ## + ## + ## + ## + ## + egress: + ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be + ## created allowing grafana to connect to external data sources from kubernetes cluster. + enabled: false + ## + ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress + ports: [] + ## Add ports to the egress by specifying - port: + ## E.X. + ## ports: + ## - port: 80 + ## - port: 443 + ## + ## + ## + ## + ## + ## # Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option enableKubeBackwardCompatibility: false - +useStatefulSet: false # Create a dynamic manifests via values: extraObjects: [] # - apiVersion: "kubernetes-client.io/v1" diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml index 2ee1909..188e7ed 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.4.1 +appVersion: 2.5.0 description: Install kube-state-metrics to generate and expose cluster-level metrics home: https://github.com/kubernetes/kube-state-metrics/ keywords: @@ -18,4 +18,4 @@ name: kube-state-metrics sources: - https://github.com/kubernetes/kube-state-metrics/ type: application -version: 4.7.0 +version: 4.15.0 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml index 60f5d59..0dfc963 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/deployment.yaml @@ -9,6 +9,10 @@ metadata: namespace: {{ template "kube-state-metrics.namespace" . }} labels: {{- include "kube-state-metrics.labels" . | indent 4 }} + {{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4 }} + {{- end }} spec: selector: matchLabels: @@ -30,16 +34,13 @@ spec: hostNetwork: {{ .Values.hostNetwork }} serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} + securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} containers: - - name: {{ .Chart.Name }} + - name: {{ template "kube-state-metrics.name" . }} {{- if .Values.autosharding.enabled }} env: - name: POD_NAME @@ -53,9 +54,7 @@ spec: {{- end }} args: {{- if .Values.extraArgs }} - {{- range .Values.extraArgs }} - - {{ . }} - {{- end }} + {{- .Values.extraArgs | toYaml | nindent 8 }} {{- end }} {{- if .Values.service.port }} - --port={{ .Values.service.port | default 8080}} @@ -75,7 +74,9 @@ spec: {{- if .Values.metricDenylist }} - --metric-denylist={{ .Values.metricDenylist | join "," }} {{- end }} - {{- if .Values.namespaces }} + {{- if .Values.releaseNamespace }} + - --namespaces={{ template "kube-state-metrics.namespace" . }} + {{- else if .Values.namespaces }} - --namespaces={{ tpl (.Values.namespaces | join ",") $ }} {{- end }} {{- if .Values.namespacesDenylist }} @@ -92,12 +93,17 @@ spec: - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} {{- end }} - --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }} - {{- if .Values.kubeconfig.enabled }} + {{- if or (.Values.kubeconfig.enabled) (.Values.volumeMounts) }} volumeMounts: + {{- if .Values.kubeconfig.enabled }} - name: kubeconfig mountPath: /opt/k8s/.kube/ readOnly: true {{- end }} + {{- if .Values.volumeMounts }} +{{ toYaml .Values.volumeMounts | indent 8 }} + {{- end }} + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" ports: @@ -143,9 +149,18 @@ spec: tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} - {{- if .Values.kubeconfig.enabled}} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.topologySpreadConstraints | indent 8 }} + {{- end }} + {{- if or (.Values.kubeconfig.enabled) (.Values.volumes) }} volumes: + {{- if .Values.kubeconfig.enabled}} - name: kubeconfig secret: secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig {{- end }} + {{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 8 }} + {{- end }} + {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml index cbcf3a3..3771b51 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/pdb.yaml @@ -1,5 +1,9 @@ {{- if .Values.podDisruptionBudget -}} +{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} +apiVersion: policy/v1 +{{- else -}} apiVersion: policy/v1beta1 +{{- end }} kind: PodDisruptionBudget metadata: name: {{ template "kube-state-metrics.fullname" . }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml index e514e3c..05d9cc2 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/role.yaml @@ -183,5 +183,8 @@ rules: - verticalpodautoscalers verbs: ["list", "watch"] {{ end -}} +{{ if $.Values.rbac.extraRules }} +{{ toYaml $.Values.rbac.extraRules }} +{{ end }} {{- end -}} {{- end -}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml index 5a2d8ea..92c6d4f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/service.yaml @@ -27,6 +27,9 @@ spec: protocol: TCP port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + {{- if .Values.selfMonitor.telemetryNodePort }} + nodePort: {{ .Values.selfMonitor.telemetryNodePort }} + {{- end }} {{ end }} {{- if .Values.service.loadBalancerIP }} loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml index 93a5870..4deac95 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -40,6 +40,13 @@ spec: relabelings: {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} {{- end }} + {{- if .Values.prometheus.monitor.scheme }} + scheme: {{ .Values.prometheus.monitor.scheme }} + {{- end }} + {{- if .Values.prometheus.monitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} + {{- end }} {{- if .Values.selfMonitor.enabled }} - port: metrics {{- if .Values.prometheus.monitor.interval }} @@ -62,5 +69,12 @@ spec: relabelings: {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} {{- end }} + {{- if .Values.prometheus.monitor.scheme }} + scheme: {{ .Values.prometheus.monitor.scheme }} + {{- end }} + {{- if .Values.prometheus.monitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml index 89e0da7..cf74d67 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/kube-state-metrics/values.yaml @@ -1,8 +1,8 @@ # Default values for kube-state-metrics. prometheusScrape: true image: - repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics - tag: v2.4.1 + repository: registry.k8s.io/kube-state-metrics/kube-state-metrics + tag: v2.5.0 pullPolicy: IfNotPresent imagePullSecrets: [] @@ -50,6 +50,13 @@ rbac: # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) useClusterRole: true + # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration + # Example: + # - apiGroups: ["monitoring.coreos.com"] + # resources: ["prometheuses"] + # verbs: ["list", "watch"] + extraRules: [] + serviceAccount: # Specifies whether a ServiceAccount should be created, require rbac true create: true @@ -77,6 +84,8 @@ prometheus: honorLabels: false metricRelabelings: [] relabelings: [] + scheme: "" + tlsConfig: {} ## Specify if a Pod Security Policy for kube-state-metrics must be created ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ @@ -118,6 +127,13 @@ affinity: {} ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] +## Topology spread constraints for pod assignment +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +topologySpreadConstraints: [] + +# Annotations to be added to the deployment/statefulset +annotations: {} + # Annotations to be added to the pod podAnnotations: {} @@ -193,6 +209,10 @@ kubeconfig: # base64 encoded kube-config file secret: +# Enable only the release namespace for collecting resources. By default all namespaces are collected. +# If releaseNamespace and namespaces are both set only releaseNamespace will be used. +releaseNamespace: false + # Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. namespaces: "" @@ -223,7 +243,22 @@ kubeTargetVersionOverride: "" # Enable self metrics configuration for service and Service Monitor # Default values for telemetry configuration can be overridden +# If you set telemetryNodePort, you must also set service.type to NodePort selfMonitor: enabled: false # telemetryHost: 0.0.0.0 # telemetryPort: 8081 + # telemetryNodePort: 0 + +# volumeMounts are used to add custom volume mounts to deployment. +# See example below +volumeMounts: [] +# - mountPath: /etc/config +# name: config-volume + +# volumes are used to add custom volumes to deployment +# See example below +volumes: [] +# - configMap: +# name: cm-for-volume +# name: config-volume diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml index 3601342..ef9937f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/Chart.yaml @@ -9,11 +9,10 @@ keywords: maintainers: - email: gianrubio@gmail.com name: gianrubio -- name: bismarck - email: zanhsieh@gmail.com name: zanhsieh name: prometheus-node-exporter sources: - https://github.com/prometheus/node_exporter/ type: application -version: 3.1.0 +version: 3.3.1 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml index cdce9a0..c49d930 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -70,13 +70,35 @@ spec: containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} httpGet: + httpHeaders: + {{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }} + - name: {{ $header.name }} + value: {{ $header.value }} + {{- end }} path: / port: {{ .Values.service.port }} + scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} httpGet: + httpHeaders: + {{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }} + - name: {{ $header.name }} + value: {{ $header.value }} + {{- end }} path: / port: {{ .Values.service.port }} + scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} resources: {{ toYaml .Values.resources | indent 12 }} volumeMounts: @@ -134,6 +156,10 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} hostNetwork: {{ .Values.hostNetwork }} hostPID: {{ .Values.hostPID }} {{- if .Values.affinity }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml index aad25c4..302b7b5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/templates/servicemonitor.yaml @@ -21,6 +21,10 @@ spec: endpoints: - port: {{ .Values.service.portName }} scheme: {{ .Values.prometheus.monitor.scheme }} + {{- with .Values.prometheus.monitor.basicAuth }} + basicAuth: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.prometheus.monitor.bearerTokenFile }} bearerTokenFile: {{ . }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml index 7e02e21..80b399a 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/prometheus-node-exporter/values.yaml @@ -7,6 +7,9 @@ image: tag: "" pullPolicy: IfNotPresent +imagePullSecrets: [] +# - name: "image-pull-secret" + service: type: ClusterIP port: 9100 @@ -31,6 +34,7 @@ prometheus: jobLabel: "" scheme: http + basicAuth: {} bearerTokenFile: tlsConfig: {} @@ -203,3 +207,27 @@ sidecarVolumeMount: [] ## Additional InitContainers to initialize the pod ## extraInitContainers: [] + +## Liveness probe +## +livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: [] + scheme: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + +## Readiness probe +## +readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: [] + scheme: http + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml index 5f9929d..5c391fd 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: alertmanagerconfigs.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: AlertmanagerConfig listKind: AlertmanagerConfigList plural: alertmanagerconfigs + shortNames: + - amcfg singular: alertmanagerconfig scope: Namespaced versions: @@ -335,6 +336,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -356,6 +358,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert file @@ -381,6 +384,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -402,6 +406,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -427,6 +432,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -447,6 +453,10 @@ spec: description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string apiKey: description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace @@ -493,6 +503,10 @@ spec: - value type: object type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string httpConfig: description: HTTP client configuration. properties: @@ -523,6 +537,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -554,6 +569,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -575,6 +591,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -632,6 +649,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -654,6 +672,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -676,6 +695,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -727,6 +747,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -749,6 +770,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -774,6 +796,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -796,6 +819,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -821,6 +845,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -852,6 +877,12 @@ spec: type: string type: description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule minLength: 1 type: string username: @@ -871,6 +902,12 @@ spec: description: Comma separated list of tags attached to the notifications. type: string + updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. + type: boolean type: object type: array pagerdutyConfigs: @@ -946,6 +983,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -977,6 +1015,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -998,6 +1037,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -1055,6 +1095,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1077,6 +1118,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -1099,6 +1141,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -1150,6 +1193,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1172,6 +1216,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -1197,6 +1242,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1219,6 +1265,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -1244,6 +1291,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -1391,6 +1439,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -1422,6 +1471,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -1443,6 +1493,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -1500,6 +1551,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1522,6 +1574,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -1544,6 +1597,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -1595,6 +1649,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1617,6 +1672,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -1642,6 +1698,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1664,6 +1721,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -1689,6 +1747,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -1914,6 +1973,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -1945,6 +2005,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -1966,6 +2027,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -2023,6 +2085,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2045,6 +2108,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -2067,6 +2131,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -2118,6 +2183,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2140,6 +2206,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -2165,6 +2232,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2187,6 +2255,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -2212,6 +2281,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -2295,6 +2365,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -2326,6 +2397,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -2347,6 +2419,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -2404,6 +2477,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2426,6 +2500,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -2448,6 +2523,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -2499,6 +2575,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2521,6 +2598,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -2546,6 +2624,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2568,6 +2647,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -2593,6 +2673,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -2636,6 +2717,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic profile: description: Profile is the named AWS profile used to authenticate. @@ -2670,6 +2752,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object subject: description: Subject line when the message is delivered @@ -2688,6 +2771,404 @@ spec: type: string type: object type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: Telegram bot token The secret needs to be + in the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to + use for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert + file for the targets. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + type: object + type: array victoropsConfigs: description: List of VictorOps configurations. items: @@ -2769,6 +3250,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -2800,6 +3282,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -2821,6 +3304,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -2878,6 +3362,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2900,6 +3385,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -2922,6 +3408,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -2973,6 +3460,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -2995,6 +3483,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -3020,6 +3509,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3042,6 +3532,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -3067,6 +3558,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -3129,6 +3621,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -3160,6 +3653,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -3181,6 +3675,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -3238,6 +3733,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3260,6 +3756,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -3282,6 +3779,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -3333,6 +3831,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3355,6 +3854,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -3380,6 +3880,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3402,6 +3903,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -3427,6 +3929,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -3539,6 +4042,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -3570,6 +4074,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -3591,6 +4096,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: The secret's key that contains the bearer @@ -3648,6 +4154,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3670,6 +4177,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 @@ -3692,6 +4200,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -3743,6 +4252,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3765,6 +4275,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert @@ -3790,6 +4301,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -3812,6 +4324,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -3837,6 +4350,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. @@ -3959,9 +4473,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml index cc6b6a7..1851cba 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: alertmanagers.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: Alertmanager listKind: AlertmanagerList plural: alertmanagers + shortNames: + - am singular: alertmanager scope: Namespaced versions: @@ -160,6 +161,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -260,10 +262,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate @@ -340,6 +344,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -347,9 +352,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -398,13 +401,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -496,6 +500,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -503,8 +508,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -549,13 +552,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -649,6 +653,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -656,9 +661,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -707,13 +710,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -805,6 +809,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -812,8 +817,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -858,13 +861,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -928,6 +932,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic alertmanagerConfigSelector: description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. @@ -973,17 +978,18 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic alertmanagerConfiguration: description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the global Alertmanager configuration. If defined, it takes precedence - over the `configSecret` field. This field may change in future releases. - The specified global alertmanager config will not force add a namespace - label in routes and inhibitRules.' + over the `configSecret` field. This field may change in future releases.' properties: name: description: The name of the AlertmanagerConfig resource which - holds the global configuration. It must be in the same namespace - as the Alertmanager. + is used to generate the global configuration. It must be defined + in the same namespace as the Alertmanager object. The operator + will not enforce a `namespace` label for routes and inhibition + rules. minLength: 1 type: string type: object @@ -998,12 +1004,15 @@ spec: type: string clusterGossipInterval: description: Interval between gossip attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string clusterPeerTimeout: description: Timeout for cluster peering. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string clusterPushpullInterval: description: Interval between pushpull attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace @@ -1013,10 +1022,15 @@ spec: type: string type: array configSecret: - description: ConfigSecret is the name of a Kubernetes Secret in the - same namespace as the Alertmanager object, which contains configuration - for this Alertmanager instance. Defaults to 'alertmanager-' - The secret is mounted into /etc/alertmanager/config. + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to 'alertmanager-'. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret. \n If either the secret or the + `alertmanager.yaml` key is missing, the operator provisions an Alertmanager + configuration with one empty receiver (effectively dropping alert + notifications)." type: string containers: description: 'Containers allows injecting additional containers. This @@ -1032,7 +1046,7 @@ spec: within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -1046,7 +1060,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -1104,6 +1118,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -1122,6 +1137,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -1147,6 +1163,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -1168,6 +1185,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1198,6 +1216,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -1214,10 +1233,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -1447,7 +1467,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -1649,7 +1669,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2009,7 +2029,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2253,6 +2273,28 @@ spec: Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. type: boolean + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map image: description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary @@ -2272,6 +2314,7 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: description: 'InitContainers allows adding initContainers to the pod @@ -2288,7 +2331,7 @@ spec: within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -2302,7 +2345,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -2360,6 +2403,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -2378,6 +2422,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -2403,6 +2448,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -2424,6 +2470,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2454,6 +2501,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -2470,10 +2518,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -2703,7 +2752,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2905,7 +2954,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3265,7 +3314,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3505,9 +3554,19 @@ spec: type: boolean logFormat: description: Log format for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json type: string logLevel: description: Log level for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error type: string minReadySeconds: description: Minimum number of seconds for which a newly created pod @@ -3594,9 +3653,11 @@ spec: type: object type: object retention: + default: 120h description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string routePrefix: description: The route prefix Alertmanager registers HTTP handlers @@ -3802,22 +3863,22 @@ spec: More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3859,14 +3920,14 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new @@ -3894,29 +3955,31 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef allows + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) or + a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if + the type of the specified object matches some installed + volume populator or dynamic provisioner. This field + will replace the functionality of the DataSource + field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of + them is empty and the other is non-empty. There + are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -3937,8 +4000,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -3971,8 +4035,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -4018,9 +4082,10 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -4028,7 +4093,7 @@ spec: implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -4086,14 +4151,14 @@ spec: a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the @@ -4117,14 +4182,15 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object from + a non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, @@ -4133,12 +4199,12 @@ spec: and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef preserves + DataSourceRef allows any non-core object, as well as + PersistentVolumeClaim objects. * While DataSource ignores + disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + is specified. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -4156,8 +4222,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but @@ -4189,8 +4256,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: selector is a label query over volumes to + consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -4234,9 +4301,10 @@ spec: contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume is @@ -4244,7 +4312,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -4253,7 +4321,7 @@ spec: of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes + description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string @@ -4265,19 +4333,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be larger - than the actual capacity when a volume expansion operation - is requested. For storage quota, the larger value from - allocatedResources and PVC.spec.resources is used. If - allocatedResources is not set, PVC.spec.resources alone - is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. type: object capacity: additionalProperties: @@ -4286,36 +4354,37 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying - volume. + description: capacity represents the actual resources + of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: - description: Last time we probed the condition. + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: lastTransitionTime is the time the + condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: message is the human-readable message + indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. type: string status: type: string @@ -4329,10 +4398,10 @@ spec: type: object type: array phase: - description: Phase represents the current phase of PersistentVolumeClaim. + description: phase represents the current phase of PersistentVolumeClaim. type: string resizeStatus: - description: ResizeStatus stores status of resize operation. + description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires @@ -4439,16 +4508,20 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. - For example, in a 3-zone cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - if MaxSkew is - 1, incoming pod can only be scheduled to zone3 to become 1/1/1; - scheduling it onto zone1(zone2) would make the ActualSkew(2-0) + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy @@ -4456,21 +4529,51 @@ spec: allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes match the node selector. e.g. If TopologyKey is + "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but + tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node assignment + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -4541,180 +4644,186 @@ spec: be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in the blob storage + description: diskName is the Name of the data disk in the + blob storage type: string diskURI: - description: The URI the data disk in the blob storage + description: diskURI is the URI of data disk in the blob + storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: - description: Share Name + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: - description: 'volume id used to identify the volume in cinder. + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -4726,25 +4835,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -4756,28 +4865,29 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: optional specify whether the ConfigMap or its + keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: - description: CSI (Container Storage Interface) represents ephemeral + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI driver that handles + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, @@ -4790,14 +4900,15 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object @@ -4805,7 +4916,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -4843,6 +4954,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 @@ -4886,54 +4998,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that is handled + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity - \ tracking are needed, c) the storage driver is specified - through a storage class, and d) the storage driver supports - dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on the - connection between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that way - see - the documentation of the driver for more information. \n A - pod can use both types of ephemeral volumes and persistent - volumes at the same time." + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to @@ -4968,13 +5080,13 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support @@ -5003,15 +5115,16 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to - populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + local object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will only + succeed if the type of the specified object matches + some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For @@ -5021,13 +5134,13 @@ spec: other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as - well as PersistentVolumeClaim objects. * While - DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef + preserves all values, and generates an error if + a disallowed value is specified. (Beta) Using + this field requires the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5048,8 +5161,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -5082,8 +5196,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -5132,9 +5246,11 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -5142,7 +5258,7 @@ spec: is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -5151,32 +5267,33 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource that is + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers + description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: @@ -5184,128 +5301,133 @@ spec: type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options if any.' + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified revision. + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details + description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean @@ -5314,7 +5436,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers @@ -5323,78 +5445,81 @@ spec: mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session CHAP authentication + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -5402,24 +5527,24 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -5427,86 +5552,87 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies a Portworx volume + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions on created - files by default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal values - for mode bits. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set. + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: configMap information about the configMap + data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected @@ -5521,27 +5647,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -5555,13 +5682,14 @@ spec: uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: - description: information about the downwardAPI data - to project + description: downwardAPI information about the downwardAPI + data to project properties: items: description: Items is a list of DownwardAPIVolume @@ -5588,6 +5716,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be @@ -5636,21 +5765,22 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: - description: information about the secret data to - project + description: secret information about the secret data + to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup @@ -5662,27 +5792,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -5696,16 +5827,17 @@ spec: uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: optional field specify whether the + Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: serviceAccountToken is information about + the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the @@ -5713,7 +5845,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate @@ -5725,7 +5857,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative to the + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -5736,35 +5868,35 @@ spec: type: array type: object quobyte: - description: Quobyte represents a Quobyte mount on the host + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -5772,41 +5904,42 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -5815,36 +5948,38 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO API Gateway. + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: @@ -5853,26 +5988,28 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: system is the name of the storage system as + configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -5880,24 +6017,24 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -5909,25 +6046,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -5935,29 +6072,30 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: optional field specify whether the Secret or + its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -5966,13 +6104,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: - description: VolumeName is the human-readable name of the + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS @@ -5983,24 +6122,26 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere volume vmdk + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -6009,6 +6150,159 @@ spec: - name type: object type: array + web: + description: Defines the web command line flags when starting Alertmanager. + properties: + tlsConfig: + description: WebTLSConfig defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object + type: object type: object status: description: 'Most recent observed status of the Alertmanager cluster. @@ -6052,9 +6346,3 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml index 80984a0..c967172 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: podmonitors.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: PodMonitor listKind: PodMonitorList plural: podmonitors + shortNames: + - pmon singular: podmonitor scope: Namespaced versions: @@ -40,6 +41,15 @@ spec: description: Specification of desired Pod selection for target discovery by Prometheus. properties: + attachMetadata: + description: 'Attaches node metadata to discovered targets. Only valid + for role: pod. Only valid in Prometheus versions 2.35.0 and newer.' + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object jobLabel: description: The label to use to retrieve the job name from. type: string @@ -102,6 +112,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -130,6 +141,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -149,6 +161,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: Secret to mount to read bearer token for scraping @@ -170,6 +183,10 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -183,7 +200,9 @@ spec: the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: description: MetricRelabelConfigs to apply to samples before @@ -197,15 +216,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -271,6 +302,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -290,6 +322,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -309,6 +342,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -336,7 +370,8 @@ spec: description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). type: string port: description: Name of the pod port this endpoint refers to. Mutually @@ -361,15 +396,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -412,7 +459,9 @@ spec: description: HTTP scheme to use for scraping. type: string scrapeTimeout: - description: Timeout after which the scrape is ended + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: @@ -446,6 +495,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -465,6 +515,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert file for @@ -489,6 +540,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -508,6 +560,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -531,6 +584,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -592,6 +646,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic targetLimit: description: TargetLimit defines a limit on the number of scraped targets that will be accepted. @@ -606,9 +661,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml index 50d57f2..34ee1a1 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: probes.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: Probe listKind: ProbeList plural: probes + shortNames: + - prb singular: probe scope: Namespaced versions: @@ -62,6 +63,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -90,6 +92,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -109,6 +112,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenSecret: description: Secret to mount to read bearer token for scraping targets. @@ -129,9 +133,11 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic interval: description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: description: The job name assigned to scraped metrics by default. @@ -163,15 +169,27 @@ spec: action: default: replace description: Action to perform based on regex matching. Default - is 'replace' + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source label @@ -239,6 +257,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -257,6 +276,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -276,6 +296,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -301,6 +322,7 @@ spec: left empty. properties: path: + default: /probe description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: @@ -322,6 +344,8 @@ spec: type: integer scrapeTimeout: description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: description: TargetLimit defines a limit on the number of scraped @@ -366,15 +390,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -458,6 +494,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object staticConfig: description: 'staticConfig defines the static list of targets @@ -482,15 +519,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -559,6 +608,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -577,6 +627,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert file for the targets. @@ -598,6 +649,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -616,6 +668,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. @@ -638,6 +691,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -648,9 +702,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml index e7d1dd5..8f7bdac 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 argocd.argoproj.io/sync-options: Replace=true creationTimestamp: null name: prometheuses.monitoring.coreos.com @@ -17,6 +16,8 @@ spec: kind: Prometheus listKind: PrometheusList plural: prometheuses + shortNames: + - prom singular: prometheus scope: Namespaced versions: @@ -80,6 +81,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic additionalAlertRelabelConfigs: description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. @@ -107,6 +109,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic additionalScrapeConfigs: description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape @@ -134,6 +137,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic affinity: description: If specified, the pod's scheduling constraints. properties: @@ -236,6 +240,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -336,10 +341,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate @@ -416,6 +423,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -423,9 +431,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -474,13 +480,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -572,6 +579,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -579,8 +587,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -625,13 +631,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -725,6 +732,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -732,9 +740,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -783,13 +789,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -881,6 +888,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -888,8 +896,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -934,13 +940,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -998,6 +1005,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -1029,6 +1037,7 @@ spec: timeout: description: Timeout is a per-target Alertmanager timeout when pushing alerts. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: description: TLS Config to use for alertmanager connection. @@ -1057,6 +1066,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1078,6 +1088,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container @@ -1107,6 +1118,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. @@ -1128,6 +1140,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -1160,6 +1173,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -1206,6 +1220,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) @@ -1238,6 +1253,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -1257,6 +1273,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerToken: description: Bearer token for accessing apiserver. @@ -1294,6 +1311,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -1313,6 +1331,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container @@ -1341,6 +1360,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -1360,6 +1380,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -1391,6 +1412,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -1433,7 +1455,7 @@ spec: within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -1447,7 +1469,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -1505,6 +1527,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -1523,6 +1546,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -1548,6 +1572,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -1569,6 +1594,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1599,6 +1625,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -1615,10 +1642,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -1848,7 +1876,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2050,7 +2078,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2410,7 +2438,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2664,6 +2692,16 @@ spec: items: type: string type: array + enableRemoteWriteReceiver: + description: 'Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. Defaults to the value of `false`. WARNING: + This is not considered an efficient way of ingesting samples. Use + it with caution for specific low-volume use cases. It is not suitable + for replacing the ingestion via scraping and turning Prometheus + into a push-based metrics collection system. For more information + see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + Only valid in Prometheus versions 2.33.0 and newer.' + type: boolean enforcedBodySizeLimit: description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding @@ -2672,6 +2710,7 @@ spec: monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.' + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string enforcedLabelLimit: description: Per-scrape limit on number of labels that will be accepted @@ -2698,8 +2737,8 @@ spec: description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `Probe` objects) and 2. in all `PrometheusRule` objects (except - the ones excluded in `prometheusRulesExcludedFromEnforce`) to * - alerting & recording rules and * the metrics used in their expressions + the ones excluded in `prometheusRulesExcludedFromEnforce`) to * + alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above)." type: string @@ -2724,8 +2763,57 @@ spec: format: int64 type: integer evaluationInterval: - description: 'Interval between consecutive evaluations. Default: `1m`' + default: 30s + description: 'Interval between consecutive evaluations. Default: `30s`' + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + excludedFromEnforcement: + description: List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. Applies only if enforcedNamespaceLabel set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + type: string + required: + - namespace + - resource + type: object + type: array + exemplars: + description: Exemplars related settings that are runtime reloadable. + It requires to enable the exemplar storage feature to be effective. + properties: + maxSize: + description: Maximum number of exemplars stored in memory for + all series. If not set, Prometheus uses its default value. A + value of zero or less than zero disables the storage. + format: int64 + type: integer + type: object externalLabels: additionalProperties: type: string @@ -2737,11 +2825,33 @@ spec: under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. type: string + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map ignoreNamespaceSelectors: description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. - They will only discover endpoints within their current namespace. - Defaults to false. + They will only discover endpoints within the namespace of the PodMonitor, + ServiceMonitor and Probe objects. Defaults to false. type: boolean image: description: Image if specified has precedence over baseImage, tag @@ -2762,6 +2872,7 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: description: 'InitContainers allows adding initContainers to the pod @@ -2780,7 +2891,7 @@ spec: within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -2794,7 +2905,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -2852,6 +2963,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -2870,6 +2982,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -2895,6 +3008,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -2916,6 +3030,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2946,6 +3061,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -2962,10 +3078,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -3195,7 +3312,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3397,7 +3514,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3757,7 +3874,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3996,9 +4113,19 @@ spec: type: boolean logFormat: description: Log format for Prometheus to be configured with. + enum: + - "" + - logfmt + - json type: string logLevel: description: Log level for Prometheus to be configured with. + enum: + - "" + - debug + - info + - warn + - error type: string minReadySeconds: description: Minimum number of seconds for which a newly created pod @@ -4101,6 +4228,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic podMonitorSelector: description: '*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector @@ -4147,6 +4275,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic portName: description: Port name used for the pods and governing service. This defaults to web @@ -4199,6 +4328,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic probeSelector: description: '*Experimental* Probes to be selected for target discovery.' properties: @@ -4243,16 +4373,18 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic prometheusExternalLabelName: description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). type: string prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of prometheus + description: 'PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both - ruleNamespace and ruleName are set for each pair + ruleNamespace and ruleName are set for each pair. Deprecated: use + excludedFromEnforcement instead.' items: description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored @@ -4290,6 +4422,7 @@ spec: type: integer timeout: description: Maximum time a query may take before being aborted. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object queryLogFile: @@ -4333,6 +4466,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) @@ -4364,6 +4498,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -4383,6 +4518,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerToken: description: Bearer token for remote read. @@ -4431,6 +4567,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -4450,6 +4587,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -4469,6 +4607,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -4497,6 +4636,7 @@ spec: type: boolean remoteTimeout: description: Timeout for requests to the remote read endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string requiredMatchers: additionalProperties: @@ -4530,6 +4670,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -4549,6 +4690,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container @@ -4577,6 +4719,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -4596,6 +4739,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -4627,6 +4771,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -4666,6 +4811,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) @@ -4697,6 +4843,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -4716,6 +4863,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerToken: description: Bearer token for remote write. @@ -4742,6 +4890,7 @@ spec: sendInterval: description: How frequently metric metadata is sent to the remote storage. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object name: @@ -4777,6 +4926,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -4796,6 +4946,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -4815,6 +4966,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -4880,6 +5032,7 @@ spec: type: object remoteTimeout: description: Timeout for requests to the remote write endpoint. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string sendExemplars: description: Enables sending of exemplars over remote write. @@ -4910,6 +5063,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic profile: description: Profile is the named AWS profile used to authenticate. type: string @@ -4939,6 +5093,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object tlsConfig: description: TLS Config to use for remote write. @@ -4966,6 +5121,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -4985,6 +5141,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container @@ -5013,6 +5170,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -5032,6 +5190,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -5063,6 +5222,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -5081,15 +5241,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -5174,10 +5346,11 @@ spec: is '24h' if retentionSize is not set, and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string retentionSize: - description: 'Maximum amount of disk space used by blocks. Supported - units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.' + description: Maximum amount of disk space used by blocks. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string routePrefix: description: The route prefix Prometheus registers HTTP handlers for. @@ -5232,6 +5405,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic ruleSelector: description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus @@ -5281,6 +5455,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic rules: description: /--rules.*/ command-line arguments. properties: @@ -5303,11 +5478,14 @@ spec: type: object type: object scrapeInterval: - description: 'Interval between consecutive scrapes. Default: `1m`' + default: 30s + description: 'Interval between consecutive scrapes. Default: `30s`' + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string scrapeTimeout: description: Number of seconds to wait for target to respond before erroring. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: description: Secrets is a list of Secrets in the same namespace as @@ -5529,6 +5707,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic serviceMonitorSelector: description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, @@ -5575,6 +5754,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic sha: description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly @@ -5607,22 +5787,22 @@ spec: More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5664,14 +5844,14 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new @@ -5699,29 +5879,31 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef allows + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) or + a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if + the type of the specified object matches some installed + volume populator or dynamic provisioner. This field + will replace the functionality of the DataSource + field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of + them is empty and the other is non-empty. There + are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5742,8 +5924,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -5776,8 +5959,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -5823,9 +6006,10 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -5833,7 +6017,7 @@ spec: implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -5891,14 +6075,14 @@ spec: a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the @@ -5922,14 +6106,15 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object from + a non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, @@ -5938,12 +6123,12 @@ spec: and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef preserves + DataSourceRef allows any non-core object, as well as + PersistentVolumeClaim objects. * While DataSource ignores + disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + is specified. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5961,8 +6146,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but @@ -5994,8 +6180,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: selector is a label query over volumes to + consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -6039,9 +6225,10 @@ spec: contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume is @@ -6049,7 +6236,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -6058,7 +6245,7 @@ spec: of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes + description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string @@ -6070,19 +6257,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be larger - than the actual capacity when a volume expansion operation - is requested. For storage quota, the larger value from - allocatedResources and PVC.spec.resources is used. If - allocatedResources is not set, PVC.spec.resources alone - is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. type: object capacity: additionalProperties: @@ -6091,36 +6278,37 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying - volume. + description: capacity represents the actual resources + of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: - description: Last time we probed the condition. + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: lastTransitionTime is the time the + condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: message is the human-readable message + indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. type: string status: type: string @@ -6134,10 +6322,10 @@ spec: type: object type: array phase: - description: Phase represents the current phase of PersistentVolumeClaim. + description: phase represents the current phase of PersistentVolumeClaim. type: string resizeStatus: - description: ResizeStatus stores status of resize operation. + description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires @@ -6192,6 +6380,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -6211,6 +6400,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container @@ -6239,6 +6429,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -6258,6 +6449,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -6289,6 +6481,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -6305,9 +6498,19 @@ spec: type: boolean logFormat: description: LogFormat for Thanos sidecar to be configured with. + enum: + - "" + - logfmt + - json type: string logLevel: description: LogLevel for Thanos sidecar to be configured with. + enum: + - "" + - debug + - info + - warn + - error type: string minTime: description: MinTime for Thanos sidecar to be configured with. @@ -6335,6 +6538,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic objectStorageConfigFile: description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with @@ -6343,6 +6547,7 @@ spec: readyTimeout: description: ReadyTimeout is the maximum time Thanos sidecar will wait for Prometheus to start. Eg 10m + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string resources: description: Resources defines the resource requirements for the @@ -6405,6 +6610,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic tracingConfigFile: description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile @@ -6549,16 +6755,20 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. - For example, in a 3-zone cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - if MaxSkew is - 1, incoming pod can only be scheduled to zone3 to become 1/1/1; - scheduling it onto zone1(zone2) would make the ActualSkew(2-0) + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy @@ -6566,21 +6776,51 @@ spec: allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes match the node selector. e.g. If TopologyKey is + "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but + tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node assignment + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -6651,180 +6891,186 @@ spec: be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in the blob storage + description: diskName is the Name of the data disk in the + blob storage type: string diskURI: - description: The URI the data disk in the blob storage + description: diskURI is the URI of data disk in the blob + storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: - description: Share Name + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: - description: 'volume id used to identify the volume in cinder. + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -6836,25 +7082,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -6866,28 +7112,29 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: optional specify whether the ConfigMap or its + keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: - description: CSI (Container Storage Interface) represents ephemeral + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI driver that handles + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, @@ -6900,14 +7147,15 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object @@ -6915,7 +7163,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -6953,6 +7201,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 @@ -6996,54 +7245,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that is handled + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity - \ tracking are needed, c) the storage driver is specified - through a storage class, and d) the storage driver supports - dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on the - connection between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that way - see - the documentation of the driver for more information. \n A - pod can use both types of ephemeral volumes and persistent - volumes at the same time." + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to @@ -7078,13 +7327,13 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support @@ -7113,15 +7362,16 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to - populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + local object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will only + succeed if the type of the specified object matches + some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For @@ -7131,13 +7381,13 @@ spec: other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as - well as PersistentVolumeClaim objects. * While - DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef + preserves all values, and generates an error if + a disallowed value is specified. (Beta) Using + this field requires the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -7158,8 +7408,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -7192,8 +7443,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -7242,9 +7493,11 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -7252,7 +7505,7 @@ spec: is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -7261,32 +7514,33 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource that is + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers + description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: @@ -7294,128 +7548,133 @@ spec: type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options if any.' + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified revision. + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details + description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean @@ -7424,7 +7683,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers @@ -7433,78 +7692,81 @@ spec: mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session CHAP authentication + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -7512,24 +7774,24 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -7537,86 +7799,87 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies a Portworx volume + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions on created - files by default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal values - for mode bits. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set. + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: configMap information about the configMap + data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected @@ -7631,27 +7894,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -7665,13 +7929,14 @@ spec: uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: - description: information about the downwardAPI data - to project + description: downwardAPI information about the downwardAPI + data to project properties: items: description: Items is a list of DownwardAPIVolume @@ -7698,6 +7963,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be @@ -7746,21 +8012,22 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: - description: information about the secret data to - project + description: secret information about the secret data + to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup @@ -7772,27 +8039,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -7806,16 +8074,17 @@ spec: uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: optional field specify whether the + Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: serviceAccountToken is information about + the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the @@ -7823,7 +8092,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate @@ -7835,7 +8104,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative to the + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -7846,35 +8115,35 @@ spec: type: array type: object quobyte: - description: Quobyte represents a Quobyte mount on the host + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -7882,41 +8151,42 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -7925,36 +8195,38 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO API Gateway. + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: @@ -7963,26 +8235,28 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: system is the name of the storage system as + configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -7990,24 +8264,24 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -8019,25 +8293,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -8045,29 +8319,30 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: optional field specify whether the Secret or + its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -8076,13 +8351,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: - description: VolumeName is the human-readable name of the + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS @@ -8093,24 +8369,26 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere volume vmdk + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -8124,8 +8402,7 @@ spec: This flag is only available in versions of Prometheus >= 2.11.0. type: boolean web: - description: WebSpec defines the web command line flags when starting - Prometheus. + description: Defines the web command line flags when starting Prometheus. properties: pageTitle: description: The prometheus web page title @@ -8155,6 +8432,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -8174,6 +8452,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object cipherSuites: description: 'List of supported cipher suites for TLS versions @@ -8206,6 +8485,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -8225,6 +8505,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientAuthType: description: 'Server policy for client authentication. Maps @@ -8256,6 +8537,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic maxVersion: description: Maximum TLS version that is acceptable. Defaults to TLS13. @@ -8278,14 +8560,46 @@ spec: type: object status: description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. format: int32 type: integer + conditions: + description: The current state of the Prometheus deployment. + items: + description: PrometheusCondition represents the state of the resources + associated with the Prometheus resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the + condition's last transition. + type: string + reason: + description: Reason for the condition's last transition. + type: string + status: + description: status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map paused: description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. @@ -8295,6 +8609,44 @@ spec: Prometheus deployment (their labels match the selector). format: int32 type: integer + shardStatuses: + description: The list has one entry per shard. Each entry provides + a summary of the shard status. + items: + properties: + availableReplicas: + description: Total number of available pods (ready for at least + minReadySeconds) targeted by this shard. + format: int32 + type: integer + replicas: + description: Total number of pods targeted by this shard. + format: int32 + type: integer + shardID: + description: Identifier of the shard. + type: string + unavailableReplicas: + description: Total number of unavailable pods targeted by this + shard. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by + this shard that have the desired spec. + format: int32 + type: integer + required: + - availableReplicas + - replicas + - shardID + - unavailableReplicas + - updatedReplicas + type: object + type: array + x-kubernetes-list-map-keys: + - shardID + x-kubernetes-list-type: map unavailableReplicas: description: Total number of unavailable pods targeted by this Prometheus deployment. @@ -8317,10 +8669,5 @@ spec: type: object served: true storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: + status: {} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml index 713ec91..35d16f5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: prometheusrules.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: PrometheusRule listKind: PrometheusRuleList plural: prometheusrules + shortNames: + - promrule singular: prometheusrule scope: Namespaced versions: @@ -95,9 +96,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml index bea271f..f9dd94c 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: servicemonitors.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: ServiceMonitor listKind: ServiceMonitorList plural: servicemonitors + shortNames: + - smon singular: servicemonitor scope: Namespaced versions: @@ -68,6 +69,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: description: Set the authentication type. Defaults to Bearer, Basic will cause an error @@ -96,6 +98,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic username: description: The secret in the service monitor namespace that contains the username for authentication. @@ -115,6 +118,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object bearerTokenFile: description: File to read bearer token for scraping targets. @@ -139,6 +143,10 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -152,7 +160,9 @@ spec: the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: description: MetricRelabelConfigs to apply to samples before @@ -166,15 +176,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -240,6 +262,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -259,6 +282,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object clientSecret: description: The secret containing the OAuth2 client secret @@ -278,6 +302,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic endpointParams: additionalProperties: type: string @@ -305,7 +330,8 @@ spec: description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). type: string port: description: Name of the service port this endpoint refers to. @@ -330,15 +356,27 @@ spec: action: default: replace description: Action to perform based on regex matching. - Default is 'replace' + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. enum: - replace + - Replace - keep + - Keep - drop + - Drop - hashmod + - HashMod - labelmap + - LabelMap - labeldrop + - LabelDrop - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase type: string modulus: description: Modulus to take of the hash of the source @@ -381,7 +419,10 @@ spec: description: HTTP scheme to use for scraping. type: string scrapeTimeout: - description: Timeout after which the scrape is ended + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape timeout is used unless + it is less than `Interval` in which the latter is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: @@ -417,6 +458,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -436,6 +478,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container @@ -464,6 +507,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -483,6 +527,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus @@ -514,6 +559,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string @@ -521,10 +567,13 @@ spec: type: object type: array jobLabel: - description: "Chooses the label of the Kubernetes `Endpoints`. Its - value will be used for the `job`-label's value of the created metrics. - \n Default & fallback value: the name of the respective Kubernetes - `Endpoint`." + description: "JobLabel selects the label from the associated Kubernetes + service which will be used as the `job` label for all metrics. \n + For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: + bar`, then the `job=\"bar\"` label is added to all metrics. \n If + the value of this field is empty or if the label doesn't exist for + the given Service, the `job` label of the metrics defaults to the + name of the Kubernetes Service." type: string labelLimit: description: Per-scrape limit on number of labels that will be accepted @@ -612,6 +661,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic targetLabels: description: TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics. @@ -632,9 +682,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml index 83e1a27..eefc359 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml @@ -1,11 +1,10 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml - +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: thanosrulers.monitoring.coreos.com spec: @@ -16,6 +15,8 @@ spec: kind: ThanosRuler listKind: ThanosRulerList plural: thanosrulers + shortNames: + - ruler singular: thanosruler scope: Namespaced versions: @@ -150,6 +151,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -250,10 +252,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate @@ -330,6 +334,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -337,9 +342,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -388,13 +391,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -486,6 +490,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -493,8 +498,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -539,13 +542,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -639,6 +643,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -646,9 +651,7 @@ spec: field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is beta-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. + ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label @@ -697,13 +700,14 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" + and null namespaceSelector means "this pod's namespace". items: type: string type: array @@ -795,6 +799,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -802,8 +807,6 @@ spec: the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. - This field is beta-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. properties: matchExpressions: description: matchExpressions is a list of label @@ -848,13 +851,14 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means - "this pod's namespace" + "this pod's namespace". items: type: string type: array @@ -910,6 +914,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic alertmanagersConfig: description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` @@ -929,6 +934,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic alertmanagersUrl: description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: @@ -953,7 +959,7 @@ spec: within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -967,7 +973,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -1025,6 +1031,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -1043,6 +1050,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -1068,6 +1076,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -1089,6 +1098,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -1119,6 +1129,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -1135,10 +1146,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -1368,7 +1380,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -1570,7 +1582,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -1930,7 +1942,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2169,8 +2181,46 @@ spec: value will always be the namespace of the object that is being created. type: string evaluationInterval: + default: 15s description: Interval between consecutive evaluations. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + excludedFromEnforcement: + description: List of references to PrometheusRule objects to be excluded + from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel + set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + type: string + required: + - namespace + - resource + type: object + type: array externalPrefix: description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary @@ -2202,6 +2252,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -2220,6 +2271,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object caFile: description: Path to the CA cert in the Prometheus container to @@ -2245,6 +2297,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: @@ -2263,6 +2316,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object certFile: description: Path to the client cert file in the Prometheus container @@ -2293,10 +2347,33 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string type: object + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map image: description: Thanos container image URL. type: string @@ -2312,6 +2389,7 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: description: 'InitContainers allows adding initContainers to the pod @@ -2328,7 +2406,7 @@ spec: within a pod. properties: args: - description: 'Arguments to the entrypoint. The docker image''s + description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will @@ -2342,7 +2420,7 @@ spec: type: array command: description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not provided. + The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced @@ -2400,6 +2478,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, @@ -2418,6 +2497,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, @@ -2443,6 +2523,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -2464,6 +2545,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -2494,6 +2576,7 @@ spec: defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -2510,10 +2593,11 @@ spec: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' @@ -2743,7 +2827,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -2945,7 +3029,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3305,7 +3389,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is an alpha field and requires enabling GRPCContainerProbe + This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: port: @@ -3552,9 +3636,19 @@ spec: type: boolean logFormat: description: Log format for ThanosRuler to be configured with. + enum: + - "" + - logfmt + - json type: string logLevel: description: Log level for ThanosRuler to be configured with. + enum: + - "" + - debug + - info + - warn + - error type: string minReadySeconds: description: Minimum number of seconds for which a newly created pod @@ -3587,6 +3681,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic objectStorageConfigFile: description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, @@ -3632,10 +3727,11 @@ spec: description: Priority class assigned to the Pods type: string prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of Prometheus + description: 'PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both - ruleNamespace and ruleName are set for each pair + ruleNamespace and ruleName are set for each pair Deprecated: use + excludedFromEnforcement instead.' items: description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored @@ -3672,6 +3768,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic queryEndpoints: description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. @@ -3710,9 +3807,11 @@ spec: type: object type: object retention: + default: 24h description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string routePrefix: description: The route prefix ThanosRuler registers HTTP handlers @@ -3763,6 +3862,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic ruleSelector: description: A label selector to select which PrometheusRules to mount for alerting and recording. @@ -3808,6 +3908,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic securityContext: description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. @@ -3990,22 +4091,22 @@ spec: More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for this - EmptyDir volume. The size limit is also applicable for memory - medium. The maximum usage on memory medium EmptyDir would - be the minimum value between the SizeLimit specified here - and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -4047,14 +4148,14 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new @@ -4082,29 +4183,31 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the DataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value - automatically if one of them is empty and the other - is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef allows + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object + from a non-empty API group (non core object) or + a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if + the type of the specified object matches some installed + volume populator or dynamic provisioner. This field + will replace the functionality of the DataSource + field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will + be set to the same value automatically if one of + them is empty and the other is non-empty. There + are two important differences between DataSource + and DataSourceRef: * While DataSource only allows + two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + (dropping them), DataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -4125,8 +4228,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -4159,8 +4263,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -4206,9 +4310,10 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by - the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -4216,7 +4321,7 @@ spec: implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -4274,14 +4379,14 @@ spec: a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the @@ -4305,14 +4410,15 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to populate - the volume with data, if a non-empty volume is desired. - This may be any local object from a non-empty API group - (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any local object from + a non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, @@ -4321,12 +4427,12 @@ spec: and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef preserves + DataSourceRef allows any non-core object, as well as + PersistentVolumeClaim objects. * While DataSource ignores + disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value - is specified. (Alpha) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + is specified. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -4344,8 +4450,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but @@ -4377,8 +4484,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider for - binding. + description: selector is a label query over volumes to + consider for binding. properties: matchExpressions: description: matchExpressions is a list of label selector @@ -4422,9 +4529,10 @@ spec: contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required by the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume is @@ -4432,7 +4540,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference to the + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -4441,7 +4549,7 @@ spec: of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'AccessModes contains the actual access modes + description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string @@ -4453,19 +4561,19 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: The storage resource within AllocatedResources - tracks the capacity allocated to a PVC. It may be larger - than the actual capacity when a volume expansion operation - is requested. For storage quota, the larger value from - allocatedResources and PVC.spec.resources is used. If - allocatedResources is not set, PVC.spec.resources alone - is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. type: object capacity: additionalProperties: @@ -4474,36 +4582,37 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying - volume. + description: capacity represents the actual resources + of the underlying volume. type: object conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition contails details about state of pvc properties: lastProbeTime: - description: Last time we probed the condition. + description: lastProbeTime is the time we probed + the condition. format: date-time type: string lastTransitionTime: - description: Last time the condition transitioned - from one status to another. + description: lastTransitionTime is the time the + condition transitioned from one status to another. format: date-time type: string message: - description: Human-readable message indicating details - about last transition. + description: message is the human-readable message + indicating details about last transition. type: string reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is - being resized. + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. type: string status: type: string @@ -4517,10 +4626,10 @@ spec: type: object type: array phase: - description: Phase represents the current phase of PersistentVolumeClaim. + description: phase represents the current phase of PersistentVolumeClaim. type: string resizeStatus: - description: ResizeStatus stores status of resize operation. + description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires @@ -4621,16 +4730,20 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. - For example, in a 3-zone cluster, MaxSkew is set to 1, and - pods with the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - if MaxSkew is - 1, incoming pod can only be scheduled to zone3 to become 1/1/1; - scheduling it onto zone1(zone2) would make the ActualSkew(2-0) + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy @@ -4638,21 +4751,51 @@ spec: allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes match the node selector. e.g. If TopologyKey is + "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but + tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node assignment + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -4688,6 +4831,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic volumes: description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended @@ -4697,180 +4841,186 @@ spec: be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the default - is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data Disk mount on + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in the blob storage + description: diskName is the Name of the data disk in the + blob storage type: string diskURI: - description: The URI the data disk in the blob storage + description: diskURI is the URI of data disk in the blob + storage type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per storage - account Managed: azure managed data disk (only in managed - availability set). defaults to shared' + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: AzureFile represents an Azure File Service mount + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains Azure Storage - Account Name and Key + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: - description: Share Name + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount on the host that + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference to the authentication - secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume attached and + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: - description: 'volume id used to identify the volume in cinder. + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap that should populate + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -4882,25 +5032,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -4912,28 +5062,29 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its keys must - be defined + description: optional specify whether the ConfigMap or its + keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: - description: CSI (Container Storage Interface) represents ephemeral + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI driver that handles + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, @@ -4946,14 +5097,15 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific properties + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. type: object @@ -4961,7 +5113,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API about the pod + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -4999,6 +5151,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 @@ -5042,54 +5195,54 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: - description: 'EmptyDir represents a temporary directory that + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium should back this - directory. The default is "" which means to use the node''s - default medium. Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that is handled + description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity - \ tracking are needed, c) the storage driver is specified - through a storage class, and d) the storage driver supports - dynamic volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information on the - connection between this volume type and PersistentVolumeClaim). - \n Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight local ephemeral - volumes if the CSI driver is meant to be used that way - see - the documentation of the driver for more information. \n A - pod can use both types of ephemeral volumes and persistent - volumes at the same time." + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to @@ -5124,13 +5277,13 @@ spec: as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'AccessModes contains the desired access + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used to specify + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support @@ -5159,15 +5312,16 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: - description: 'Specifies the object from which to - populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + local object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will only + succeed if the type of the specified object matches + some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For @@ -5177,13 +5331,13 @@ spec: other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as - well as PersistentVolumeClaim objects. * While - DataSource ignores disallowed values (dropping - them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Alpha) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + DataSourceRef allows any non-core object, as well + as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef + preserves all values, and generates an error if + a disallowed value is specified. (Beta) Using + this field requires the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -5204,8 +5358,9 @@ spec: - kind - name type: object + x-kubernetes-map-type: atomic resources: - description: 'Resources represents the minimum resources + description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous @@ -5238,8 +5393,8 @@ spec: type: object type: object selector: - description: A label query over volumes to consider - for binding. + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: description: matchExpressions is a list of label @@ -5288,9 +5443,11 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'Name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what type of volume @@ -5298,7 +5455,7 @@ spec: is implied when not included in claim spec. type: string volumeName: - description: VolumeName is the binding reference + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string type: object @@ -5307,32 +5464,33 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource that is + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide identifiers + description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: @@ -5340,128 +5498,133 @@ spec: type: array type: object flexVolume: - description: FlexVolume represents a generic volume resource + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver to use for + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options if any.' + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: - description: 'Optional: Defaults to false (read/write). + description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference to the secret - object containing sensitive information to pass to the - plugin scripts. This may be empty if no secret object - is specified. If the secret object contains more than - one secret, all secrets are passed to the plugin scripts.' + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: - description: Flocker represents a Flocker volume attached to + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as metadata -> name - on the dataset for Flocker should be considered as deprecated + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository at a particular + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified revision. + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint name that details + description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume path. More info: + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the Glusterfs volume + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean @@ -5470,7 +5633,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing file or directory + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers @@ -5479,78 +5642,81 @@ spec: mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'Path of the directory on the host. If the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults to "" More + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session CHAP authentication + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new iSCSI - interface : will be created - for the connection. + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the ReadOnly setting + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: - description: iSCSI Target Portal. The Portal is either an - IP or ip_addr:port if the port is other than default (typically - TCP ports 860 and 3260). + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -5558,24 +5724,24 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL and unique + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the host that shares + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the NFS server. More + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the NFS export to + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP address of the + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -5583,86 +5749,87 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string pdID: - description: ID that identifies Photon Controller persistent - disk + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx volume attached + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem type to mount + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies a Portworx volume + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, configmaps, - and downward API + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions on created - files by default. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal values - for mode bits. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set. + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap data - to project + description: configMap information about the configMap + data to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced ConfigMap + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected @@ -5677,27 +5844,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -5711,13 +5879,14 @@ spec: uid?' type: string optional: - description: Specify whether the ConfigMap or - its keys must be defined + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: - description: information about the downwardAPI data - to project + description: downwardAPI information about the downwardAPI + data to project properties: items: description: Items is a list of DownwardAPIVolume @@ -5744,6 +5913,7 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: description: 'Optional: mode bits used to set permissions on this file, must be @@ -5792,21 +5962,22 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: - description: information about the secret data to - project + description: secret information about the secret data + to project properties: items: - description: If unspecified, each key-value pair - in the Data field of the referenced Secret will - be projected into the volume as a file whose - name is the key and content is the value. If - specified, the listed keys will be projected + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup @@ -5818,27 +5989,28 @@ spec: a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to - set permissions on this file. Must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file - to map the key to. May not be an absolute - path. May not contain the path element - '..'. May not start with the string '..'. + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. type: string required: - key @@ -5852,16 +6024,17 @@ spec: uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined + description: optional field specify whether the + Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: - description: information about the serviceAccountToken - data to project + description: serviceAccountToken is information about + the serviceAccountToken data to project properties: audience: - description: Audience is the intended audience + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the @@ -5869,7 +6042,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is the requested + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate @@ -5881,7 +6054,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative to the + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -5892,35 +6065,35 @@ spec: type: array type: object quobyte: - description: Quobyte represents a Quobyte mount on the host + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to Default is no + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the Quobyte volume + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single or multiple Quobyte + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte volume in the + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to Defaults to serivceaccount + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references an already + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -5928,41 +6101,42 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device mount on the + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring for RBDUser. + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the ReadOnly setting + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication secret + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -5971,36 +6145,38 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent volume + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO API Gateway. + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection Domain for - the configured storage. + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret for ScaleIO + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: @@ -6009,26 +6185,28 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: - description: Flag to enable/disable SSL communication with - Gateway, default false + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated with the - protection domain. + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: - description: The name of the storage system as configured - in ScaleIO. + description: system is the name of the storage system as + configured in ScaleIO. type: string volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -6036,24 +6214,24 @@ spec: - system type: object secret: - description: 'Secret represents a secret that should populate + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set.' + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be @@ -6065,25 +6243,25 @@ spec: description: Maps a string key to a path within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used to set permissions - on this file. Must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. type: string required: - key @@ -6091,29 +6269,30 @@ spec: type: object type: array optional: - description: Specify whether the Secret or its keys must - be defined + description: optional field specify whether the Secret or + its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS volume attached + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string readOnly: - description: Defaults to false (read/write). ReadOnly here - will force the ReadOnly setting in VolumeMounts. + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret to use for obtaining + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -6122,13 +6301,14 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: - description: VolumeName is the human-readable name of the + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the scope of the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS @@ -6139,24 +6319,26 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere volume attached + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere volume vmdk + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -6208,9 +6390,3 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/_helpers.tpl index 54513d3..25eb226 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/_helpers.tpl +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/_helpers.tpl @@ -29,14 +29,27 @@ The longest name that gets created adds and extra 37 characters, so truncation s {{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}} {{- end }} -{{/* Fullname suffixed with prometheus */}} -{{- define "kube-prometheus-stack.prometheus.fullname" -}} -{{- printf "%s-prometheus" (include "kube-prometheus-stack.fullname" .) -}} +{{/* Prometheus custom resource instance name */}} +{{- define "kube-prometheus-stack.prometheus.crname" -}} +{{- if .Values.cleanPrometheusOperatorObjectNames }} +{{- include "kube-prometheus-stack.fullname" . }} +{{- else }} +{{- print (include "kube-prometheus-stack.fullname" .) "-prometheus" }} +{{- end }} {{- end }} -{{/* Fullname suffixed with alertmanager */}} -{{- define "kube-prometheus-stack.alertmanager.fullname" -}} -{{- printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" .) -}} +{{/* Alertmanager custom resource instance name */}} +{{- define "kube-prometheus-stack.alertmanager.crname" -}} +{{- if .Values.cleanPrometheusOperatorObjectNames }} +{{- include "kube-prometheus-stack.fullname" . }} +{{- else }} +{{- print (include "kube-prometheus-stack.fullname" .) "-alertmanager" -}} +{{- end }} +{{- end }} + +{{/* Fullname suffixed with thanos-ruler */}} +{{- define "kube-prometheus-stack.thanosRuler.fullname" -}} +{{- printf "%s-thanos-ruler" (include "kube-prometheus-stack.fullname" .) -}} {{- end }} {{/* Create chart name and version as used by the chart label. */}} @@ -70,7 +83,7 @@ heritage: {{ $.Release.Service | quote }} {{/* Create the name of prometheus service account to use */}} {{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}} {{- if .Values.prometheus.serviceAccount.create -}} - {{ default (include "kube-prometheus-stack.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} + {{ default (print (include "kube-prometheus-stack.fullname" .) "-prometheus") .Values.prometheus.serviceAccount.name }} {{- else -}} {{ default "default" .Values.prometheus.serviceAccount.name }} {{- end -}} @@ -79,12 +92,21 @@ heritage: {{ $.Release.Service | quote }} {{/* Create the name of alertmanager service account to use */}} {{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}} {{- if .Values.alertmanager.serviceAccount.create -}} - {{ default (include "kube-prometheus-stack.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} + {{ default (print (include "kube-prometheus-stack.fullname" .) "-alertmanager") .Values.alertmanager.serviceAccount.name }} {{- else -}} {{ default "default" .Values.alertmanager.serviceAccount.name }} {{- end -}} {{- end -}} +{{/* Create the name of thanosRuler service account to use */}} +{{- define "kube-prometheus-stack.thanosRuler.serviceAccountName" -}} +{{- if .Values.thanosRuler.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.thanosRuler.fullname" .) .Values.thanosRuler.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.thanosRuler.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Allow the release namespace to be overridden for multi-namespace deployments in combined charts */}} @@ -200,3 +222,28 @@ Use the prometheus-node-exporter namespace override for multi-namespace deployme {{- $userValue := index . 3 -}} {{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.23-0" $insecure $secure $userValue) -}} {{- end -}} + +{{/* +To help compatibility with other charts which use global.imagePullSecrets. +Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). +global: + imagePullSecrets: + - name: pullSecret1 + - name: pullSecret2 + +or + +global: + imagePullSecrets: + - pullSecret1 + - pullSecret2 +*/}} +{{- define "kube-prometheus-stack.imagePullSecrets" -}} +{{- range .Values.global.imagePullSecrets }} + {{- if eq (typeOf .) "map[string]interface {}" }} +- {{ toYaml . | trim }} + {{- else }} +- name: {{ . }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml index b30f6b2..388e933 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: Alertmanager metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + name: {{ template "kube-prometheus-stack.alertmanager.crname" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-alertmanager @@ -68,6 +68,10 @@ spec: {{ else }} alertmanagerConfigNamespaceSelector: {} {{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.web }} + web: +{{ toYaml .Values.alertmanager.alertmanagerSpec.web | indent 4 }} +{{- end }} {{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration }} alertmanagerConfiguration: {{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration | indent 4 }} @@ -104,7 +108,7 @@ spec: labelSelector: matchExpressions: - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]} - - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} + - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]} {{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }} podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -114,7 +118,7 @@ spec: labelSelector: matchExpressions: - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]} - - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} + - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]} {{- end }} {{- if .Values.alertmanager.alertmanagerSpec.tolerations }} tolerations: @@ -126,7 +130,7 @@ spec: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }} {{- end }} {{- if .Values.alertmanager.alertmanagerSpec.containers }} containers: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml index b40cd62..29c9cbc 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml @@ -1,7 +1,7 @@ {{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} {{- $pathType := .Values.alertmanager.ingress.pathType | default "ImplementationSpecific" }} {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} -{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}} {{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} {{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}} {{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml index 76880b9..b183403 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml @@ -17,5 +17,5 @@ spec: selector: matchLabels: app.kubernetes.io/name: alertmanager - alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml index 84ff0f3..0a354a3 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager + name: alertmanager-{{ template "kube-prometheus-stack.alertmanager.crname" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }} {{- if .Values.alertmanager.secret.annotations }} annotations: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/service.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/service.yaml index 56e00b0..44100ec 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/service.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/service.yaml @@ -48,6 +48,6 @@ spec: {{- end }} selector: app.kubernetes.io/name: alertmanager - alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }} type: "{{ .Values.alertmanager.service.type }}" {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml index 066c7fc..ae433d5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml @@ -15,6 +15,6 @@ metadata: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}} {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml index 4433fc4..75a13bd 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml @@ -42,8 +42,8 @@ items: targetPort: {{ $serviceValues.targetPort }} selector: app.kubernetes.io/name: alertmanager - alertmanager: {{ template "kube-prometheus-stack.fullname" $ }}-alertmanager - statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" $ }} + statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.alertmanager.crname" $ }}-{{ $i }} type: "{{ $serviceValues.type }}" {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml index a456fc8..8d50137 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-coredns + {{- with .Values.coreDns.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: jobLabel: jobLabel diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml index c37a673..6f83c9b 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-apiserver + {{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: endpoints: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml index 4131930..eca337d 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml @@ -7,7 +7,7 @@ metadata: app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager k8s-app: kube-controller-manager {{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system + namespace: kube-system subsets: - addresses: {{- range .Values.kubeControllerManager.endpoints }} @@ -15,6 +15,8 @@ subsets: {{- end }} ports: - name: http-metrics - port: {{ .Values.kubeControllerManager.service.port }} + {{- $kubeControllerManagerDefaultInsecurePort := 10252 }} + {{- $kubeControllerManagerDefaultSecurePort := 10257 }} + port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} protocol: TCP {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml index 3b26ac7..65556e1 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + {{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: jobLabel: jobLabel diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml index c2da09a..5c4afc9 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + {{- with .Values.kubeDns.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: jobLabel: jobLabel diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml index 2ddac92..8418c00 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + {{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: jobLabel: jobLabel diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml index 28f2a26..329b37b 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + {{- with .Values.kubeProxy.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: jobLabel: jobLabel diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml index f4ad60f..84a14ae 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml @@ -15,6 +15,8 @@ subsets: {{- end }} ports: - name: http-metrics - port: {{ .Values.kubeScheduler.service.port }} + {{- $kubeSchedulerDefaultInsecurePort := 10251 }} + {{- $kubeSchedulerDefaultSecurePort := 10259 }} + port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} protocol: TCP {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml index fd4674c..6d43bf6 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + {{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: jobLabel: jobLabel diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml index eb5e566..52700bc 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-kubelet + {{- with .Values.kubelet.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "kube-prometheus-stack.labels" . | indent 4 }} spec: endpoints: @@ -156,6 +159,28 @@ spec: relabelings: {{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }} {{- end }} +{{- if .Values.kubelet.serviceMonitor.probes }} + - port: http-metrics + path: /metrics/probes + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} + relabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }} +{{- end }} +{{- end }} {{- if .Values.kubelet.serviceMonitor.resource }} - port: http-metrics path: {{ .Values.kubelet.serviceMonitor.resourcePath }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml index a01dc1a..b5f0bf8 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml @@ -34,16 +34,26 @@ data: isDefault: true jsonData: timeInterval: {{ $scrapeInterval }} +{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} + exemplarTraceIdDestinations: + - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }} + name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }} +{{- end }} {{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }} {{- range until (int .Values.prometheus.prometheusSpec.replicas) }} - name: Prometheus-{{ . }} type: prometheus - uid: {{ .Values.grafana.sidecar.datasources.uid }}-replica-{{ . }} - url: http://prometheus-{{ template "kube-prometheus-stack.fullname" $ }}-prometheus-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} + uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }} + url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} access: proxy isDefault: false jsonData: timeInterval: {{ $scrapeInterval }} +{{- if $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} + exemplarTraceIdDestinations: + - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }} + name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }} +{{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml index 804d94a..4fd52ae 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml @@ -12,6 +12,6 @@ metadata: {{- include "kube-prometheus-stack.labels" $ | indent 4 }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml index 9cb8993..7a12754 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -36,6 +36,7 @@ webhooks: {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} {{- end }} + timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml index e556853..300956a 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml @@ -14,6 +14,7 @@ rules: - alertmanagers/finalizers - alertmanagerconfigs - prometheuses + - prometheuses/status - prometheuses/finalizers - thanosrulers - thanosrulers/finalizers diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml index 2dc96ed..5883b76 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml @@ -9,6 +9,10 @@ metadata: labels: app: {{ template "kube-prometheus-stack.name" . }}-operator {{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheusOperator.annotations }} + annotations: +{{ toYaml .Values.prometheusOperator.annotations | indent 4 }} +{{- end }} spec: replicas: 1 selector: @@ -78,6 +82,9 @@ spec: {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }} - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }} {{- end }} + {{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }} + - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }} + {{- end }} {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }} - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml index 650f53c..781975f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml @@ -11,6 +11,6 @@ metadata: {{ include "kube-prometheus-stack.labels" . | indent 4 }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml index 4930189..91fadf9 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml @@ -1,7 +1,7 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled -}} {{- $pathType := .Values.prometheus.ingress.pathType | default "ImplementationSpecific" -}} {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" -}} - {{- $servicePort := .Values.prometheus.service.port -}} + {{- $servicePort := .Values.prometheus.ingress.servicePort | default .Values.prometheus.service.port -}} {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix -}} {{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}} {{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml index 93a30e7..02a320e 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml @@ -17,5 +17,5 @@ spec: selector: matchLabels: app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml index bfb5794..4cd6e29 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml @@ -2,7 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: Prometheus metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + name: {{ template "kube-prometheus-stack.prometheus.crname" . }} namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-prometheus @@ -60,6 +60,9 @@ spec: {{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }} replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}" {{- end }} +{{- if .Values.prometheus.prometheusSpec.enableRemoteWriteReceiver }} + enableRemoteWriteReceiver: {{ .Values.prometheus.prometheusSpec.enableRemoteWriteReceiver }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.externalUrl }} externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}" {{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} @@ -82,6 +85,10 @@ spec: web: {{ toYaml .Values.prometheus.prometheusSpec.web | indent 4 }} {{- end }} +{{- if .Values.prometheus.prometheusSpec.exemplars }} + exemplars: + {{ toYaml .Values.prometheus.prometheusSpec.exemplars | indent 4 }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.enableFeatures }} enableFeatures: {{- range $enableFeatures := .Values.prometheus.prometheusSpec.enableFeatures }} @@ -253,7 +260,7 @@ spec: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }} {{- end }} {{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} additionalScrapeConfigs: @@ -274,6 +281,9 @@ spec: {{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }} name: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.name }} key: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.key }} + {{- if hasKey .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret "optional" }} + optional: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.optional }} + {{- end }} {{- end }} {{- end }} {{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} @@ -281,6 +291,11 @@ spec: name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg key: additional-alert-relabel-configs.yaml {{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret }} + additionalAlertRelabelConfigs: + name: {{ .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret.name }} + key: {{ .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret.key }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.containers }} containers: {{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }} @@ -331,6 +346,15 @@ spec: {{- end }} {{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }} {{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }} +{{- end }} + excludedFromEnforcement: +{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }} + - resource: prometheusrules + namespace: "{{ template "kube-prometheus-stack.namespace" $ }}" + name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.excludedFromEnforcement }} +{{ toYaml .Values.prometheus.prometheusSpec.excludedFromEnforcement | indent 4 }} {{- end }} {{- end }} {{- if .Values.prometheus.prometheusSpec.queryLogFile }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/service.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/service.yaml index d36f585..1e1f9c7 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/service.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/service.yaml @@ -56,7 +56,7 @@ spec: publishNotReadyAddresses: {{ .Values.prometheus.service.publishNotReadyAddresses }} selector: app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} {{- if .Values.prometheus.service.sessionAffinity }} sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml index 8d9f98d..2b80e77 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml @@ -35,5 +35,5 @@ spec: {{- end }} selector: app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml index c239f56..fa45934 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml @@ -42,5 +42,5 @@ spec: {{- end }} selector: app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml index 0b9929b..dde1632 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml @@ -15,6 +15,6 @@ metadata: {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml index 5801425..f2644d9 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/servicemonitorThanosSidecar.yaml @@ -2,10 +2,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-sidecar namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery + app: {{ template "kube-prometheus-stack.name" . }}-thanos-sidecar {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: selector: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml index f1e899c..8d2fdc3 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml @@ -1,6 +1,6 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} {{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} -{{- $serviceValues := .Values.prometheus.servicePerReplica -}} +{{- $serviceValues := .Values.prometheus.servicePerReplica -}} apiVersion: v1 kind: List metadata: @@ -42,8 +42,8 @@ items: targetPort: {{ $serviceValues.targetPort }} selector: app.kubernetes.io/name: prometheus - prometheus: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus - statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + prometheus: {{ include "kube-prometheus-stack.prometheus.crname" $ }} + statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.prometheus.crname" $ }}-{{ $i }} type: "{{ $serviceValues.type }}" {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml new file mode 100644 index 0000000..fe2ea5b --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/extrasecret.yaml @@ -0,0 +1,20 @@ +{{- if .Values.thanosRuler.extraSecret.data -}} +{{- $secretName := printf "thanos-ruler-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ default $secretName .Values.thanosRuler.extraSecret.name }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.thanosRuler.extraSecret.annotations }} + annotations: +{{ toYaml .Values.thanosRuler.extraSecret.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler + app.kubernetes.io/component: thanos-ruler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: +{{- range $key, $val := .Values.thanosRuler.extraSecret.data }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml new file mode 100644 index 0000000..2760805 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ingress.yaml @@ -0,0 +1,77 @@ +{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.ingress.enabled }} +{{- $pathType := .Values.thanosRuler.ingress.pathType | default "ImplementationSpecific" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "thanos-ruler" }} +{{- $servicePort := .Values.thanosRuler.service.port -}} +{{- $routePrefix := list .Values.thanosRuler.thanosRulerSpec.routePrefix }} +{{- $paths := .Values.thanosRuler.ingress.paths | default $routePrefix -}} +{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} +apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.thanosRuler.ingress.annotations }} + annotations: +{{ toYaml .Values.thanosRuler.ingress.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler +{{- if .Values.thanosRuler.ingress.labels }} +{{ toYaml .Values.thanosRuler.ingress.labels | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if $apiIsStable }} + {{- if .Values.thanosRuler.ingress.ingressClassName }} + ingressClassName: {{ .Values.thanosRuler.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.thanosRuler.ingress.hosts }} + {{- range $host := .Values.thanosRuler.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.thanosRuler.ingress.tls }} + tls: +{{ tpl (toYaml .Values.thanosRuler.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml new file mode 100644 index 0000000..d3d378d --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.podDisruptionBudget.enabled }} +apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.thanosRuler.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.thanosRuler.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: thanos-ruler + thanos-ruler: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml new file mode 100644 index 0000000..1f294f8 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/ruler.yaml @@ -0,0 +1,168 @@ +{{- if .Values.thanosRuler.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ThanosRuler +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.thanosRuler.annotations }} + annotations: +{{ toYaml .Values.thanosRuler.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.thanosRuler.thanosRulerSpec.image }} + {{- if and .Values.thanosRuler.thanosRulerSpec.image.tag .Values.thanosRuler.thanosRulerSpec.image.sha }} + image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}" + {{- else if .Values.thanosRuler.thanosRulerSpec.image.sha }} + image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}" + {{- else if .Values.thanosRuler.thanosRulerSpec.image.tag }} + image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}" + {{- else }} + image: "{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}" + {{- end }} + {{- if .Values.thanosRuler.thanosRulerSpec.image.sha }} + sha: {{ .Values.thanosRuler.thanosRulerSpec.image.sha }} + {{- end }} +{{- end }} + replicas: {{ .Values.thanosRuler.thanosRulerSpec.replicas }} + listenLocal: {{ .Values.thanosRuler.thanosRulerSpec.listenLocal }} + serviceAccountName: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }} +{{- if .Values.thanosRuler.thanosRulerSpec.externalPrefix }} + externalPrefix: "{{ tpl .Values.thanosRuler.thanosRulerSpec.externalPrefix . }}" +{{- else if and .Values.thanosRuler.ingress.enabled .Values.thanosRuler.ingress.hosts }} + externalPrefix: "http://{{ tpl (index .Values.thanosRuler.ingress.hosts 0) . }}{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" +{{- else }} + externalPrefix: http://{{ template "kube-prometheus-stack.fullname" . }}-thanosRuler.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.nodeSelector }} + nodeSelector: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.thanosRuler.thanosRulerSpec.paused }} + logFormat: {{ .Values.thanosRuler.thanosRulerSpec.logFormat | quote }} + logLevel: {{ .Values.thanosRuler.thanosRulerSpec.logLevel | quote }} + retention: {{ .Values.thanosRuler.thanosRulerSpec.retention | quote }} +{{- if .Values.thanosRuler.thanosRulerSpec.evaluationInterval }} + evaluationInterval: {{ .Values.thanosRuler.thanosRulerSpec.evaluationInterval }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.ruleNamespaceSelector }} + ruleNamespaceSelector: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.ruleNamespaceSelector | indent 4 }} +{{ else }} + ruleNamespaceSelector: {} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.ruleSelector }} + ruleSelector: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.ruleSelector | indent 4}} +{{- else if .Values.thanosRuler.thanosRulerSpec.ruleSelectorNilUsesHelmValues }} + ruleSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + ruleSelector: {} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.alertQueryUrl }} + alertQueryUrl: "{{ .Values.thanosRuler.thanosRulerSpec.alertQueryUrl }}" +{{- end}} +{{- if .Values.thanosRuler.thanosRulerSpec.alertmanagersUrl }} + alertmanagersUrl: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertmanagersUrl | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.alertmanagersConfig }} + alertmanagersConfig: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertmanagersConfig | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.queryEndpoints }} + queryEndpoints: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.queryEndpoints | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.resources }} + resources: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.resources | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.routePrefix }} + routePrefix: "{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.securityContext }} + securityContext: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.storage }} + storage: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.storage | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.objectStorageConfig }} + objectStorageConfig: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.objectStorageConfig | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.labels }} + labels: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.labels | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.objectStorageConfigFile }} + objectStorageConfigFile: {{ .Values.thanosRuler.thanosRulerSpec.objectStorageConfigFile }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.podMetadata }} + podMetadata: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.podMetadata | indent 4 }} +{{- end }} +{{- if or .Values.thanosRuler.thanosRulerSpec.podAntiAffinity .Values.thanosRuler.thanosRulerSpec.affinity }} + affinity: +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.affinity }} +{{ toYaml .Values.thanosRuler.thanosRulerSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.thanosRuler.thanosRulerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} + - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler]} +{{- else if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.thanosRuler.thanosRulerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} + - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler]} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.tolerations }} + tolerations: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.containers }} + containers: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.containers | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.initContainers }} + initContainers: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.priorityClassName }} + priorityClassName: {{.Values.thanosRuler.thanosRulerSpec.priorityClassName }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.volumes }} + volumes: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.thanosRulerSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumeMounts | indent 4 }} +{{- end }} + portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }} +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml new file mode 100644 index 0000000..093dbf7 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/service.yaml @@ -0,0 +1,53 @@ +{{- if .Values.thanosRuler.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler + self-monitor: {{ .Values.thanosRuler.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.thanosRuler.service.labels }} +{{ toYaml .Values.thanosRuler.service.labels | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.service.annotations }} + annotations: +{{ toYaml .Values.thanosRuler.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.thanosRuler.service.clusterIP }} + clusterIP: {{ .Values.thanosRuler.service.clusterIP }} +{{- end }} +{{- if .Values.thanosRuler.service.externalIPs }} + externalIPs: +{{ toYaml .Values.thanosRuler.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.thanosRuler.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.thanosRuler.service.loadBalancerIP }} +{{- end }} +{{- if .Values.thanosRuler.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.thanosRuler.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} +{{- if ne .Values.thanosRuler.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.thanosRuler.service.externalTrafficPolicy }} +{{- end }} + ports: + - name: {{ .Values.thanosRuler.thanosRulerSpec.portName }} + {{- if eq .Values.thanosRuler.service.type "NodePort" }} + nodePort: {{ .Values.thanosRuler.service.nodePort }} + {{- end }} + port: {{ .Values.thanosRuler.service.port }} + targetPort: {{ .Values.thanosRuler.service.targetPort }} + protocol: TCP +{{- if .Values.thanosRuler.service.additionalPorts }} +{{ toYaml .Values.thanosRuler.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app.kubernetes.io/name: thanos-ruler + thanos-ruler: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler + type: "{{ .Values.thanosRuler.service.type }}" +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml new file mode 100644 index 0000000..0138c35 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler + app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler + app.kubernetes.io/component: thanos-ruler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.thanosRuler.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.thanosRuler.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml new file mode 100644 index 0000000..4a05679 --- /dev/null +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler + release: {{ $.Release.Name | quote }} + self-monitor: {{ .Values.thanosRuler.serviceMonitor.selfMonitor | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.thanosRuler.thanosRulerSpec.portName }} + {{- if .Values.thanosRuler.serviceMonitor.interval }} + interval: {{ .Values.thanosRuler.serviceMonitor.interval }} + {{- end }} + {{- if .Values.thanosRuler.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.thanosRuler.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.thanosRuler.serviceMonitor.scheme }} + scheme: {{ .Values.thanosRuler.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.thanosRuler.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.thanosRuler.serviceMonitor.bearerTokenFile }} + {{- end }} + {{- if .Values.thanosRuler.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.thanosRuler.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + path: "{{ trimSuffix "/" .Values.thanosRuler.thanosRulerSpec.routePrefix }}/metrics" +{{- if .Values.thanosRuler.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.thanosRuler.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.thanosRuler.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.thanosRuler.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml index a621d0d..0196a54 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml @@ -38,9 +38,11 @@ defaultRules: configReloaders: true general: true k8s: true - kubeApiserver: true kubeApiserverAvailability: true + kubeApiserverBurnrate: true + kubeApiserverHistogram: true kubeApiserverSlos: true + kubeControllerManager: true kubelet: true kubeProxy: true kubePrometheusGeneral: true @@ -69,6 +71,9 @@ defaultRules: ## Additional labels for PrometheusRule alerts additionalRuleLabels: {} + ## Additional annotations for PrometheusRule alerts + additionalRuleAnnotations: {} + ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules. runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks" @@ -121,6 +126,8 @@ global: ## imagePullSecrets: [] # - name: "image-pull-secret" + # or + # - "image-pull-secret" ## Configuration for alertmanager ## ref: https://prometheus.io/docs/alerting/alertmanager/ @@ -164,16 +171,37 @@ alertmanager: config: global: resolve_timeout: 5m + inhibit_rules: + - source_matchers: + - 'severity = critical' + target_matchers: + - 'severity =~ warning|info' + equal: + - 'namespace' + - 'alertname' + - source_matchers: + - 'severity = warning' + target_matchers: + - 'severity = info' + equal: + - 'namespace' + - 'alertname' + - source_matchers: + - 'alertname = InfoInhibitor' + target_matchers: + - 'severity = info' + equal: + - 'namespace' route: - group_by: ['job'] + group_by: ['namespace'] group_wait: 30s group_interval: 5m repeat_interval: 12h receiver: 'null' routes: - - match: - alertname: Watchdog - receiver: 'null' + - receiver: 'null' + matchers: + - alertname =~ "InfoInhibitor|Watchdog" receivers: - name: 'null' templates: @@ -228,6 +256,9 @@ alertmanager: labels: {} + ## Redirect ingress to an additional defined port on the service + # servicePort: 8081 + ## Hosts must be provided if Ingress is enabled. ## hosts: [] @@ -322,6 +353,10 @@ alertmanager: ## Additional ports to open for Alertmanager service additionalPorts: [] + # additionalPorts: + # - name: authenticated + # port: 8081 + # targetPort: 8081 externalIPs: [] loadBalancerIP: "" @@ -441,6 +476,10 @@ alertmanager: ## # configSecret: + ## WebTLSConfig defines the TLS parameters for HTTPS + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerwebspec + web: {} + ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. ## alertmanagerConfigSelector: {} @@ -480,7 +519,9 @@ alertmanager: ## AlermanagerConfig to be used as top level configuration ## alertmanagerConfiguration: {} - # - name: global-alertmanager-Configuration + ## Example with select a global alertmanagerconfig + # alertmanagerConfiguration: + # name: global-alertmanager-Configuration ## Define Log Format # Use logfmt (default) or json logging @@ -510,7 +551,7 @@ alertmanager: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false @@ -602,6 +643,18 @@ alertmanager: ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. ## containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0 + # args: + # - --upstream=http://127.0.0.1:9093 + # - --http-address=0.0.0.0:8081 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # resources: {} # Additional volumes on the output StatefulSet definition. volumes: [] @@ -748,11 +801,17 @@ grafana: ## Create datasource for each Pod of Prometheus StatefulSet; ## this uses headless service `prometheus-operated` which is ## created by Prometheus Operator - ## ref: https://git.io/fjaBS + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286 createPrometheusReplicasDatasources: false label: grafana_datasource labelValue: "1" + ## Field with internal link pointing to existing data source in Grafana. + ## Can be provisioned via additionalDataSources + exemplarTraceIdDestinations: {} + # datasourceUid: Jaeger + # traceIdLabelName: trace_id + extraConfigmapMounts: [] # - name: certs-configmap # mountPath: /etc/grafana/ssl/ @@ -841,7 +900,13 @@ kubeApiServer: ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - metricRelabelings: [] + metricRelabelings: + # Drop excessively noisy apiserver buckets. + - action: drop + regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50) + sourceLabels: + - __name__ + - le # - action: keep # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' # sourceLabels: [__name__] @@ -859,6 +924,11 @@ kubeApiServer: # - targetLabel: __address__ # replacement: kubernetes.default.svc:443 + ## Additional labels + ## + additionalLabels: {} + # foo: bar + ## Component scraping the kubelet and kubelet-hosted cAdvisor ## kubelet: @@ -897,7 +967,31 @@ kubelet: ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig ## - cAdvisorMetricRelabelings: [] + cAdvisorMetricRelabelings: + # Drop less useful container CPU metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)' + # Drop less useful container / always zero filesystem metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)' + # Drop less useful / always zero container memory metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_memory_(mapped_file|swap)' + # Drop less useful container process metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_(file_descriptors|tasks_state|threads_max)' + # Drop container spec metrics that overlap with kube-state-metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_spec.*' + # Drop cgroup metrics with no pod. + - sourceLabels: [id, pod] + action: drop + regex: '.+;' # - sourceLabels: [__name__, image] # separator: ; # regex: container_([a-z_]+); @@ -993,6 +1087,11 @@ kubelet: # replacement: $1 # action: replace + ## Additional labels + ## + additionalLabels: {} + # foo: bar + ## Component scraping the kube controller manager ## kubeControllerManager: @@ -1058,6 +1157,11 @@ kubeControllerManager: # replacement: $1 # action: replace + ## Additional labels + ## + additionalLabels: {} + # foo: bar + ## Component scraping coreDns. Use either this or kubeDns ## coreDns: @@ -1095,6 +1199,11 @@ coreDns: # replacement: $1 # action: replace + ## Additional labels + ## + additionalLabels: {} + # foo: bar + ## Component scraping kubeDns. Use either this or coreDns ## kubeDns: @@ -1155,6 +1264,11 @@ kubeDns: # replacement: $1 # action: replace + ## Additional labels + ## + additionalLabels: {} + # foo: bar + ## Component scraping etcd ## kubeEtcd: @@ -1221,6 +1335,10 @@ kubeEtcd: # replacement: $1 # action: replace + ## Additional labels + ## + additionalLabels: {} + # foo: bar ## Component scraping kube scheduler ## @@ -1285,6 +1403,10 @@ kubeScheduler: # replacement: $1 # action: replace + ## Additional labels + ## + additionalLabels: {} + # foo: bar ## Component scraping kube proxy ## @@ -1336,6 +1458,10 @@ kubeProxy: # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' # sourceLabels: [__name__] + ## Additional labels + ## + additionalLabels: {} + # foo: bar ## Component scraping kube state metrics ## @@ -1470,6 +1596,8 @@ prometheusOperator: ## rules from making their way into prometheus and potentially preventing the container from starting admissionWebhooks: failurePolicy: Fail + ## The default timeoutSeconds is 10 and the maximum value is 30. + timeoutSeconds: 10 enabled: true ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. ## If unspecified, system trust roots on the apiserver are used. @@ -1482,7 +1610,7 @@ prometheusOperator: enabled: true image: repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen - tag: v1.1.1 + tag: v1.2.0 sha: "" pullPolicy: IfNotPresent resources: {} @@ -1530,6 +1658,7 @@ prometheusOperator: ## Filter namespaces to look for prometheus-operator custom resources ## alertmanagerInstanceNamespaces: [] + alertmanagerConfigNamespaces: [] prometheusInstanceNamespaces: [] thanosRulerInstanceNamespaces: [] @@ -1585,6 +1714,10 @@ prometheusOperator: ## externalIPs: [] + ## Annotations to add to the operator deployment + ## + annotations: {} + ## Labels to add to the operator pod ## podLabels: {} @@ -1708,7 +1841,7 @@ prometheusOperator: ## image: repository: quay.io/prometheus-operator/prometheus-operator - tag: v0.55.0 + tag: v0.58.0 sha: "" pullPolicy: IfNotPresent @@ -1726,7 +1859,7 @@ prometheusOperator: # image to use for config and rule reloading image: repository: quay.io/prometheus-operator/prometheus-config-reloader - tag: v0.55.0 + tag: v0.58.0 sha: "" # resource config for prometheusConfigReloader @@ -1742,7 +1875,7 @@ prometheusOperator: ## thanosImage: repository: quay.io/thanos/thanos - tag: v0.25.2 + tag: v0.27.0 sha: "" ## Set a Field Selector to filter watched secrets @@ -1896,6 +2029,10 @@ prometheus: ## Additional port to define in the Service additionalPorts: [] + # additionalPorts: + # - name: authenticated + # port: 8081 + # targetPort: 8081 ## Consider that all endpoints are considered "ready" even if the Pods themselves are not ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec @@ -2004,6 +2141,9 @@ prometheus: annotations: {} labels: {} + ## Redirect ingress to an additional defined port on the service + # servicePort: 8081 + ## Hostnames. ## Must be provided if Ingress is enabled. ## @@ -2151,6 +2291,14 @@ prometheus: ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig web: {} + ## Exemplars related settings that are runtime reloadable. + ## It requires to enable the exemplar storage feature to be effective. + exemplars: "" + ## Maximum number of exemplars stored in memory for all series. + ## If not set, Prometheus uses its default value. + ## A value of zero or less than zero disables the storage. + # maxSize: 100000 + # EnableFeatures API enables access to Prometheus disabled features. # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ enableFeatures: [] @@ -2160,7 +2308,7 @@ prometheus: ## image: repository: quay.io/prometheus/prometheus - tag: v2.34.0 + tag: v2.37.0 sha: "" ## Tolerations for use with node taints @@ -2202,6 +2350,10 @@ prometheus: ## externalLabels: {} + ## enable --web.enable-remote-write-receiver flag on prometheus-server + ## + enableRemoteWriteReceiver: false + ## Name of the external label used to denote replica name ## replicaExternalLabelName: "" @@ -2553,6 +2705,7 @@ prometheus: additionalAlertManagerConfigsSecret: {} # name: # key: + # optional: false ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the @@ -2567,6 +2720,14 @@ prometheus: # replacement: $1 # action: labeldrop + ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage + ## them separately from the helm deployment, you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalAlertRelabelConfigs + additionalAlertRelabelConfigsSecret: {} + # name: + # key: + ## SecurityContext holds pod-level security attributes and common container settings. ## This defaults to non root user with uid 1000 and gid 2000. ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md @@ -2598,6 +2759,18 @@ prometheus: ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. ## if using proxy extraContainer update targetPort with proxy container port containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0 + # args: + # - --upstream=http://127.0.0.1:9093 + # - --http-address=0.0.0.0:8081 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # resources: {} ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes ## (permissions, dir tree) on mounted volumes before starting prometheus @@ -2629,8 +2802,15 @@ prometheus: ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + ## Deprecated, use `excludedFromEnforcement` instead prometheusRulesExcludedFromEnforce: [] + ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects + ## to be excluded from enforcing a namespace label of origin. + ## Works only if enforcedNamespaceLabel set to true. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#objectreference + excludedFromEnforcement: [] + ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions @@ -2805,3 +2985,377 @@ prometheus: ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmetricsendpoint ## # podMetricsEndpoints: [] + +## Configuration for thanosRuler +## ref: https://thanos.io/tip/components/rule.md/ +## +thanosRuler: + + ## Deploy thanosRuler + ## + enabled: false + + ## Annotations for ThanosRuler + ## + annotations: {} + + ## Service account for ThanosRuler to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + + ## Configure pod disruption budgets for ThanosRuler + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + + labels: {} + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - thanosruler.domain.com + + ## Paths to use for ingress rules - one path should match the thanosruler.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for ThanosRuler Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: thanosruler-general-tls + # hosts: + # - thanosruler.example.com + + ## Configuration for ThanosRuler service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for ThanosRuler Service to listen on + ## + port: 10902 + ## To be used with a proxy extraContainer port + ## + targetPort: 10902 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30905 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + + ## Additional ports to open for ThanosRuler service + additionalPorts: [] + + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## + type: ClusterIP + + ## If true, create a serviceMonitor for thanosRuler + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting thanosRulerpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosrulerspec + ## + thanosRulerSpec: + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the ThanosRuler pods. + ## + podMetadata: {} + + ## Image of ThanosRuler + ## + image: + repository: quay.io/thanos/thanos + tag: v0.27.0 + sha: "" + + ## Namespaces to be selected for PrometheusRules discovery. + ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + + ## If true, a nil or {} value for thanosRuler.thanosRulerSpec.ruleSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the PrometheusRule resources created + ## + ruleSelectorNilUsesHelmValues: true + + ## PrometheusRules to be selected for target discovery. + ## If {}, select all PrometheusRules + ## + ruleSelector: {} + ## Example which select all PrometheusRules resources + ## with label "prometheus" with values any of "example-rules" or "example-rules-2" + # ruleSelector: + # matchExpressions: + # - key: prometheus + # operator: In + # values: + # - example-rules + # - example-rules-2 + # + ## Example which select all PrometheusRules resources with label "role" set to "example-rules" + # ruleSelector: + # matchLabels: + # role: example-rules + + ## Define Log Format + # Use logfmt (default) or json logging + logFormat: logfmt + + ## Log level for ThanosRuler to be configured with. + ## + logLevel: info + + ## Size is the expected size of the thanosRuler cluster. The controller will eventually make the size of the + ## running cluster equal to the expected size. + replicas: 1 + + ## Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression + ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). + ## + retention: 24h + + ## Interval between consecutive evaluations. + ## + evaluationInterval: "" + + ## Storage is the definition of how storage will be used by the ThanosRuler instances. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md + ## + storage: {} + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + ## AlertmanagerConfig define configuration for connecting to alertmanager. + ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg. + alertmanagersConfig: {} + # - api_version: v2 + # http_config: + # basic_auth: + # username: some_user + # password: some_pass + # static_configs: + # - alertmanager.thanos.io + # scheme: http + # timeout: 10s + + ## DEPRECATED. Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, alertmanagersConfig should be used instead. + ## Note: this field will be ignored if alertmanagersConfig is specified. Maps to the alertmanagers.url Thanos Ruler arg. + # alertmanagersUrl: + + ## The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. string false + ## + externalPrefix: + + ## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, + ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. + ## + routePrefix: / + + ## ObjectStorageConfig configures object storage in Thanos. Alternative to + ## ObjectStorageConfigFile, and lower order priority. + objectStorageConfig: {} + + ## ObjectStorageConfigFile specifies the path of the object storage configuration file. + ## When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + objectStorageConfigFile: "" + + ## Labels configure the external label pairs to ThanosRuler. A default replica + ## label `thanos_ruler_replica` will be always added as a label with the value + ## of the pod's name and it will be dropped in the alerts. + labels: {} + + ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. + ## + paused: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # requests: + # memory: 400Mi + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + ## + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the thanosRuler instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: thanos-ruler + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP. + ## Note this is only for the ThanosRuler UI, not the gossip communication. + ## + listenLocal: false + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an ThanosRuler pod. + ## + containers: [] + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## PortName to use for ThanosRuler. + ## + portName: "web" + + ## ExtraSecret can be used to store various data in an extra secret + ## (use it for example to store hashed basic auth credentials) + extraSecret: + ## if not set, name will be auto generated + # name: "" + annotations: {} + data: {} + # auth: | + # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 + # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. + +## Setting to true produces cleaner resource names, but requires a data migration because the name of the persistent volume changes. Therefore this should only be set once on initial installation. +## +cleanPrometheusOperatorObjectNames: false diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/Chart.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/Chart.yaml index 0f192ac..f85c2c2 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/Chart.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/Chart.yaml @@ -13,4 +13,4 @@ maintainers: name: prometheus-pushgateway sources: - https://github.com/prometheus/pushgateway -version: 1.16.1 +version: 1.18.2 diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/_helpers.tpl b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/_helpers.tpl index f6e4690..10bf4ed 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/_helpers.tpl +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/_helpers.tpl @@ -50,7 +50,8 @@ Create default labels {{- $labelChart := include "prometheus-pushgateway.chart" $ -}} {{- $labelApp := include "prometheus-pushgateway.name" $ -}} {{- $labels := dict "app" $labelApp "chart" $labelChart "release" .Release.Name "heritage" .Release.Service -}} -{{ merge .extraLabels $labels | toYaml | indent 4 }} +{{- $indent := .indent | default 4 -}} +{{ merge .extraLabels $labels | toYaml | indent $indent }} {{- end -}} {{/* @@ -63,3 +64,90 @@ Return the appropriate apiVersion for networkpolicy. {{- print "networking.k8s.io/v1" -}} {{- end -}} {{- end -}} + +{{/* +Returns pod spec +*/}} +{{- define "prometheus-pushgateway.podSpec" -}} + serviceAccountName: {{ template "prometheus-pushgateway.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + containers: + {{- if .Values.extraContainers }} +{{ toYaml .Values.extraContainers | indent 8 }} + {{- end }} + - name: pushgateway + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.extraVars }} + env: +{{ toYaml .Values.extraVars | indent 12 }} + {{- end }} + {{- if .Values.extraArgs }} + args: +{{ toYaml .Values.extraArgs | indent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: 9091 + protocol: TCP +{{- if .Values.liveness.enabled }} + livenessProbe: +{{ toYaml .Values.liveness.probe | indent 12 }} + {{- end }} +{{- if .Values.readiness.enabled }} + readinessProbe: +{{ toYaml .Values.readiness.probe | indent 12 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.containerSecurityContext }} + securityContext: +{{ toYaml .Values.containerSecurityContext | indent 12 }} + {{- end }} + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.persistentVolume.mountPath }}" + subPath: "{{ .Values.persistentVolume.subPath }}" + {{- if .Values.extraVolumeMounts }} +{{ toYaml .Values.extraVolumeMounts | indent 12 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} + {{- end }} + volumes: + {{- $storageVolumeAsPVCTemplate := and .Values.runAsStatefulSet .Values.persistentVolume.enabled -}} + {{- if not $storageVolumeAsPVCTemplate }} + - name: storage-volume + {{- if .Values.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus-pushgateway.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- end -}} + {{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes | indent 8 }} + {{- else if $storageVolumeAsPVCTemplate }} + [] + {{- end }} + +{{- end }} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/deployment.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/deployment.yaml index eb8e5c5..8355fa0 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/deployment.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.runAsStatefulSet }} apiVersion: apps/v1 kind: Deployment metadata: @@ -18,80 +19,9 @@ spec: template: metadata: labels: - app: {{ template "prometheus-pushgateway.name" . }} - release: {{ .Release.Name }} +{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.podLabels "indent" 8) . }} annotations: {{ toYaml .Values.podAnnotations | indent 8 }} spec: - serviceAccountName: {{ template "prometheus-pushgateway.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - containers: - - name: pushgateway - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.extraVars }} - env: -{{ toYaml .Values.extraVars | indent 12 }} - {{- end }} - {{- if .Values.extraArgs }} - args: -{{ toYaml .Values.extraArgs | indent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: 9091 - protocol: TCP -{{- if .Values.liveness.enabled }} - livenessProbe: -{{ toYaml .Values.liveness.probe | indent 12 }} - {{- end }} -{{- if .Values.readiness.enabled }} - readinessProbe: -{{ toYaml .Values.readiness.probe | indent 12 }} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- if .Values.containerSecurityContext }} - securityContext: -{{ toYaml .Values.containerSecurityContext | indent 12 }} - {{- end }} - volumeMounts: - - name: storage-volume - mountPath: "{{ .Values.persistentVolume.mountPath }}" - subPath: "{{ .Values.persistentVolume.subPath }}" - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 12 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - {{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - {{- end }} - volumes: - - name: storage-volume - {{- if .Values.persistentVolume.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus-pushgateway.fullname" . }}{{- end }} - {{- else}} - emptyDir: {} - {{- end -}} - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 8 }} - {{- end }} + {{ include "prometheus-pushgateway.podSpec" . }} +{{- end -}} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pdb.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pdb.yaml index b00bce1..f316d7c 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pdb.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pdb.yaml @@ -1,5 +1,9 @@ {{- if .Values.podDisruptionBudget -}} +{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} +apiVersion: policy/v1 +{{- else -}} apiVersion: policy/v1beta1 +{{- end }} kind: PodDisruptionBudget metadata: name: {{ template "prometheus-pushgateway.fullname" . }} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml index 119b94f..0640bdd 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/pushgateway-pvc.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.runAsStatefulSet -}} {{- if .Values.persistentVolume.enabled -}} {{- if not .Values.persistentVolume.existingClaim -}} apiVersion: v1 @@ -26,3 +27,4 @@ spec: storage: "{{ .Values.persistentVolume.size }}" {{- end -}} {{- end -}} +{{- end -}} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/service.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/service.yaml index 73c5a0d..a8ab0c7 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/service.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/service.yaml @@ -8,8 +8,10 @@ metadata: labels: {{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.serviceLabels) . }} spec: -{{- if .Values.service.clusterIP }} +{{- if .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }} +{{ else if .Values.runAsStatefulSet }} + clusterIP: None # Headless service {{- end }} type: {{ .Values.service.type }} {{- if .Values.service.loadBalancerIP }} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/serviceaccount.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/serviceaccount.yaml index cef76c6..7ccd0dd 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/serviceaccount.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/serviceaccount.yaml @@ -6,4 +6,8 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.serviceAccountLabels) . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} {{- end -}} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/servicemonitor.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/servicemonitor.yaml index 9cd1c63..28e810c 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/servicemonitor.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/servicemonitor.yaml @@ -14,6 +14,15 @@ spec: {{- if .Values.serviceMonitor.interval }} interval: {{ .Values.serviceMonitor.interval }} {{- end }} + {{- if .Values.serviceMonitor.scheme }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.serviceMonitor.bearerTokenFile }} + {{- end }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} {{- if .Values.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} {{- end }} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/statefulset.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/statefulset.yaml new file mode 100644 index 0000000..9cffb5a --- /dev/null +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/templates/statefulset.yaml @@ -0,0 +1,47 @@ +{{- if .Values.runAsStatefulSet }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "prometheus-pushgateway.fullname" . }} + labels: +{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.podLabels) . }} +spec: + replicas: {{ .Values.replicaCount }} + serviceName: {{ template "prometheus-pushgateway.fullname" . }} + selector: + matchLabels: + app: {{ template "prometheus-pushgateway.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: +{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.podLabels "indent" 8) . }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + spec: + {{ include "prometheus-pushgateway.podSpec" . }} + {{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - metadata: + {{- if .Values.persistentVolume.annotations }} + annotations: + {{ toYaml .Values.persistentVolume.annotations | indent 10 }} + {{- end }} + labels: +{{ template "prometheus-pushgateway.defaultLabels" merge (dict "extraLabels" .Values.persistentVolumeLabels "indent" 10) . }} + name: storage-volume + spec: + accessModes: + {{ toYaml .Values.persistentVolume.accessModes }} + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} + {{- end }} + resources: + requests: + storage: "{{ .Values.persistentVolume.size }}" + {{- end }} +{{- end -}} diff --git a/charts/kubezero-metrics/charts/prometheus-pushgateway/values.yaml b/charts/kubezero-metrics/charts/prometheus-pushgateway/values.yaml index ecc536b..5bb8eb2 100644 --- a/charts/kubezero-metrics/charts/prometheus-pushgateway/values.yaml +++ b/charts/kubezero-metrics/charts/prometheus-pushgateway/values.yaml @@ -56,6 +56,28 @@ extraVars: [] ## - --persistence.interval=5m extraArgs: [] +# Optional additional containers (sidecar) +extraContainers: [] + # - name: oAuth2-proxy + # args: + # - -https-address=:9092 + # - -upstream=http://localhost:9091 + # - -skip-auth-regex=^/metrics + # - -openshift-delegate-urls={"/":{"group":"monitoring.coreos.com","resource":"prometheuses","verb":"get"}} + # image: openshift/oauth-proxy:v1.1.0 + # ports: + # - containerPort: 9092 + # name: proxy + # resources: + # limits: + # memory: 16Mi + # requests: + # memory: 4Mi + # cpu: 20m + # volumeMounts: + # - mountPath: /etc/prometheus/secrets/pushgateway-tls + # name: secret-pushgateway-tls + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -137,6 +159,12 @@ nodeSelector: {} replicaCount: 1 +## When running more than one replica alongside with persistence, different volumes are needed +## per replica, since sharing a `persistence.file` across replicas does not keep metrics synced. +## For this purpose, you can enable the `runAsStatefulSet` to deploy the pushgateway as a +## StatefulSet instead of as a Deployment. +runAsStatefulSet: false + ## Security context to be added to push-gateway pods ## securityContext: @@ -164,6 +192,14 @@ serviceMonitor: # Fallback to the prometheus default unless specified # interval: 10s + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + # scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + # tlsConfig: {} + + # bearerTokenFile: # Fallback to the prometheus default unless specified # scrapeTimeout: 30s diff --git a/charts/kubezero-metrics/jsonnet/build.sh b/charts/kubezero-metrics/jsonnet/build.sh index c00c301..016ed71 100755 --- a/charts/kubezero-metrics/jsonnet/build.sh +++ b/charts/kubezero-metrics/jsonnet/build.sh @@ -10,5 +10,5 @@ if [ -r jsonnetfile.lock.json ]; then jb update else #jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main - jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.10 + jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.11 fi diff --git a/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json b/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json index e97ee29..35d1520 100644 --- a/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json +++ b/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "b872757492ca70f350abd44eb95d81b95339f581", + "version": "74aa38ec10bc22d34ffd204f46df6e460b78d855", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "6db00c292d3a1c71661fc875f90e0ec7caa538c2", - "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w=" + "version": "30280196507e0fe6fa978a3e0eaca3a62844f817", + "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc=" }, { "source": { @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "5fb2525651cc6e5100e081b10ad9fbe7e3595231", - "sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc=" + "version": "c132c4afcf17491718539db4c2d94c0ea4346120", + "sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "62ad10fe9ceb53c6b846871997abbfe8e0bd7cf5", + "version": "eb98d4f74e8ac9c30b1f0e815b07bed31da76c8f", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { diff --git a/charts/kubezero-metrics/zdt.patch b/charts/kubezero-metrics/zdt.patch index 19a403f..9a56660 100644 --- a/charts/kubezero-metrics/zdt.patch +++ b/charts/kubezero-metrics/zdt.patch @@ -4,7 +4,7 @@ diff -tuNr charts/kube-prometheus-stack.orig/crds/crd-prometheuses.yaml charts/k @@ -6,6 +6,7 @@ metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.2 + argocd.argoproj.io/sync-options: Replace=true creationTimestamp: null name: prometheuses.monitoring.coreos.com diff --git a/charts/kubezero-network/Chart.yaml b/charts/kubezero-network/Chart.yaml index 5ae0c26..0694542 100644 --- a/charts/kubezero-network/Chart.yaml +++ b/charts/kubezero-network/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-network description: KubeZero umbrella chart for all things network type: application -version: 0.3.0 +version: 0.3.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -19,11 +19,11 @@ dependencies: version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: cilium - version: 1.11.6 + version: 1.12.1 repository: https://helm.cilium.io/ condition: cilium.enabled - name: metallb - version: 0.13.3 + version: 0.13.4 repository: https://metallb.github.io/metallb condition: metallb.enabled - name: calico diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md index 5cd4afe..ca8b01b 100644 --- a/charts/kubezero-network/README.md +++ b/charts/kubezero-network/README.md @@ -1,6 +1,6 @@ # kubezero-network -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things network @@ -19,26 +19,42 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| | | calico | 0.2.2 | -| https://helm.cilium.io/ | cilium | 1.11.3 | -| https://metallb.github.io/metallb | metallb | 0.10.2 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | +| https://helm.cilium.io/ | cilium | 1.12.1 | +| https://metallb.github.io/metallb | metallb | 0.13.4 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | calico.enabled | bool | `false` | | -| cilium.cni.exclusive | bool | `true` | | +| cilium.cgroup.autoMount.enabled | bool | `false` | | +| cilium.cgroup.hostRoot | string | `"/sys/fs/cgroup"` | | +| cilium.cluster.id | int | `1` | | +| cilium.cluster.name | string | `"default"` | | +| cilium.cni.binPath | string | `"/usr/libexec/cni"` | | +| cilium.cni.exclusive | bool | `false` | | | cilium.enabled | bool | `false` | | +| cilium.hostServices.enabled | bool | `true` | | | cilium.hubble.enabled | bool | `false` | | +| cilium.ipam.operator.clusterPoolIPv4PodCIDRList[0] | string | `"10.0.0.0/16"` | | +| cilium.l7Proxy | bool | `false` | | +| cilium.nodePort.enabled | bool | `true` | | +| cilium.operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | cilium.operator.replicas | int | `1` | | +| cilium.operator.tolerations[0].effect | string | `"NoSchedule"` | | +| cilium.operator.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | cilium.prometheus.enabled | bool | `false` | | | cilium.prometheus.port | int | `9091` | | | cilium.tunnel | string | `"geneve"` | | -| metallb.configInline | object | `{}` | | | metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | | | metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | metallb.enabled | bool | `false` | | +| metallb.ipAddressPools | list | `[]` | | | metallb.psp.create | bool | `false` | | +| multus.clusterNetwork | string | `"calico"` | | +| multus.defaultNetworks | list | `[]` | | | multus.enabled | bool | `false` | | -| multus.tag | string | `"v3.8.1"` | | +| multus.readinessindicatorfile | string | `"/etc/cni/net.d/10-calico.conflist"` | | +| multus.tag | string | `"v3.9.1"` | | diff --git a/charts/kubezero-network/templates/multus/config.yaml b/charts/kubezero-network/templates/multus/config.yaml index 2bc4851..6cb9096 100644 --- a/charts/kubezero-network/templates/multus/config.yaml +++ b/charts/kubezero-network/templates/multus/config.yaml @@ -13,7 +13,8 @@ data: "type": "multus", "cniVersion": "0.3.1", "capabilities": { - "portMappings": true + "portMappings": true, + "bandwidth": true }, "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig", "clusterNetwork": {{ .Values.multus.clusterNetwork | quote }}, diff --git a/charts/kubezero-network/values.yaml b/charts/kubezero-network/values.yaml index 47fddc4..425e475 100644 --- a/charts/kubezero-network/values.yaml +++ b/charts/kubezero-network/values.yaml @@ -18,7 +18,7 @@ metallb: multus: enabled: false - tag: "v3.9" + tag: "v3.9.1" clusterNetwork: "calico" defaultNetworks: [] diff --git a/charts/kubezero-storage/Chart.yaml b/charts/kubezero-storage/Chart.yaml index 2733645..cbfe3ea 100644 --- a/charts/kubezero-storage/Chart.yaml +++ b/charts/kubezero-storage/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-storage description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini type: application -version: 0.6.4 +version: 0.7.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -17,22 +17,22 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: lvm-localpv - version: 0.9.0 + version: 1.0.0 condition: lvm-localpv.enabled - # repository: https://openebs.github.io/lvm-localpv + # we patch: repository: https://openebs.github.io/lvm-localpv - name: gemini version: 1.0.0 condition: gemini.enabled # repository: https://charts.fairwinds.com/stable - name: aws-ebs-csi-driver - version: 2.6.7 + version: 2.10.1 condition: aws-ebs-csi-driver.enabled # repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver - name: aws-efs-csi-driver - version: 2.2.6 + version: 2.2.7 condition: aws-efs-csi-driver.enabled # repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-storage/README.md b/charts/kubezero-storage/README.md index ba9ca5a..6aa1979 100644 --- a/charts/kubezero-storage/README.md +++ b/charts/kubezero-storage/README.md @@ -1,6 +1,6 @@ # kubezero-storage -![Version: 0.6.4](https://img.shields.io/badge/Version-0.6.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini @@ -18,11 +18,11 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | aws-ebs-csi-driver | 2.6.7 | -| | aws-efs-csi-driver | 2.2.6 | +| | aws-ebs-csi-driver | 2.10.1 | +| | aws-efs-csi-driver | 2.2.7 | | | gemini | 1.0.0 | -| | lvm-localpv | 0.9.0 | -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | +| | lvm-localpv | 1.0.0 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | ## Values @@ -38,7 +38,6 @@ Kubernetes: `>= 1.20.0` | aws-ebs-csi-driver.controller.tolerations[0].effect | string | `"NoSchedule"` | | | aws-ebs-csi-driver.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | aws-ebs-csi-driver.enabled | bool | `false` | | -| aws-ebs-csi-driver.image.tag | string | `"v1.5.3"` | | | aws-ebs-csi-driver.node.resources.limits.memory | string | `"32Mi"` | | | aws-ebs-csi-driver.node.resources.requests.cpu | string | `"10m"` | | | aws-ebs-csi-driver.node.resources.requests.memory | string | `"16Mi"` | | diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md b/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md index 3f8559a..cbe7b1f 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md @@ -1,5 +1,54 @@ # Helm chart +## v2.10.1 +* Bump app/driver to version `v1.11.2` + +## 2.10.0 +* Implement securityContext for containers +* Add securityContext for node pod +* Utilize more secure defaults for securityContext + +## v2.9.0 +* Bump app/driver to version `v1.10.0` +* Feature: Reference `configMaps` across multiple resources using `envFrom` ([#1312](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1312), [@jebbens](https://github.com/jebbens)) + +## v2.8.1 +* Bump app/driver to version `v1.9.0` +* Update livenessprobe to version `v2.6.0` + +## v2.8.0 +* Feature: Support custom affinity definition on node daemon set ([#1277](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1277), [@vauchok](https://github.com/vauchok)) + +## v2.7.1 +* Bump app/driver to version `v1.8.0` + +## v2.7.0 +* Support optional ec2 endpoint configuration. +* Fix node driver registrar socket path. +* Fix hardcoded kubelet path. + +## v2.6.11 +* Bump app/driver to version `v1.7.0` +* Set handle-volume-inuse-error to `false` + +## v2.6.10 + +* Add quotes around the `extra-tags` argument in order to prevent special characters such as `":"` from breaking the manifest YAML after template rendering. + +## v2.6.9 + +* Update csi-snapshotter to version `v6.0.1` +* Update external-attacher to version `v3.4.0` +* Update external-resizer to version `v1.4.0` +* Update external-provisioner to version `v3.1.0` +* Update node-driver-registrar to version `v2.5.1` +* Update livenessprobe to version `v2.5.0` + +## v2.6.8 + +* Bump app/driver to version `v1.6.2` +* Bump sidecar version for nodeDriverRegistrar, provisioner to be consistent with EKS CSI Driver Add-on + ## v2.6.7 * Bump app/driver to version `v1.6.1` diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml index a772ac3..3fc90af 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml @@ -3,7 +3,7 @@ annotations: - kind: added description: Custom controller.updateStrategy to set controller deployment strategy. apiVersion: v2 -appVersion: 1.6.1 +appVersion: 1.11.2 description: A Helm chart for AWS EBS CSI Driver home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver keywords: @@ -19,4 +19,4 @@ maintainers: name: aws-ebs-csi-driver sources: - https://github.com/kubernetes-sigs/aws-ebs-csi-driver -version: 2.6.7 +version: 2.10.1 diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/_helpers.tpl b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/_helpers.tpl index f7b2358..42fc138 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/_helpers.tpl +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/_helpers.tpl @@ -68,7 +68,7 @@ Convert the `--extra-tags` command line arg from a map. {{- $noop := printf "%s=%v" $key $value | append $result.pairs | set $result "pairs" -}} {{- end -}} {{- if gt (len $result.pairs) 0 -}} -{{- printf "%s=%s" "- --extra-tags" (join "," $result.pairs) -}} +{{- printf "- \"--extra-tags=%s\"" (join "," $result.pairs) -}} {{- end -}} {{- end -}} diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml index d0c3fc9..38e688a 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml @@ -21,7 +21,7 @@ rules: verbs: [ "get", "list", "watch" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotcontents" ] - verbs: [ "create", "get", "list", "watch", "update", "delete" ] + verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotcontents/status" ] verbs: [ "update" ] diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/controller.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/controller.yaml index e101c1a..08ff765 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/controller.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/controller.yaml @@ -61,7 +61,7 @@ spec: {{- with .Values.controller.securityContext }} securityContext: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} containers: - name: ebs-plugin image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }} @@ -106,6 +106,12 @@ spec: name: aws-secret key: access_key optional: true + - name: AWS_EC2_ENDPOINT + valueFrom: + configMapKeyRef: + name: aws-meta + key: endpoint + optional: true {{- with .Values.controller.region }} - name: AWS_REGION value: {{ . }} @@ -116,6 +122,10 @@ spec: {{- with .Values.controller.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -146,6 +156,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} - name: csi-provisioner image: {{ printf "%s:%s" .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }} @@ -167,6 +181,10 @@ spec: {{- with .Values.sidecars.provisioner.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -174,6 +192,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.provisioner.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} - name: csi-attacher image: {{ printf "%s:%s" .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }} @@ -190,6 +212,10 @@ spec: {{- with .Values.sidecars.attacher.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -197,6 +223,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.attacher.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if or (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }} - name: csi-snapshotter image: {{ printf "%s:%s" .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }} @@ -213,6 +243,10 @@ spec: {{- with .Values.sidecars.snapshotter.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -220,6 +254,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.snapshotter.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} - name: csi-resizer image: {{ printf "%s:%s" .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }} @@ -227,6 +265,7 @@ spec: args: - --csi-address=$(ADDRESS) - --v={{ .Values.sidecars.resizer.logLevel }} + - --handle-volume-inuse-error=false env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -236,6 +275,10 @@ spec: {{- with .Values.sidecars.resizer.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -243,11 +286,19 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.resizer.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} - name: liveness-probe image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} args: - --csi-address=/csi/csi.sock + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /csi @@ -255,6 +306,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.livenessProbe.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node-windows.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node-windows.yaml index 513817b..636dac0 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node-windows.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node-windows.yaml @@ -26,15 +26,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate + {{- with .Values.node.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} nodeSelector: kubernetes.io/os: windows {{- with .Values.node.nodeSelector }} diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node.yaml index 339a588..f8d8569 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/node.yaml @@ -26,15 +26,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate + {{- with .Values.node.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} nodeSelector: kubernetes.io/os: linux {{- with .Values.node.nodeSelector }} @@ -55,10 +49,12 @@ spec: {{- with .Values.node.tolerations }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.node.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: ebs-plugin - securityContext: - privileged: true image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: @@ -82,9 +78,13 @@ spec: {{- with .Values.node.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: kubelet-dir - mountPath: /var/lib/kubelet + mountPath: {{ .Values.node.kubeletPath }} mountPropagation: "Bidirectional" - name: plugin-dir mountPath: /csi @@ -106,6 +106,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.node.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} - name: node-driver-registrar image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} @@ -117,13 +121,17 @@ spec: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + value: {{ printf "%s/plugins/ebs.csi.aws.com/csi.sock" (trimSuffix "/" .Values.node.kubeletPath) }} {{- if .Values.proxy.http_proxy }} {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} {{- end }} {{- with .Values.sidecars.nodeDriverRegistrar.env }} {{- . | toYaml | nindent 12 }} {{- end }} + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: plugin-dir mountPath: /csi @@ -133,11 +141,19 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.nodeDriverRegistrar.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} - name: liveness-probe image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} args: - --csi-address=/csi/csi.sock + envFrom: + {{- with .Values.controller.envFrom }} + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: plugin-dir mountPath: /csi @@ -145,6 +161,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.sidecars.livenessProbe.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml index 98611fb..a5b1102 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml @@ -11,8 +11,8 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- if eq .Release.Name "kustomize" }} - #Enable if EKS IAM for SA is used + #Enable if EKS IAM roles for service accounts (IRSA) is used. See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html for details. #annotations: - # eks.amazonaws.com/role-arn: arn:aws:iam::586565787010:role/ebs-csi-role + # eks.amazonaws.com/role-arn: arn::iam:::role/ebs-csi-role {{- end }} {{- end -}} diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/values.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/values.yaml index 2a9d634..2d7076c 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/values.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/values.yaml @@ -19,47 +19,65 @@ sidecars: image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-provisioner - tag: "v2.1.1" + tag: "v3.1.0" logLevel: 2 resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false attacher: env: [] image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-attacher - tag: "v3.1.0" + tag: "v3.4.0" logLevel: 2 resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false snapshotter: env: [] image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-snapshotter - tag: "v3.0.3" + tag: "v6.0.1" logLevel: 2 resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false livenessProbe: image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/livenessprobe - tag: "v2.4.0" + tag: "v2.6.0" resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false resizer: env: [] image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-resizer - tag: "v1.1.0" + tag: "v1.4.0" logLevel: 2 resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false nodeDriverRegistrar: env: [] image: pullPolicy: IfNotPresent repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar - tag: "v2.1.0" + tag: "v2.5.1" logLevel: 2 resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false proxy: http_proxy: @@ -77,6 +95,8 @@ controller: # If the default is not set and fstype is unset in the StorageClass, then no fstype will be set defaultFsType: ext4 env: [] + # Use envFrom to reference ConfigMaps and Secrets across all containers in the deployment + envFrom: [] # If set, add pv/pvc metadata to plugin create requests as parameters. extraCreateMetadata: true # Extra volume tags to attach to each dynamically provisioned volume. @@ -134,15 +154,32 @@ controller: # topologyKey: kubernetes.io/hostname # whenUnsatisfiable: ScheduleAnyway topologySpreadConstraints: [] - securityContext: {} - # AWS EKS /var/run/secrets/eks.amazonaws.com/serviceaccount/token FS group is nogroup (65534) - required for Kubernetes 1.18.x and below - # fsGroup: 65534 + # securityContext on the controller pod + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + # securityContext on the controller container (see sidecars for securityContext on sidecar containers) + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false node: env: [] + envFrom: [] kubeletPath: /var/lib/kubelet logLevel: 2 priorityClassName: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate nodeSelector: {} podAnnotations: {} podLabels: {} @@ -160,6 +197,17 @@ node: type: RollingUpdate rollingUpdate: maxUnavailable: "10%" + # securityContext on the node pod + securityContext: + # The node pod must be run as root to bind to the registration/driver sockets + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + # securityContext on the node container (see sidecars for securityContext on sidecar containers) + containerSecurityContext: + readOnlyRootFilesystem: true + privileged: true storageClasses: [] # Add StorageClass resources like: diff --git a/charts/kubezero-storage/charts/aws-efs-csi-driver/CHANGELOG.md b/charts/kubezero-storage/charts/aws-efs-csi-driver/CHANGELOG.md index 7e4f4e4..4be8498 100644 --- a/charts/kubezero-storage/charts/aws-efs-csi-driver/CHANGELOG.md +++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/CHANGELOG.md @@ -1,12 +1,15 @@ # Helm chart +# v2.2.7 +* Bump app/driver version to `v1.4.0` # v2.2.6 * Bump app/driver version to `v1.3.8` - # v2.2.5 * Bump app/driver version to `v1.3.7` +# v2.2.4 +* Add STS regional endpoints flag to fix PV creation on private EKS # v2.2.3 * Bump app/driver version to `v1.3.6` diff --git a/charts/kubezero-storage/charts/aws-efs-csi-driver/Chart.yaml b/charts/kubezero-storage/charts/aws-efs-csi-driver/Chart.yaml index d6f6ad8..63f8626 100644 --- a/charts/kubezero-storage/charts/aws-efs-csi-driver/Chart.yaml +++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.3.8 +appVersion: 1.4.0 description: A Helm chart for AWS EFS CSI Driver home: https://github.com/kubernetes-sigs/aws-efs-csi-driver keywords: @@ -15,4 +15,4 @@ maintainers: name: aws-efs-csi-driver sources: - https://github.com/kubernetes-sigs/aws-efs-csi-driver -version: 2.2.6 +version: 2.2.7 diff --git a/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-deployment.yaml b/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-deployment.yaml index c27e1de..06b76e7 100644 --- a/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-deployment.yaml +++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-deployment.yaml @@ -27,7 +27,6 @@ spec: annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: - hostNetwork: true {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} @@ -58,9 +57,18 @@ spec: {{- end }} - --v={{ .Values.controller.logLevel }} - --delete-access-point-root-dir={{ hasKey .Values.controller "deleteAccessPointRootDir" | ternary .Values.controller.deleteAccessPointRootDir false }} + - --vol-metrics-opt-in={{ hasKey .Values.controller "volMetricsOptIn" | ternary .Values.controller.volMetricsOptIn false }} env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + {{- if .Values.controller.regionalStsEndpoints }} + - name: AWS_STS_REGIONAL_ENDPOINTS + value: regional + {{- end }} + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName {{- if .Values.controller.extraEnv }} {{- toYaml .Values.controller.extraEnv | nindent 12 }} {{- end }} diff --git a/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml b/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml index 3369d14..bc1d11d 100644 --- a/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml +++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml @@ -43,6 +43,7 @@ rules: # - apiGroups: [ "" ] # resources: [ "secrets" ] # verbs: [ "get", "watch", "list" ] + --- kind: ClusterRoleBinding diff --git a/charts/kubezero-storage/charts/aws-efs-csi-driver/values.yaml b/charts/kubezero-storage/charts/aws-efs-csi-driver/values.yaml index ba78f9d..511d70e 100644 --- a/charts/kubezero-storage/charts/aws-efs-csi-driver/values.yaml +++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/values.yaml @@ -9,26 +9,26 @@ replicaCount: 2 image: repository: amazon/aws-efs-csi-driver - tag: "v1.3.8" + tag: "v1.4.0" pullPolicy: IfNotPresent sidecars: livenessProbe: image: repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe - tag: v2.2.0-eks-1-18-2 + tag: v2.2.0-eks-1-18-13 pullPolicy: IfNotPresent resources: {} nodeDriverRegistrar: image: repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar - tag: v2.1.0-eks-1-18-2 + tag: v2.1.0-eks-1-18-13 pullPolicy: IfNotPresent resources: {} csiProvisioner: image: repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner - tag: v2.1.1-eks-1-18-2 + tag: v2.1.1-eks-1-18-13 pullPolicy: IfNotPresent resources: {} @@ -51,6 +51,7 @@ controller: # Enable if you want the controller to also delete the # path on efs when deleteing an access point deleteAccessPointRootDir: false + volMetricsOptIn: false podAnnotations: {} resources: {} @@ -75,7 +76,7 @@ controller: ## Enable if EKS IAM for SA is used # eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role healthPort: 9909 - + regionalStsEndpoints: false ## Node daemonset variables node: diff --git a/charts/kubezero-storage/charts/lvm-localpv/Chart.yaml b/charts/kubezero-storage/charts/lvm-localpv/Chart.yaml index 9b02406..26fb157 100644 --- a/charts/kubezero-storage/charts/lvm-localpv/Chart.yaml +++ b/charts/kubezero-storage/charts/lvm-localpv/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.9.0 +appVersion: 1.0.0 description: CSI Driver for dynamic provisioning of LVM Persistent Local Volumes. home: http://www.openebs.io/ icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png @@ -20,4 +20,4 @@ maintainers: name: lvm-localpv sources: - https://github.com/openebs/lvm-localpv -version: 0.9.0 +version: 1.0.0 diff --git a/charts/kubezero-storage/charts/lvm-localpv/README.md b/charts/kubezero-storage/charts/lvm-localpv/README.md index 0a06548..c5f7c69 100644 --- a/charts/kubezero-storage/charts/lvm-localpv/README.md +++ b/charts/kubezero-storage/charts/lvm-localpv/README.md @@ -100,7 +100,7 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene | `lvmPlugin.image.registry`| Registry for openebs-lvm-plugin image| `""`| | `lvmPlugin.image.repository`| Image repository for openebs-lvm-plugin| `openebs/lvm-driver`| | `lvmPlugin.image.pullPolicy`| Image pull policy for openebs-lvm-plugin| `IfNotPresent`| -| `lvmPlugin.image.tag`| Image tag for openebs-lvm-plugin| `0.9.0`| +| `lvmPlugin.image.tag`| Image tag for openebs-lvm-plugin| `1.0.0`| | `lvmPlugin.metricsPort`| The TCP port number used for exposing lvm-metrics | `9500`| | `lvmPlugin.allowedTopologies`| The comma seperated list of allowed node topologies | `kubernetes.io/hostname,`| | `lvmNode.driverRegistrar.image.registry`| Registry for csi-node-driver-registrar image| `k8s.gcr.io/`| diff --git a/charts/kubezero-storage/charts/lvm-localpv/values.yaml b/charts/kubezero-storage/charts/lvm-localpv/values.yaml index a87ecad..04461db 100644 --- a/charts/kubezero-storage/charts/lvm-localpv/values.yaml +++ b/charts/kubezero-storage/charts/lvm-localpv/values.yaml @@ -2,7 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. release: - version: "0.9.0" + version: "1.0.0" imagePullSecrets: # - name: "image-pull-secret" @@ -135,7 +135,7 @@ lvmPlugin: repository: openebs/lvm-driver pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: 0.9.0 + tag: 1.0.0 ioLimits: enabled: false containerRuntime: containerd diff --git a/charts/kubezero-storage/efs.patch b/charts/kubezero-storage/efs.patch index d6d98f2..e7c5168 100644 --- a/charts/kubezero-storage/efs.patch +++ b/charts/kubezero-storage/efs.patch @@ -1,6 +1,6 @@ diff -tuNr charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml charts/aws-efs-csi-driver/templates/controller-deployment.yaml ---- charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml 2022-04-28 01:41:15.000000000 +0200 -+++ charts/aws-efs-csi-driver/templates/controller-deployment.yaml 2022-05-05 17:10:49.708746126 +0200 +--- charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml 2022-08-24 13:58:54.208936918 +0200 ++++ charts/aws-efs-csi-driver/templates/controller-deployment.yaml 2022-08-24 14:02:53.031437096 +0200 @@ -13,6 +13,10 @@ app: efs-csi-controller app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }} @@ -12,10 +12,10 @@ diff -tuNr charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml c template: metadata: labels: -@@ -57,9 +61,14 @@ - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock +@@ -65,9 +69,14 @@ + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.controller.extraEnv }} + {{- toYaml .Values.controller.extraEnv | nindent 12 }} + {{- end }} @@ -27,7 +27,7 @@ diff -tuNr charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml c ports: - name: healthz containerPort: {{ .Values.controller.healthPort }} -@@ -110,6 +119,13 @@ +@@ -118,6 +127,13 @@ volumes: - name: socket-dir emptyDir: {} @@ -42,8 +42,8 @@ diff -tuNr charts/aws-efs-csi-driver.orig/templates/controller-deployment.yaml c affinity: {{- toYaml . | nindent 8 }} {{- end }} diff -tuNr charts/aws-efs-csi-driver.orig/templates/node-daemonset.yaml charts/aws-efs-csi-driver/templates/node-daemonset.yaml ---- charts/aws-efs-csi-driver.orig/templates/node-daemonset.yaml 2022-04-28 01:41:15.000000000 +0200 -+++ charts/aws-efs-csi-driver/templates/node-daemonset.yaml 2022-05-05 17:09:28.361227665 +0200 +--- charts/aws-efs-csi-driver.orig/templates/node-daemonset.yaml 2022-08-24 13:58:54.208936918 +0200 ++++ charts/aws-efs-csi-driver/templates/node-daemonset.yaml 2022-08-24 14:03:42.095284086 +0200 @@ -40,15 +40,10 @@ {{- with .Values.node.nodeSelector }} {{- toYaml . | nindent 8 }} diff --git a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json index 586b369..a38a3a4 100644 --- a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json +++ b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "8453b10e580cc8f44922d8aa89ededba08d6089c", + "version": "74aa38ec10bc22d34ffd204f46df6e460b78d855", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -28,8 +28,8 @@ "subdir": "grafonnet" } }, - "version": "6db00c292d3a1c71661fc875f90e0ec7caa538c2", - "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w=" + "version": "30280196507e0fe6fa978a3e0eaca3a62844f817", + "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc=" }, { "source": { @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "2e980525502eda008cfb88a5672bd70d7d411fda", - "sum": "TieGrr7GyKjURk1+wXHFpdoCiwNaIVfZvyc5mbI9OM0=" + "version": "c132c4afcf17491718539db4c2d94c0ea4346120", + "sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "62ad10fe9ceb53c6b846871997abbfe8e0bd7cf5", + "version": "eb98d4f74e8ac9c30b1f0e815b07bed31da76c8f", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { diff --git a/charts/kubezero-storage/values.yaml b/charts/kubezero-storage/values.yaml index b591a40..974db46 100644 --- a/charts/kubezero-storage/values.yaml +++ b/charts/kubezero-storage/values.yaml @@ -65,8 +65,8 @@ aws-ebs-csi-driver: # starting with 1.6 the ebs-plugin panics with "could not get number of attached ENIs" # somewhere related to metadata / volumeattach limits and nitro instances ... AWS as usual - image: - tag: v1.5.3 + #image: + # tag: v1.5.3 controller: replicaCount: 1 diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index cfe0737..f15917a 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.22.8-10 +version: 1.23.10 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -13,6 +13,6 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.4" + version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index 49ef132..e87677a 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -1,6 +1,6 @@ # kubezero -![Version: 1.22.8-10](https://img.shields.io/badge/Version-1.22.8--10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 1.23.10](https://img.shields.io/badge/Version-1.23.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero - Root App of Apps chart @@ -18,7 +18,7 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.4 | +| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.5 | ## Values @@ -26,46 +26,46 @@ Kubernetes: `>= 1.20.0` |-----|------|---------|-------------| | HighAvailableControlplane | bool | `false` | | | addons.enabled | bool | `false` | | -| addons.targetRevision | string | `"0.5.5"` | | +| addons.targetRevision | string | `"0.6.0"` | | | argocd.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | | | argocd.namespace | string | `"argocd"` | | -| argocd.targetRevision | string | `"0.10.1"` | | +| argocd.targetRevision | string | `"0.10.2"` | | | cert-manager.enabled | bool | `false` | | | cert-manager.namespace | string | `"cert-manager"` | | -| cert-manager.targetRevision | string | `"0.9.1"` | | +| cert-manager.targetRevision | string | `"0.9.2"` | | | istio-ingress.chart | string | `"kubezero-istio-gateway"` | | | istio-ingress.enabled | bool | `false` | | | istio-ingress.gateway.service | object | `{}` | | | istio-ingress.namespace | string | `"istio-ingress"` | | -| istio-ingress.targetRevision | string | `"0.8.1"` | | +| istio-ingress.targetRevision | string | `"0.8.2"` | | | istio-private-ingress.chart | string | `"kubezero-istio-gateway"` | | | istio-private-ingress.enabled | bool | `false` | | | istio-private-ingress.gateway.service | object | `{}` | | | istio-private-ingress.namespace | string | `"istio-ingress"` | | -| istio-private-ingress.targetRevision | string | `"0.8.0"` | | +| istio-private-ingress.targetRevision | string | `"0.8.2"` | | | istio.enabled | bool | `false` | | | istio.namespace | string | `"istio-system"` | | -| istio.targetRevision | string | `"0.8.1"` | | +| istio.targetRevision | string | `"0.8.2"` | | | kubezero.defaultTargetRevision | string | `"*"` | | | kubezero.gitSync | object | `{}` | | | kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` | | | kubezero.server | string | `"https://kubernetes.default.svc"` | | | logging.enabled | bool | `false` | | | logging.namespace | string | `"logging"` | | -| logging.targetRevision | string | `"0.8.1"` | | +| logging.targetRevision | string | `"0.8.2"` | | | metrics.enabled | bool | `false` | | | metrics.istio.grafana | object | `{}` | | | metrics.istio.prometheus | object | `{}` | | | metrics.namespace | string | `"monitoring"` | | -| metrics.targetRevision | string | `"0.8.0"` | | +| metrics.targetRevision | string | `"0.8.1"` | | | network.enabled | bool | `false` | | | network.retain | bool | `true` | | -| network.targetRevision | string | `"0.2.1"` | | +| network.targetRevision | string | `"0.3.2"` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.enabled | bool | `false` | | -| storage.targetRevision | string | `"0.6.4"` | | +| storage.targetRevision | string | `"0.7.0"` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1) diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 86002fb..9d25311 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -8,21 +8,21 @@ HighAvailableControlplane: false addons: enabled: false - targetRevision: 0.5.5 + targetRevision: 0.6.0 network: enabled: false retain: true - targetRevision: 0.2.1 + targetRevision: 0.3.2 cert-manager: enabled: false namespace: cert-manager - targetRevision: 0.9.1 + targetRevision: 0.9.2 storage: enabled: false - targetRevision: 0.6.4 + targetRevision: 0.7.0 aws-ebs-csi-driver: enabled: false aws-efs-csi-driver: @@ -31,13 +31,13 @@ storage: istio: enabled: false namespace: istio-system - targetRevision: 0.8.1 + targetRevision: 0.8.2 istio-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.8.1 + targetRevision: 0.8.2 gateway: service: {} @@ -45,14 +45,14 @@ istio-private-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.8.0 + targetRevision: 0.8.2 gateway: service: {} metrics: enabled: false namespace: monitoring - targetRevision: 0.8.0 + targetRevision: 0.8.1 istio: grafana: {} prometheus: {} @@ -60,11 +60,11 @@ metrics: logging: enabled: false namespace: logging - targetRevision: 0.8.1 + targetRevision: 0.8.2 argocd: enabled: false namespace: argocd - targetRevision: 0.10.1 + targetRevision: 0.10.2 istio: enabled: false diff --git a/charts/manticore/README.md b/charts/manticore/README.md index c1a7d94..113f38c 100644 --- a/charts/manticore/README.md +++ b/charts/manticore/README.md @@ -1,8 +1,8 @@ -# clamav +# manticore -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.104.0](https://img.shields.io/badge/AppVersion-0.104.0-informational?style=flat-square) +![Version: 5.0.02](https://img.shields.io/badge/Version-5.0.02-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.02](https://img.shields.io/badge/AppVersion-5.0.02-informational?style=flat-square) -Chart for deploying a ClamavD on kubernetes as statfulSet +Chart for Manticore **Homepage:** @@ -10,33 +10,23 @@ Chart for deploying a ClamavD on kubernetes as statfulSet | Name | Email | Url | | ---- | ------ | --- | -| Quarky9 | | | +| Stefan Reimer | | | ## Requirements -Kubernetes: `>= 1.18.0` +Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 | +| | manticoresearch | =5.0.02 | +| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.4 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| clamav.freshclam.mirrors | string | `"database.clamav.net"` | A list of clamav mirrors to be used by the clamav service | -| clamav.image | string | `"clamav/clamav"` | The clamav docker image | -| clamav.limits.connectionQueueLength | int | `100` | Maximum length the queue of pending connections may grow to | -| clamav.limits.fileSize | int | `20` | The largest file size scanable by clamav, in MB | -| clamav.limits.maxThreads | int | `4` | Maximum number of threads running at the same time. | -| clamav.limits.scanSize | int | `100` | The largest scan size permitted in clamav, in MB | -| clamav.limits.sendBufTimeout | int | `500` | | -| clamav.replicaCount | int | `1` | | -| clamav.resources | object | `{"requests":{"cpu":"300m","memory":"1300M"}}` | The resource requests and limits for the clamav service | -| clamav.version | string | `"unstable"` | The clamav docker image version - defaults to .Chart.appVersion | -| fullnameOverride | string | `""` | override the full name of the clamav chart | -| nameOverride | string | `""` | override the name of the clamav chart | -| service.port | int | `3310` | The port to be used by the clamav service | +| manticoresearch.worker.replicaCount | int | `1` | | +| manticoresearch.worker.volume.size | string | `"4Gi"` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1)