From 526aab119239e4b182f83a1cc739d7c8b0d26e48 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 14:43:09 -0600 Subject: [PATCH] chore(deps): update prometheus-stack (#437) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/kube-state-metrics-fips](https://images.chainguard.dev/directory/image/kube-state-metrics-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/kube-state-metrics-fips)) | minor | `2.12.0` -> `2.13.0` | | [cgr.dev/du-uds-defenseunicorns/kube-webhook-certgen-fips](https://images.chainguard.dev/directory/image/kube-webhook-certgen-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/kube-webhook-certgen-fips)) | minor | `1.10.1` -> `1.11.2` | | [cgr.dev/du-uds-defenseunicorns/prometheus-config-reloader-fips](https://images.chainguard.dev/directory/image/prometheus-config-reloader-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/prometheus-config-reloader-fips)) | minor | `0.74.0` -> `0.76.1` | | [cgr.dev/du-uds-defenseunicorns/prometheus-fips](https://images.chainguard.dev/directory/image/prometheus-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/prometheus-fips)) | minor | `2.52.0` -> `2.54.1` | | [cgr.dev/du-uds-defenseunicorns/prometheus-node-exporter-fips](https://images.chainguard.dev/directory/image/prometheus-node-exporter-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/prometheus-node-exporter-fips)) | patch | `1.8.1` -> `1.8.2` | | [cgr.dev/du-uds-defenseunicorns/prometheus-operator-fips](https://images.chainguard.dev/directory/image/prometheus-operator-fips/overview) ([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/prometheus-operator-fips)) | minor | `0.74.0` -> `0.76.1` | | [kube-prometheus-stack](https://redirect.github.com/prometheus-operator/kube-prometheus) ([source](https://redirect.github.com/prometheus-community/helm-charts)) | major | `58.7.2` -> `62.4.0` | | [prometheus-operator-crds](https://redirect.github.com/prometheus-community/helm-charts) | major | `11.0.0` -> `14.0.0` | | quay.io/prometheus-operator/prometheus-config-reloader | minor | `v0.74.0` -> `v0.76.1` | | [quay.io/prometheus-operator/prometheus-operator](https://prometheus-operator.dev/) ([source](https://redirect.github.com/prometheus-operator/prometheus-operator)) | minor | `v0.74.0` -> `v0.76.1` | | quay.io/prometheus/node-exporter | patch | `v1.8.1` -> `v1.8.2` | | quay.io/prometheus/prometheus | minor | `v2.52.0` -> `v2.54.1` | | registry.k8s.io/kube-state-metrics/kube-state-metrics | minor | `v2.12.0` -> `v2.13.0` | | [registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx/) ([source](https://repo1.dso.mil/dsop/opensource/kubernetes/ingress-nginx/kube-webhook-certgen)) | minor | `v1.3.0` -> `v1.4.3` | | [registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics](https://redirect.github.com/kubernetes/kube-state-metrics) ([source](https://repo1.dso.mil/dsop/opensource/kubernetes/kube-state-metrics)) | minor | `v2.12.0` -> `v2.13.0` | | [registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader](https://redirect.github.com/prometheus-operator/prometheus-operator) ([source](https://repo1.dso.mil/dsop/opensource/prometheus-operator/prometheus-config-reloader)) | minor | `v0.74.0` -> `v0.76.1` | | [registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator](https://redirect.github.com/prometheus-operator/prometheus-operator) ([source](https://repo1.dso.mil/dsop/opensource/prometheus-operator/prometheus-operator)) | minor | `v0.74.0` -> `v0.76.1` | | [registry1.dso.mil/ironbank/opensource/prometheus/node-exporter](https://redirect.github.com/prometheus/node_exporter) ([source](https://repo1.dso.mil/dsop/opensource/prometheus/node-exporter)) | patch | `v1.8.1` -> `v1.8.2` | | [registry1.dso.mil/ironbank/opensource/prometheus/prometheus](https://prometheus.io/) ([source](https://repo1.dso.mil/dsop/opensource/prometheus/prometheus)) | minor | `v2.52.0` -> `v2.54.1` | --- ### Release Notes
prometheus-community/helm-charts (kube-prometheus-stack) ### [`v62.4.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-62.4.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.3.1...kube-prometheus-stack-62.4.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. #### What's Changed - \[kube-prometheus-stack] Bump grafana deps to 8.5.\* by [@​karthikpenugonda22](https://redirect.github.com/karthikpenugonda22) in [https://github.com/prometheus-community/helm-charts/pull/4835](https://redirect.github.com/prometheus-community/helm-charts/pull/4835) #### New Contributors - [@​karthikpenugonda22](https://redirect.github.com/karthikpenugonda22) made their first contribution in [https://github.com/prometheus-community/helm-charts/pull/4835](https://redirect.github.com/prometheus-community/helm-charts/pull/4835) **Full Changelog**: https://github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.3.1...kube-prometheus-stack-62.4.0 ### [`v62.3.1`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-62.3.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.3.0...kube-prometheus-stack-62.3.1) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. ##### What's Changed - \[kube-prometheus-stack] Bump Prometheus to 2.54.1 by [@​tobiasamft](https://redirect.github.com/tobiasamft) in [https://github.com/prometheus-community/helm-charts/pull/4824](https://redirect.github.com/prometheus-community/helm-charts/pull/4824) ##### New Contributors - [@​tobiasamft](https://redirect.github.com/tobiasamft) made their first contribution in [https://github.com/prometheus-community/helm-charts/pull/4824](https://redirect.github.com/prometheus-community/helm-charts/pull/4824) **Full Changelog**: https://github.com/prometheus-community/helm-charts/compare/prometheus-25.27.0...kube-prometheus-stack-62.3.1 ### [`v62.3.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-62.3.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.2.1...kube-prometheus-stack-62.3.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. ##### What's Changed - \[kube-prometheus-stack] Bump node exporter dependency correcting service labels by [@​zeritti](https://redirect.github.com/zeritti) in [https://github.com/prometheus-community/helm-charts/pull/4809](https://redirect.github.com/prometheus-community/helm-charts/pull/4809) **Full Changelog**: https://github.com/prometheus-community/helm-charts/compare/prometheus-postgres-exporter-6.3.1...kube-prometheus-stack-62.3.0 ### [`v62.2.1`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-62.2.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.2.0...kube-prometheus-stack-62.2.1) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. ##### What's Changed - \[kube-prometheus-stack] Adds web spec to `thanosRulerSpec` by [@​jalev](https://redirect.github.com/jalev) in [https://github.com/prometheus-community/helm-charts/pull/4806](https://redirect.github.com/prometheus-community/helm-charts/pull/4806) ##### New Contributors - [@​jalev](https://redirect.github.com/jalev) made their first contribution in [https://github.com/prometheus-community/helm-charts/pull/4806](https://redirect.github.com/prometheus-community/helm-charts/pull/4806) **Full Changelog**: https://github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.2.0...kube-prometheus-stack-62.2.1 ### [`v62.2.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-62.2.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.1.0...kube-prometheus-stack-62.2.0) kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. ##### What's Changed - \[kube-state-metrics] Make fsType selector configurable by [@​jkroepke](https://redirect.github.com/jkroepke) in [https://github.com/prometheus-community/helm-charts/pull/4805](https://redirect.github.com/prometheus-community/helm-charts/pull/4805) **Full Changelog**: https://github.com/prometheus-community/helm-charts/compare/prometheus-operator-crds-14.0.0...kube-prometheus-stack-62.2.0 ### [`v62.1.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.0.0...kube-prometheus-stack-62.1.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-62.0.0...kube-prometheus-stack-62.1.0) ### [`v62.0.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.9.0...kube-prometheus-stack-62.0.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.9.0...kube-prometheus-stack-62.0.0) ### [`v61.9.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.8.0...kube-prometheus-stack-61.9.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.8.0...kube-prometheus-stack-61.9.0) ### [`v61.8.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.7.2...kube-prometheus-stack-61.8.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.7.2...kube-prometheus-stack-61.8.0) ### [`v61.7.2`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.7.1...kube-prometheus-stack-61.7.2) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.7.1...kube-prometheus-stack-61.7.2) ### [`v61.7.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.7.0...kube-prometheus-stack-61.7.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.7.0...kube-prometheus-stack-61.7.1) ### [`v61.7.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.6.1...kube-prometheus-stack-61.7.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.6.1...kube-prometheus-stack-61.7.0) ### [`v61.6.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.6.0...kube-prometheus-stack-61.6.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.6.0...kube-prometheus-stack-61.6.1) ### [`v61.6.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.5.0...kube-prometheus-stack-61.6.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.5.0...kube-prometheus-stack-61.6.0) ### [`v61.5.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.4.0...kube-prometheus-stack-61.5.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.4.0...kube-prometheus-stack-61.5.0) ### [`v61.4.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.3...kube-prometheus-stack-61.4.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.3...kube-prometheus-stack-61.4.0) ### [`v61.3.3`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.2...kube-prometheus-stack-61.3.3) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.2...kube-prometheus-stack-61.3.3) ### [`v61.3.2`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.1...kube-prometheus-stack-61.3.2) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.1...kube-prometheus-stack-61.3.2) ### [`v61.3.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.0...kube-prometheus-stack-61.3.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.3.0...kube-prometheus-stack-61.3.1) ### [`v61.3.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.2.0...kube-prometheus-stack-61.3.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.2.0...kube-prometheus-stack-61.3.0) ### [`v61.2.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.1.1...kube-prometheus-stack-61.2.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.1.1...kube-prometheus-stack-61.2.0) ### [`v61.1.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.1.0...kube-prometheus-stack-61.1.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.1.0...kube-prometheus-stack-61.1.1) ### [`v61.1.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.0.0...kube-prometheus-stack-61.1.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-61.0.0...kube-prometheus-stack-61.1.0) ### [`v61.0.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.5.0...kube-prometheus-stack-61.0.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.5.0...kube-prometheus-stack-61.0.0) ### [`v60.5.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.4.0...kube-prometheus-stack-60.5.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.4.0...kube-prometheus-stack-60.5.0) ### [`v60.4.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.3.0...kube-prometheus-stack-60.4.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.3.0...kube-prometheus-stack-60.4.0) ### [`v60.3.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.2.0...kube-prometheus-stack-60.3.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.2.0...kube-prometheus-stack-60.3.0) ### [`v60.2.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.1.0...kube-prometheus-stack-60.2.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.1.0...kube-prometheus-stack-60.2.0) ### [`v60.1.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.0.2...kube-prometheus-stack-60.1.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.0.2...kube-prometheus-stack-60.1.0) ### [`v60.0.2`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.0.1...kube-prometheus-stack-60.0.2) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.0.1...kube-prometheus-stack-60.0.2) ### [`v60.0.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.0.0...kube-prometheus-stack-60.0.1) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-60.0.0...kube-prometheus-stack-60.0.1) ### [`v60.0.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-59.1.0...kube-prometheus-stack-60.0.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-59.1.0...kube-prometheus-stack-60.0.0) ### [`v59.1.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-59.0.0...kube-prometheus-stack-59.1.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-59.0.0...kube-prometheus-stack-59.1.0) ### [`v59.0.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-58.7.2...kube-prometheus-stack-59.0.0) [Compare Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-58.7.2...kube-prometheus-stack-59.0.0)
prometheus-operator/prometheus-operator (quay.io/prometheus-operator/prometheus-operator) ### [`v0.76.1`](https://redirect.github.com/prometheus-operator/prometheus-operator/releases/tag/v0.76.1) [Compare Source](https://redirect.github.com/prometheus-operator/prometheus-operator/compare/v0.76.0...v0.76.1) - \[BUGFIX] fix bug with Kubernetes service discovery Selector.Role field. [#​6896](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6896) ### [`v0.76.0`](https://redirect.github.com/prometheus-operator/prometheus-operator/releases/tag/v0.76.0) [Compare Source](https://redirect.github.com/prometheus-operator/prometheus-operator/compare/v0.75.2...v0.76.0) #### 0.76.0 / 2025-08-08 - \[CHANGE] Enhanced secret management in Prometheus and PrometheusAgent CRDs by switching the secrets field from atomic to listType: set, allowing independent handling of entries by different managers to prevent conflicts and improve deployment stability. [#​6762](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6762) - \[CHANGE] Add API-level validations to Kubernetes SD in the ScrapeConfig CRD. [#​6678](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6678) - \[FEATURE] Add TLS and Proxy settings to OAuth2 configuration for Prometheus and PrometheusAgent CRDs. [#​6735](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6735) - \[FEATURE] Add support for OAuth2 in the ScrapeConfig CRD. [#​6814](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6814) - \[FEATURE] Add scale subresource to the Alertmanger CRD. [#​6728](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6728) - \[FEATURE] Add Scaleway service discovery to the ScrapeConfig CRD. [#​6711](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6711) - \[FEATURE] Add `serviceDiscoveryRole` field to the Prometheus and PrometheusAgent CRDs to select between Endpoints (default) and EndpointSlice for discovering scrape and alerting targets. [#​6672](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6672) - \[ENHANCEMENT] Make the `namespace` field optional in the Alertmanager endpoints configuration of the Prometheus CRD, if not defined it will use the `default` namespace. [#​6338](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6338) - \[ENHANCEMENT] Add support to configure the TLS version for Prometheus, PrometheusAgent and Alertmanager CRDs. [#​6736](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6736) - \[ENHANCEMENT] Add `-secret-label-selector` argument to the operator to filter the Secrets being watched. [#​6731](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6731) - \[ENHANCEMENT] Add `attachMetadata` field to ScrapeClasses. [#​6756](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6756) - \[BUGFIX] Add support for all proxy settings in the Alertmanager configuration. [#​6818](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6818) ### [`v0.75.2`](https://redirect.github.com/prometheus-operator/prometheus-operator/releases/tag/v0.75.2): 0.75.2 / 2024-07-23 [Compare Source](https://redirect.github.com/prometheus-operator/prometheus-operator/compare/v0.75.1...v0.75.2) - \[BUGFIX] Avoid invalid alerting config with TLS. [#​6765](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6765) ### [`v0.75.1`](https://redirect.github.com/prometheus-operator/prometheus-operator/releases/tag/v0.75.1): 0.75.1 / 2024-07-02 [Compare Source](https://redirect.github.com/prometheus-operator/prometheus-operator/compare/v0.75.0...v0.75.1) - \[BUGFIX] Fix OVHCloud service discovery configs key error. [#​6723](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6723) ### [`v0.75.0`](https://redirect.github.com/prometheus-operator/prometheus-operator/releases/tag/v0.75.0): 0.75.0 / 2024-06-26 [Compare Source](https://redirect.github.com/prometheus-operator/prometheus-operator/compare/v0.74.0...v0.75.0) - \[CHANGE] Global limits over enforced limits when no user limits are set. [#​6608](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6608) - \[CHANGE/BUGFIX] Use a separate port number (`8081`) for the init container. [#​6635](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6635) - \[FEATURE] Add `source` field in `pagerdutyConfigs` in `AlertManangerConfig` CRD. [#​6427](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6427) - \[FEATURE] Add `DockerSwarm` Service Discovery support in the ScrapeConfig CRD. [#​6633](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6633) - \[FEATURE] Add `Linode` Service Discovery support in the ScrapeConfig CRD. [#​6586](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6586) - \[FEATURE] Add `PuppetDB` Service Discovery support in the ScrapeConfig CRD. [#​6651](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6651) - \[FEATURE] Add `LightSail` Service Discovery support in the ScrapeConfig CRD. [#​6660](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6660) - \[FEATURE] Add `OVHCloud` Service Discovery support in the ScrapeConfig CRD. [#​6689](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6689) - \[FEATURE] Add extra metric relabelings to scrape classes. [#​6492](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6492) - \[FEATURE] Add `jobName` field to ScrapeConfig CRD. [#​6618](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6618) - \[FEATURE] Add automatic memory limit handling using the flag `-auto-gomemlimit-ratio`. [#​6591](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6591) - \[FEATURE] Add support for ProxyConfig in Prometheus RemoteWrite and RemoteRead specs. [#​6512](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6512) - \[ENHANCEMENT] Add automatic `GOMAXPROCS` to admission webhook. [#​6599](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6599) - \[ENHANCEMENT] Add `prometheus_operator_feature_gate_info` metric. [#​6655](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6655) - \[BUGFIX] Fix reloading `Alertmanager` when notification templates change. [#​6607](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6607) - \[BUGFIX] Fix PrometheusAgent reconciliation for the statefulset changes. [#​6615](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6615) - \[BUGFIX] Fix readiness/liveness probes for config-reloader when listenLocal is set to true. [#​6698](https://redirect.github.com/prometheus-operator/prometheus-operator/issues/6698)
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Micah Nagel --- .../chart/templates/service-http.yaml | 4 + src/keycloak/chart/templates/uds-package.yaml | 4 +- .../crd/generated/prometheus/podmonitor-v1.ts | 361 +++++++++++++++-- .../generated/prometheus/servicemonitor-v1.ts | 365 ++++++++++++++++-- .../templates/prometheus-pod-monitor.yaml | 5 + src/prometheus-stack/common/zarf.yaml | 2 +- src/prometheus-stack/tasks.yaml | 9 + .../values/registry1-values.yaml | 12 +- .../values/unicorn-values.yaml | 12 +- .../values/upstream-values.yaml | 12 +- src/prometheus-stack/zarf.yaml | 38 +- 11 files changed, 730 insertions(+), 94 deletions(-) diff --git a/src/keycloak/chart/templates/service-http.yaml b/src/keycloak/chart/templates/service-http.yaml index bb2bd1c42..d3be8dd2e 100644 --- a/src/keycloak/chart/templates/service-http.yaml +++ b/src/keycloak/chart/templates/service-http.yaml @@ -27,5 +27,9 @@ spec: port: 8080 targetPort: http protocol: TCP + - name: http-metrics + port: 9000 + targetPort: metrics + protocol: TCP selector: {{- include "keycloak.selectorLabels" . | nindent 4 }} diff --git a/src/keycloak/chart/templates/uds-package.yaml b/src/keycloak/chart/templates/uds-package.yaml index 4ef21c99b..6ea6a2756 100644 --- a/src/keycloak/chart/templates/uds-package.yaml +++ b/src/keycloak/chart/templates/uds-package.yaml @@ -10,8 +10,8 @@ spec: app.kubernetes.io/component: http podSelector: app.kubernetes.io/name: keycloak - targetPort: 8080 - portName: http + targetPort: 9000 + portName: http-metrics description: Metrics network: diff --git a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts index d2e9f3f9a..77bd51537 100644 --- a/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/podmonitor-v1.ts @@ -3,7 +3,17 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; /** - * PodMonitor defines monitoring for a set of pods. + * The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and + * `PrometheusAgent` can scrape metrics from a group of pods. + * Among other things, it allows to specify: + * * The pods to scrape via label selectors. + * * The container ports to scrape. + * * Authentication credentials to use. + * * Target and metric relabeling. + * + * + * `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and + * namespace selectors. */ export class PodMonitor extends GenericKind { /** @@ -21,7 +31,7 @@ export interface Spec { * discovered targets. * * - * It requires Prometheus >= v2.37.0. + * It requires Prometheus >= v2.35.0. */ attachMetadata?: AttachMetadata; /** @@ -77,12 +87,13 @@ export interface Spec { */ labelValueLengthLimit?: number; /** - * Selector to select which namespaces the Kubernetes `Pods` objects - * are discovered from. + * `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + * By default, the pods are discovered in the same namespace as the `PodMonitor` object but + * it is possible to select pods across different/all namespaces. */ namespaceSelector?: NamespaceSelector; /** - * List of endpoints part of this PodMonitor. + * Defines how to scrape metrics from the selected pods. */ podMetricsEndpoints?: PodMetricsEndpoint[]; /** @@ -113,7 +124,7 @@ export interface Spec { */ scrapeProtocols?: ScrapeProtocol[]; /** - * Label selector to select the Kubernetes `Pod` objects. + * Label selector to select the Kubernetes `Pod` objects to scrape metrics from. */ selector: Selector; /** @@ -128,19 +139,24 @@ export interface Spec { * discovered targets. * * - * It requires Prometheus >= v2.37.0. + * It requires Prometheus >= v2.35.0. */ export interface AttachMetadata { /** - * When set to true, Prometheus must have the `get` permission on the - * `Nodes` objects. + * When set to true, Prometheus attaches node metadata to the discovered + * targets. + * + * + * The Prometheus service account must have the `list` and `watch` + * permissions on the `Nodes` objects. */ node?: boolean; } /** - * Selector to select which namespaces the Kubernetes `Pods` objects - * are discovered from. + * `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + * By default, the pods are discovered in the same namespace as the `PodMonitor` object but + * it is possible to select pods across different/all namespaces. */ export interface NamespaceSelector { /** @@ -304,7 +320,7 @@ export interface PodMetricsEndpoint { /** * TLS configuration to use when scraping the target. */ - tlsConfig?: TLSConfig; + tlsConfig?: PodMetricsEndpointTLSConfig; /** * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of * the metrics that have an explicit timestamp present in scraped data. @@ -591,10 +607,48 @@ export interface Oauth2 { * URL. */ endpointParams?: { [key: string]: string }; + /** + * `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + * that should be excluded from proxying. IP and domain names can + * contain port numbers. + * + * + * It requires Prometheus >= v2.43.0. + */ + noProxy?: string; + /** + * ProxyConnectHeader optionally specifies headers to send to + * proxies during CONNECT requests. + * + * + * It requires Prometheus >= v2.43.0. + */ + proxyConnectHeader?: { [key: string]: ProxyConnectHeader[] }; + /** + * Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, + * HTTPS_PROXY, and NO_PROXY). + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.43.0. + */ + proxyFromEnvironment?: boolean; + /** + * `proxyURL` defines the HTTP proxy server to use. + * + * + * It requires Prometheus >= v2.43.0. + */ + proxyUrl?: string; /** * `scopes` defines the OAuth2 scopes used for the token request. */ scopes?: string[]; + /** + * TLS configuration to use when connecting to the OAuth2 server. + * It requires Prometheus >= v2.43.0. + */ + tlsConfig?: Oauth2TLSConfig; /** * `tokenURL` configures the URL to fetch the token from. */ @@ -692,6 +746,243 @@ export interface ClientSecret { optional?: boolean; } +/** + * SecretKeySelector selects a key of a Secret. + */ +export interface ProxyConnectHeader { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * TLS configuration to use when connecting to the OAuth2 server. + * It requires Prometheus >= v2.43.0. + */ +export interface Oauth2TLSConfig { + /** + * Certificate authority used when verifying server certificates. + */ + ca?: PurpleCA; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: PurpleCERT; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: PurpleKeySecret; + /** + * Maximum acceptable TLS version. + * + * + * It requires Prometheus >= v2.41.0. + */ + maxVersion?: Version; + /** + * Minimum acceptable TLS version. + * + * + * It requires Prometheus >= v2.35.0. + */ + minVersion?: Version; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; +} + +/** + * Certificate authority used when verifying server certificates. + */ +export interface PurpleCA { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: PurpleConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: PurpleSecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface PurpleConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface PurpleSecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Client certificate to present when doing client-authentication. + */ +export interface PurpleCERT { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: FluffyConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: FluffySecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface FluffyConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface FluffySecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing the client key file for the targets. + */ +export interface PurpleKeySecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Maximum acceptable TLS version. + * + * + * It requires Prometheus >= v2.41.0. + * + * Minimum acceptable TLS version. + * + * + * It requires Prometheus >= v2.35.0. + */ +export enum Version { + Tls10 = "TLS10", + Tls11 = "TLS11", + Tls12 = "TLS12", + Tls13 = "TLS13", +} + /** * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, * scraped samples and remote write samples. @@ -772,15 +1063,15 @@ export enum Scheme { /** * TLS configuration to use when scraping the target. */ -export interface TLSConfig { +export interface PodMetricsEndpointTLSConfig { /** * Certificate authority used when verifying server certificates. */ - ca?: CA; + ca?: FluffyCA; /** * Client certificate to present when doing client-authentication. */ - cert?: CERT; + cert?: FluffyCERT; /** * Disable target certificate validation. */ @@ -788,7 +1079,21 @@ export interface TLSConfig { /** * Secret containing the client key file for the targets. */ - keySecret?: KeySecret; + keySecret?: FluffyKeySecret; + /** + * Maximum acceptable TLS version. + * + * + * It requires Prometheus >= v2.41.0. + */ + maxVersion?: Version; + /** + * Minimum acceptable TLS version. + * + * + * It requires Prometheus >= v2.35.0. + */ + minVersion?: Version; /** * Used to verify the hostname for the targets. */ @@ -798,21 +1103,21 @@ export interface TLSConfig { /** * Certificate authority used when verifying server certificates. */ -export interface CA { +export interface FluffyCA { /** * ConfigMap containing data to use for the targets. */ - configMap?: CAConfigMap; + configMap?: TentacledConfigMap; /** * Secret containing data to use for the targets. */ - secret?: CASecret; + secret?: TentacledSecret; } /** * ConfigMap containing data to use for the targets. */ -export interface CAConfigMap { +export interface TentacledConfigMap { /** * The key to select. */ @@ -837,7 +1142,7 @@ export interface CAConfigMap { /** * Secret containing data to use for the targets. */ -export interface CASecret { +export interface TentacledSecret { /** * The key of the secret to select from. Must be a valid secret key. */ @@ -862,21 +1167,21 @@ export interface CASecret { /** * Client certificate to present when doing client-authentication. */ -export interface CERT { +export interface FluffyCERT { /** * ConfigMap containing data to use for the targets. */ - configMap?: CERTConfigMap; + configMap?: StickyConfigMap; /** * Secret containing data to use for the targets. */ - secret?: CERTSecret; + secret?: StickySecret; } /** * ConfigMap containing data to use for the targets. */ -export interface CERTConfigMap { +export interface StickyConfigMap { /** * The key to select. */ @@ -901,7 +1206,7 @@ export interface CERTConfigMap { /** * Secret containing data to use for the targets. */ -export interface CERTSecret { +export interface StickySecret { /** * The key of the secret to select from. Must be a valid secret key. */ @@ -926,7 +1231,7 @@ export interface CERTSecret { /** * Secret containing the client key file for the targets. */ -export interface KeySecret { +export interface FluffyKeySecret { /** * The key of the secret to select from. Must be a valid secret key. */ @@ -964,7 +1269,7 @@ export enum ScrapeProtocol { } /** - * Label selector to select the Kubernetes `Pod` objects. + * Label selector to select the Kubernetes `Pod` objects to scrape metrics from. */ export interface Selector { /** diff --git a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts index 17c09c2a4..94ea5b299 100644 --- a/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts +++ b/src/pepr/operator/crd/generated/prometheus/servicemonitor-v1.ts @@ -3,7 +3,17 @@ import { GenericKind, RegisterKind } from "kubernetes-fluent-client"; /** - * ServiceMonitor defines monitoring for a set of services. + * The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and + * `PrometheusAgent` can scrape metrics from a group of services. + * Among other things, it allows to specify: + * * The services to scrape via label selectors. + * * The container ports to scrape. + * * Authentication credentials to use. + * * Target and metric relabeling. + * + * + * `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label + * and namespace selectors. */ export class ServiceMonitor extends GenericKind { /** @@ -36,8 +46,14 @@ export interface Spec { bodySizeLimit?: string; /** * List of endpoints part of this ServiceMonitor. + * Defines how to scrape metrics from Kubernetes + * [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) + * objects. + * In most cases, an Endpoints object is backed by a Kubernetes + * [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with + * the same name and labels. */ - endpoints?: Endpoint[]; + endpoints: Endpoint[]; /** * `jobLabel` selects the label from the associated Kubernetes `Service` * object which will be used as the `job` label for all metrics. @@ -83,8 +99,10 @@ export interface Spec { */ labelValueLengthLimit?: number; /** - * Selector to select which namespaces the Kubernetes `Endpoints` objects - * are discovered from. + * `namespaceSelector` defines in which namespace(s) Prometheus should discover the + * services. + * By default, the services are discovered in the same namespace as the `ServiceMonitor` + * object but it is possible to select pods across different/all namespaces. */ namespaceSelector?: NamespaceSelector; /** @@ -115,7 +133,7 @@ export interface Spec { */ scrapeProtocols?: ScrapeProtocol[]; /** - * Label selector to select the Kubernetes `Endpoints` objects. + * Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. */ selector: Selector; /** @@ -139,8 +157,12 @@ export interface Spec { */ export interface AttachMetadata { /** - * When set to true, Prometheus must have the `get` permission on the - * `Nodes` objects. + * When set to true, Prometheus attaches node metadata to the discovered + * targets. + * + * + * The Prometheus service account must have the `list` and `watch` + * permissions on the `Nodes` objects. */ node?: boolean; } @@ -299,7 +321,7 @@ export interface Endpoint { /** * TLS configuration to use when scraping the target. */ - tlsConfig?: TLSConfig; + tlsConfig?: EndpointTLSConfig; /** * `trackTimestampsStaleness` defines whether Prometheus tracks staleness of * the metrics that have an explicit timestamp present in scraped data. @@ -586,10 +608,48 @@ export interface Oauth2 { * URL. */ endpointParams?: { [key: string]: string }; + /** + * `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + * that should be excluded from proxying. IP and domain names can + * contain port numbers. + * + * + * It requires Prometheus >= v2.43.0. + */ + noProxy?: string; + /** + * ProxyConnectHeader optionally specifies headers to send to + * proxies during CONNECT requests. + * + * + * It requires Prometheus >= v2.43.0. + */ + proxyConnectHeader?: { [key: string]: ProxyConnectHeader[] }; + /** + * Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, + * HTTPS_PROXY, and NO_PROXY). + * If unset, Prometheus uses its default value. + * + * + * It requires Prometheus >= v2.43.0. + */ + proxyFromEnvironment?: boolean; + /** + * `proxyURL` defines the HTTP proxy server to use. + * + * + * It requires Prometheus >= v2.43.0. + */ + proxyUrl?: string; /** * `scopes` defines the OAuth2 scopes used for the token request. */ scopes?: string[]; + /** + * TLS configuration to use when connecting to the OAuth2 server. + * It requires Prometheus >= v2.43.0. + */ + tlsConfig?: Oauth2TLSConfig; /** * `tokenURL` configures the URL to fetch the token from. */ @@ -687,6 +747,243 @@ export interface ClientSecret { optional?: boolean; } +/** + * SecretKeySelector selects a key of a Secret. + */ +export interface ProxyConnectHeader { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * TLS configuration to use when connecting to the OAuth2 server. + * It requires Prometheus >= v2.43.0. + */ +export interface Oauth2TLSConfig { + /** + * Certificate authority used when verifying server certificates. + */ + ca?: PurpleCA; + /** + * Client certificate to present when doing client-authentication. + */ + cert?: PurpleCERT; + /** + * Disable target certificate validation. + */ + insecureSkipVerify?: boolean; + /** + * Secret containing the client key file for the targets. + */ + keySecret?: PurpleKeySecret; + /** + * Maximum acceptable TLS version. + * + * + * It requires Prometheus >= v2.41.0. + */ + maxVersion?: Version; + /** + * Minimum acceptable TLS version. + * + * + * It requires Prometheus >= v2.35.0. + */ + minVersion?: Version; + /** + * Used to verify the hostname for the targets. + */ + serverName?: string; +} + +/** + * Certificate authority used when verifying server certificates. + */ +export interface PurpleCA { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: PurpleConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: PurpleSecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface PurpleConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface PurpleSecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Client certificate to present when doing client-authentication. + */ +export interface PurpleCERT { + /** + * ConfigMap containing data to use for the targets. + */ + configMap?: FluffyConfigMap; + /** + * Secret containing data to use for the targets. + */ + secret?: FluffySecret; +} + +/** + * ConfigMap containing data to use for the targets. + */ +export interface FluffyConfigMap { + /** + * The key to select. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the ConfigMap or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing data to use for the targets. + */ +export interface FluffySecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Secret containing the client key file for the targets. + */ +export interface PurpleKeySecret { + /** + * The key of the secret to select from. Must be a valid secret key. + */ + key: string; + /** + * Name of the referent. + * This field is effectively required, but due to backwards compatibility is + * allowed to be empty. Instances of this type with an empty value here are + * almost certainly wrong. + * TODO: Add other useful fields. apiVersion, kind, uid? + * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + * TODO: Drop `kubebuilder:default` when controller-gen doesn't need it + * https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + */ + name?: string; + /** + * Specify whether the Secret or its key must be defined + */ + optional?: boolean; +} + +/** + * Maximum acceptable TLS version. + * + * + * It requires Prometheus >= v2.41.0. + * + * Minimum acceptable TLS version. + * + * + * It requires Prometheus >= v2.35.0. + */ +export enum Version { + Tls10 = "TLS10", + Tls11 = "TLS11", + Tls12 = "TLS12", + Tls13 = "TLS13", +} + /** * RelabelConfig allows dynamic rewriting of the label set for targets, alerts, * scraped samples and remote write samples. @@ -767,11 +1064,11 @@ export enum Scheme { /** * TLS configuration to use when scraping the target. */ -export interface TLSConfig { +export interface EndpointTLSConfig { /** * Certificate authority used when verifying server certificates. */ - ca?: CA; + ca?: FluffyCA; /** * Path to the CA cert in the Prometheus container to use for the targets. */ @@ -779,7 +1076,7 @@ export interface TLSConfig { /** * Client certificate to present when doing client-authentication. */ - cert?: CERT; + cert?: FluffyCERT; /** * Path to the client cert file in the Prometheus container for the targets. */ @@ -795,7 +1092,21 @@ export interface TLSConfig { /** * Secret containing the client key file for the targets. */ - keySecret?: KeySecret; + keySecret?: FluffyKeySecret; + /** + * Maximum acceptable TLS version. + * + * + * It requires Prometheus >= v2.41.0. + */ + maxVersion?: Version; + /** + * Minimum acceptable TLS version. + * + * + * It requires Prometheus >= v2.35.0. + */ + minVersion?: Version; /** * Used to verify the hostname for the targets. */ @@ -805,21 +1116,21 @@ export interface TLSConfig { /** * Certificate authority used when verifying server certificates. */ -export interface CA { +export interface FluffyCA { /** * ConfigMap containing data to use for the targets. */ - configMap?: CAConfigMap; + configMap?: TentacledConfigMap; /** * Secret containing data to use for the targets. */ - secret?: CASecret; + secret?: TentacledSecret; } /** * ConfigMap containing data to use for the targets. */ -export interface CAConfigMap { +export interface TentacledConfigMap { /** * The key to select. */ @@ -844,7 +1155,7 @@ export interface CAConfigMap { /** * Secret containing data to use for the targets. */ -export interface CASecret { +export interface TentacledSecret { /** * The key of the secret to select from. Must be a valid secret key. */ @@ -869,21 +1180,21 @@ export interface CASecret { /** * Client certificate to present when doing client-authentication. */ -export interface CERT { +export interface FluffyCERT { /** * ConfigMap containing data to use for the targets. */ - configMap?: CERTConfigMap; + configMap?: StickyConfigMap; /** * Secret containing data to use for the targets. */ - secret?: CERTSecret; + secret?: StickySecret; } /** * ConfigMap containing data to use for the targets. */ -export interface CERTConfigMap { +export interface StickyConfigMap { /** * The key to select. */ @@ -908,7 +1219,7 @@ export interface CERTConfigMap { /** * Secret containing data to use for the targets. */ -export interface CERTSecret { +export interface StickySecret { /** * The key of the secret to select from. Must be a valid secret key. */ @@ -933,7 +1244,7 @@ export interface CERTSecret { /** * Secret containing the client key file for the targets. */ -export interface KeySecret { +export interface FluffyKeySecret { /** * The key of the secret to select from. Must be a valid secret key. */ @@ -956,8 +1267,10 @@ export interface KeySecret { } /** - * Selector to select which namespaces the Kubernetes `Endpoints` objects - * are discovered from. + * `namespaceSelector` defines in which namespace(s) Prometheus should discover the + * services. + * By default, the services are discovered in the same namespace as the `ServiceMonitor` + * object but it is possible to select pods across different/all namespaces. */ export interface NamespaceSelector { /** @@ -987,7 +1300,7 @@ export enum ScrapeProtocol { } /** - * Label selector to select the Kubernetes `Endpoints` objects. + * Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. */ export interface Selector { /** diff --git a/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml b/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml index 29f2827c2..06bcd9e5c 100644 --- a/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml +++ b/src/prometheus-stack/chart/templates/prometheus-pod-monitor.yaml @@ -13,6 +13,11 @@ spec: podMetricsEndpoints: - port: http-web - port: reloader-web + # Ensure we filter out the init containers + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_init] + regex: "true" + action: drop namespaceSelector: matchNames: - monitoring diff --git a/src/prometheus-stack/common/zarf.yaml b/src/prometheus-stack/common/zarf.yaml index 20025a485..6973bb730 100644 --- a/src/prometheus-stack/common/zarf.yaml +++ b/src/prometheus-stack/common/zarf.yaml @@ -15,7 +15,7 @@ components: - name: kube-prometheus-stack namespace: monitoring url: https://prometheus-community.github.io/helm-charts - version: 58.7.2 + version: 62.4.0 valuesFiles: - "../values/values.yaml" actions: diff --git a/src/prometheus-stack/tasks.yaml b/src/prometheus-stack/tasks.yaml index d9b8cfab5..3c0c34505 100644 --- a/src/prometheus-stack/tasks.yaml +++ b/src/prometheus-stack/tasks.yaml @@ -29,3 +29,12 @@ tasks: name: app.kubernetes.io/name=prometheus-node-exporter namespace: monitoring condition: Ready + # Below task can be used to generate CRD types, but is commented out pending resolution of https://github.com/defenseunicorns/kubernetes-fluent-client/issues/374 + # - name: gen-crds + # actions: + # - description: Generate servicemonitor types + # cmd: "npx kubernetes-fluent-client crd https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.76.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml src/pepr/operator/crd/generated/prometheus" + # - description: Generate podmonitor types + # cmd: "npx kubernetes-fluent-client crd https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.76.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml src/pepr/operator/crd/generated/prometheus" + # - description: Pepr Format + # cmd: "npx pepr format" diff --git a/src/prometheus-stack/values/registry1-values.yaml b/src/prometheus-stack/values/registry1-values.yaml index 65e36453a..39669edea 100644 --- a/src/prometheus-stack/values/registry1-values.yaml +++ b/src/prometheus-stack/values/registry1-values.yaml @@ -8,7 +8,7 @@ kube-state-metrics: image: registry: registry1.dso.mil repository: ironbank/opensource/kubernetes/kube-state-metrics - tag: v2.12.0 + tag: v2.13.0 securityContext: enabled: true fsGroup: 65532 @@ -20,12 +20,12 @@ prometheus: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus/prometheus - tag: v2.52.0 + tag: v2.54.1 prometheus-node-exporter: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus/node-exporter - tag: v1.8.1 + tag: v1.8.2 prometheusOperator: admissionWebhooks: containerSecurityContext: @@ -37,7 +37,7 @@ prometheusOperator: image: registry: registry1.dso.mil repository: ironbank/opensource/ingress-nginx/kube-webhook-certgen - tag: v1.3.0 + tag: v1.4.3 registry: registry1.dso.mil repository: ironbank/opensource/ingress-nginx/kube-webhook-certgen tag: v1.3.0 @@ -48,9 +48,9 @@ prometheusOperator: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus-operator/prometheus-operator - tag: v0.74.0 + tag: v0.76.1 prometheusConfigReloader: image: registry: registry1.dso.mil repository: ironbank/opensource/prometheus-operator/prometheus-config-reloader - tag: v0.74.0 + tag: v0.76.1 diff --git a/src/prometheus-stack/values/unicorn-values.yaml b/src/prometheus-stack/values/unicorn-values.yaml index 67d689058..2154d057c 100644 --- a/src/prometheus-stack/values/unicorn-values.yaml +++ b/src/prometheus-stack/values/unicorn-values.yaml @@ -8,7 +8,7 @@ kube-state-metrics: image: registry: cgr.dev repository: du-uds-defenseunicorns/kube-state-metrics-fips - tag: 2.12.0 + tag: 2.13.0 securityContext: enabled: true fsGroup: 65532 @@ -20,12 +20,12 @@ prometheus: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-fips - tag: 2.52.0 + tag: 2.54.1 prometheus-node-exporter: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-node-exporter-fips - tag: 1.8.1 + tag: 1.8.2 prometheusOperator: admissionWebhooks: containerSecurityContext: @@ -37,7 +37,7 @@ prometheusOperator: image: registry: cgr.dev repository: du-uds-defenseunicorns/kube-webhook-certgen-fips - tag: 1.10.1 + tag: 1.11.2 registry: cgr.dev repository: du-uds-defenseunicorns/kube-webhook-certgen-fips tag: 1.10.1 @@ -48,9 +48,9 @@ prometheusOperator: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-operator-fips - tag: 0.74.0 + tag: 0.76.1 prometheusConfigReloader: image: registry: cgr.dev repository: du-uds-defenseunicorns/prometheus-config-reloader-fips - tag: 0.74.0 + tag: 0.76.1 diff --git a/src/prometheus-stack/values/upstream-values.yaml b/src/prometheus-stack/values/upstream-values.yaml index f8d260d18..e7b426c09 100644 --- a/src/prometheus-stack/values/upstream-values.yaml +++ b/src/prometheus-stack/values/upstream-values.yaml @@ -8,7 +8,7 @@ kube-state-metrics: image: registry: registry.k8s.io repository: kube-state-metrics/kube-state-metrics - tag: v2.12.0 + tag: v2.13.0 securityContext: enabled: true fsGroup: 65534 @@ -20,19 +20,19 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v2.52.0 + tag: v2.54.1 prometheus-node-exporter: image: registry: quay.io repository: prometheus/node-exporter - tag: v1.8.1 + tag: v1.8.2 prometheusOperator: admissionWebhooks: patch: image: registry: registry.k8s.io repository: ingress-nginx/kube-webhook-certgen - tag: v20221220-controller-v1.5.1-58-g787ea74b6 + tag: v1.4.3 securityContext: runAsGroup: 2000 runAsNonRoot: true @@ -40,9 +40,9 @@ prometheusOperator: image: registry: quay.io repository: prometheus-operator/prometheus-operator - tag: v0.74.0 + tag: v0.76.1 prometheusConfigReloader: image: registry: quay.io repository: prometheus-operator/prometheus-config-reloader - tag: v0.74.0 + tag: v0.76.1 diff --git a/src/prometheus-stack/zarf.yaml b/src/prometheus-stack/zarf.yaml index ea1e31733..5a3433eeb 100644 --- a/src/prometheus-stack/zarf.yaml +++ b/src/prometheus-stack/zarf.yaml @@ -10,7 +10,7 @@ components: charts: - name: prometheus-operator-crds url: https://prometheus-community.github.io/helm-charts - version: 11.0.0 + version: 14.0.0 namespace: uds-crds valuesFiles: - "values/crd-values.yaml" @@ -27,13 +27,13 @@ components: valuesFiles: - "values/upstream-values.yaml" images: - - "quay.io/prometheus/node-exporter:v1.8.1" - - "quay.io/prometheus-operator/prometheus-operator:v0.74.0" - - "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0" + - "quay.io/prometheus/node-exporter:v1.8.2" + - "quay.io/prometheus-operator/prometheus-operator:v0.76.1" + - "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0" - "quay.io/prometheus/alertmanager:v0.27.0" - - "quay.io/prometheus-operator/prometheus-config-reloader:v0.74.0" - - "quay.io/prometheus/prometheus:v2.52.0" - - "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6" + - "quay.io/prometheus-operator/prometheus-config-reloader:v0.76.1" + - "quay.io/prometheus/prometheus:v2.54.1" + - "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.3" - name: kube-prometheus-stack required: true @@ -47,13 +47,13 @@ components: valuesFiles: - "values/registry1-values.yaml" images: - - "registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.8.1" - - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.74.0" - - "registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.12.0" + - "registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.8.2" + - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.76.1" + - "registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.13.0" - "registry1.dso.mil/ironbank/opensource/prometheus/alertmanager:v0.27.0" - - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.74.0" - - "registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.52.0" - - "registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen:v1.3.0" + - "registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.76.1" + - "registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.54.1" + - "registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen:v1.4.3" - name: kube-prometheus-stack required: true @@ -67,10 +67,10 @@ components: valuesFiles: - "values/unicorn-values.yaml" images: - - "cgr.dev/du-uds-defenseunicorns/prometheus-node-exporter-fips:1.8.1" - - "cgr.dev/du-uds-defenseunicorns/prometheus-operator-fips:0.74.0" - - "cgr.dev/du-uds-defenseunicorns/kube-state-metrics-fips:2.12.0" + - "cgr.dev/du-uds-defenseunicorns/prometheus-node-exporter-fips:1.8.2" + - "cgr.dev/du-uds-defenseunicorns/prometheus-operator-fips:0.76.1" + - "cgr.dev/du-uds-defenseunicorns/kube-state-metrics-fips:2.13.0" - "cgr.dev/du-uds-defenseunicorns/prometheus-alertmanager-fips:0.27.0" - - "cgr.dev/du-uds-defenseunicorns/prometheus-config-reloader-fips:0.74.0" - - "cgr.dev/du-uds-defenseunicorns/prometheus-fips:2.52.0" - - "cgr.dev/du-uds-defenseunicorns/kube-webhook-certgen-fips:1.10.1" + - "cgr.dev/du-uds-defenseunicorns/prometheus-config-reloader-fips:0.76.1" + - "cgr.dev/du-uds-defenseunicorns/prometheus-fips:2.54.1" + - "cgr.dev/du-uds-defenseunicorns/kube-webhook-certgen-fips:1.11.2"