[rancher-monitoring] Replace .Values.global.rbac.pspEnabled with .Values.global.cattle.psp.enabled and bump major version

2023-01-27 16:58:29 -08:00 · 2023-01-27 16:58:29 -08:00 · 955ac68c66
parent b465411a62
commit 955ac68c66
16 changed files with 116 additions and 81 deletions
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/overlay/templates/rancher-monitoring/hardened.yaml
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/overlay/templates/rancher-monitoring/hardened.yaml
@ -47,7 +47,7 @@ rules:
  resources:
  - serviceaccounts
  verbs: ['get', 'patch']
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+{{- if .Values.global.cattle.psp.enabled }}
 - apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
@ -78,7 +78,7 @@ metadata:
  labels:
    app: {{ .Chart.Name }}-patch-sa
 ---
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+{{- if .Values.global.cattle.psp.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/overlay/templates/rancher-monitoring/upgrade/rbac.yaml
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/overlay/templates/rancher-monitoring/upgrade/rbac.yaml
@ -52,7 +52,7 @@ metadata:
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
    "helm.sh/hook-weight": "1"
 rules:
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+{{- if .Values.global.cattle.psp.enabled }}
 - apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
@ -91,7 +91,7 @@ metadata:
    "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed
    "helm.sh/hook-weight": "1"
 ---
-{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+{{- if .Values.global.cattle.psp.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/alertmanager/psp-role.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/alertmanager/psp-role.yaml.patch
@ -0,0 +1,8 @@
 --- charts-original/templates/alertmanager/psp-role.yaml
 +++ charts/templates/alertmanager/psp-role.yaml
@@ -1,4 +1,4 @@
 -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
 +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/alertmanager/psp-rolebinding.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/alertmanager/psp-rolebinding.yaml.patch
@ -0,0 +1,8 @@
 --- charts-original/templates/alertmanager/psp-rolebinding.yaml
 +++ charts/templates/alertmanager/psp-rolebinding.yaml
@@ -1,4 +1,4 @@
 -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
 +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/alertmanager/psp.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/alertmanager/psp.yaml.patch
@ -1,14 +1,13 @@
 --- charts-original/templates/alertmanager/psp.yaml
 +++ charts/templates/alertmanager/psp.yaml
-@@ -1,3 +1,4 @@
+@@ -1,4 +1,4 @@
-+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+-{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
- {{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
-@@ -43,4 +44,4 @@
+ metadata:
@@ -43,4 +43,3 @@
         max: 65535
   readOnlyRootFilesystem: false
 {{- end }}
 -
 +{{- end }}
 \ No newline at end of file
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml.patch
@ -0,0 +1,11 @@
 --- charts-original/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml
 +++ charts/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml
@@ -18,7 +18,7 @@
     verbs:
       - get
       - update
 -{{- if .Values.global.rbac.pspEnabled }}
 +{{- if .Values.global.cattle.psp.enabled }}
 {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
 {{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
   - apiGroups: ['policy']
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml.patch
@ -1,15 +1,8 @@
 --- charts-original/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml
 +++ charts/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml
-@@ -1,3 +1,4 @@
+@@ -1,4 +1,4 @@
-+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+-{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
- {{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
+{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
-@@ -44,4 +45,5 @@
+ metadata:
       - min: 0
         max: 65535
   readOnlyRootFilesystem: false
 -{{- end }}
 +{{- end }}
 +{{- end }}
 \ No newline at end of file
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/psp-clusterrole.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/psp-clusterrole.yaml.patch
@ -0,0 +1,8 @@
 --- charts-original/templates/prometheus-operator/psp-clusterrole.yaml
 +++ charts/templates/prometheus-operator/psp-clusterrole.yaml
@@ -1,4 +1,4 @@
 -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
 +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/psp-clusterrolebinding.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/psp-clusterrolebinding.yaml.patch
@ -0,0 +1,8 @@
 --- charts-original/templates/prometheus-operator/psp-clusterrolebinding.yaml
 +++ charts/templates/prometheus-operator/psp-clusterrolebinding.yaml
@@ -1,4 +1,4 @@
 -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
 +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/psp.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus-operator/psp.yaml.patch
@ -1,15 +1,8 @@
 --- charts-original/templates/prometheus-operator/psp.yaml
 +++ charts/templates/prometheus-operator/psp.yaml
-@@ -1,3 +1,4 @@
+@@ -1,4 +1,4 @@
-+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+-{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
- {{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
-@@ -42,4 +43,5 @@
+ metadata:
       - min: 0
         max: 65535
   readOnlyRootFilesystem: false
 -{{- end }}
 +{{- end }}
 +{{- end }}
 \ No newline at end of file
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus/psp-clusterrole.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus/psp-clusterrole.yaml.patch
@ -0,0 +1,8 @@
 --- charts-original/templates/prometheus/psp-clusterrole.yaml
 +++ charts/templates/prometheus/psp-clusterrole.yaml
@@ -1,4 +1,4 @@
 -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
 +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus/psp-clusterrolebinding.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus/psp-clusterrolebinding.yaml.patch
@ -0,0 +1,8 @@
 --- charts-original/templates/prometheus/psp-clusterrolebinding.yaml
 +++ charts/templates/prometheus/psp-clusterrolebinding.yaml
@@ -1,4 +1,4 @@
 -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
 +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus/psp.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/templates/prometheus/psp.yaml.patch
@ -1,16 +1,8 @@
 --- charts-original/templates/prometheus/psp.yaml
 +++ charts/templates/prometheus/psp.yaml
-@@ -1,3 +1,4 @@
+@@ -1,4 +1,4 @@
-+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+-{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
- {{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
-@@ -52,5 +53,6 @@
+ metadata:
 {{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }}
   allowedHostPaths:
 {{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }}
 +{{- end }}
 {{- end }}
 -{{- end }}
 +{{- end }}
 \ No newline at end of file
--- a/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/values.yaml.patch
+++ b/packages/rancher-monitoring/rancher-monitoring/generated-changes/patch/values.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/values.yaml
 +++ charts/values.yaml
-@@ -2,13 +2,632 @@
+@@ -2,13 +2,630 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
@ -15,8 +15,6 @@
 +    # Change this if you change the namespaceOverride or nameOverride of prometheus-operator
 +    url: http://rancher-monitoring-prometheus.cattle-monitoring-system.svc
 +    port: 9090
 +  psp:
 +    create: true
 +
 +## RKE PushProx Monitoring
 +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox
@ -635,11 +633,13 @@
 ## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6
 ##
-@@ -104,13 +723,35 @@
+@@ -104,13 +721,36 @@
 ##
 global:
 +  cattle:
 +    psp:
 +      enabled: false
 +    systemDefaultRegistry: ""
 +    ## Windows Monitoring
 +    ## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-windows-exporter
@ -671,11 +671,10 @@
 +      ## Aggregate default user ClusterRoles into default k8s ClusterRoles
 +      aggregateToDefaultRoles: true
 +
 +    pspEnabled: true
     pspAnnotations: {}
       ## Specify pod annotations
       ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
-@@ -225,26 +866,78 @@
+@@ -225,26 +865,78 @@
   ## ref: https://prometheus.io/docs/alerting/notifications/
   ##      https://prometheus.io/docs/alerting/notification_examples/
   ##
@ -773,7 +772,7 @@
   ingress:
     enabled: false
-@@ -452,7 +1145,7 @@
+@@ -452,7 +1144,7 @@
     ## Image of Alertmanager
     ##
     image:
@ -782,7 +781,7 @@
       tag: v0.24.0
       sha: ""
-@@ -575,9 +1268,13 @@
+@@ -575,9 +1267,13 @@
     ## Define resources requests and limits for single Pods.
     ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
     ##
@ -799,7 +798,7 @@
     ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
     ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
-@@ -707,6 +1404,30 @@
+@@ -707,6 +1403,30 @@
   enabled: true
   namespaceOverride: ""
@ -830,7 +829,7 @@
   ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
   ##
   forceDeployDatasources: false
-@@ -719,6 +1440,18 @@
+@@ -719,6 +1439,18 @@
   ##
   defaultDashboardsEnabled: true
@ -849,7 +848,7 @@
   ## Timezone for the default dashboards
   ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg
   ##
-@@ -726,11 +1459,6 @@
+@@ -726,11 +1458,6 @@
   adminPassword: prom-operator
@ -861,7 +860,7 @@
   ingress:
     ## If true, Grafana Ingress will be created
     ##
-@@ -773,6 +1501,7 @@
+@@ -773,6 +1500,7 @@
     dashboards:
       enabled: true
       label: grafana_dashboard
@ -869,7 +868,7 @@
       labelValue: "1"
       ## Annotations for Grafana dashboard configmaps
-@@ -845,8 +1574,63 @@
+@@ -845,8 +1573,63 @@
   ## Passed to grafana subchart and used by servicemonitor below
   ##
   service:
@ -934,7 +933,7 @@
   serviceMonitor:
     # If true, a ServiceMonitor CRD is created for a prometheus operator
     # https://github.com/coreos/prometheus-operator
-@@ -880,6 +1664,17 @@
+@@ -880,6 +1663,17 @@
     #   replacement: $1
     #   action: replace
@ -952,7 +951,7 @@
 ## Component scraping the kube api server
 ##
 kubeApiServer:
-@@ -1099,7 +1894,7 @@
+@@ -1099,7 +1893,7 @@
 ## Component scraping the kube controller manager
 ##
 kubeControllerManager:
@ -961,7 +960,7 @@
   ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1276,7 +2071,7 @@
+@@ -1276,7 +2070,7 @@
 ## Component scraping etcd
 ##
 kubeEtcd:
@ -970,7 +969,7 @@
   ## If your etcd is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1347,7 +2142,7 @@
+@@ -1347,7 +2141,7 @@
 ## Component scraping kube scheduler
 ##
 kubeScheduler:
@ -979,7 +978,7 @@
   ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1415,7 +2210,7 @@
+@@ -1415,7 +2209,7 @@
 ## Component scraping kube proxy
 ##
 kubeProxy:
@ -988,7 +987,7 @@
   ## If your kube proxy is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1578,10 +2373,6 @@
+@@ -1578,10 +2372,6 @@
       #   targetLabel: nodename
       #   replacement: $1
       #   action: replace
@ -999,7 +998,7 @@
 ## Manages Prometheus and Alertmanager components
 ##
-@@ -1594,8 +2385,8 @@
+@@ -1594,8 +2384,8 @@
     enabled: true
     # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
     tlsMinVersion: VersionTLS13
@ -1010,7 +1009,7 @@
   ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
   ## rules from making their way into prometheus and potentially preventing the container from starting
-@@ -1614,7 +2405,7 @@
+@@ -1614,7 +2404,7 @@
     patch:
       enabled: true
       image:
@ -1019,7 +1018,7 @@
         tag: v1.3.0
         sha: ""
         pullPolicy: IfNotPresent
-@@ -1787,13 +2578,13 @@
+@@ -1787,13 +2577,13 @@
   ## Resource limits & requests
   ##
@ -1040,7 +1039,7 @@
   # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
   # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
-@@ -1853,7 +2644,7 @@
+@@ -1853,7 +2643,7 @@
   ## Prometheus-operator image
   ##
   image:
@ -1049,7 +1048,7 @@
     tag: v0.59.1
     sha: ""
     pullPolicy: IfNotPresent
-@@ -1870,7 +2661,7 @@
+@@ -1870,7 +2660,7 @@
   ##
   prometheusConfigReloader:
     image:
@ -1058,7 +1057,7 @@
       tag: v0.59.1
       sha: ""
-@@ -1886,7 +2677,7 @@
+@@ -1886,7 +2676,7 @@
   ## Thanos side-car image when configured
   ##
   thanosImage:
@ -1067,7 +1066,7 @@
     tag: v0.28.0
     sha: ""
-@@ -2014,7 +2805,7 @@
+@@ -2014,7 +2804,7 @@
     port: 9090
     ## To be used with a proxy extraContainer port
@ -1076,7 +1075,7 @@
     ## List of IP addresses at which the Prometheus server service is available
     ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
-@@ -2319,7 +3110,7 @@
+@@ -2319,7 +3109,7 @@
     ## Image of Prometheus.
     ##
     image:
@ -1085,7 +1084,7 @@
       tag: v2.38.0
       sha: ""
-@@ -2418,7 +3209,7 @@
+@@ -2418,7 +3208,7 @@
     ## prometheus resource to be created with selectors based on values in the helm deployment,
     ## which will also match the PrometheusRule resources created
     ##
@ -1094,7 +1093,7 @@
     ## PrometheusRules to be selected for target discovery.
     ## If {}, select all PrometheusRules
-@@ -2443,7 +3234,7 @@
+@@ -2443,7 +3233,7 @@
     ## prometheus resource to be created with selectors based on values in the helm deployment,
     ## which will also match the servicemonitors created
     ##
@ -1103,7 +1102,7 @@
     ## ServiceMonitors to be selected for target discovery.
     ## If {}, select all ServiceMonitors
-@@ -2466,7 +3257,7 @@
+@@ -2466,7 +3256,7 @@
     ## prometheus resource to be created with selectors based on values in the helm deployment,
     ## which will also match the podmonitors created
     ##
@ -1112,7 +1111,7 @@
     ## PodMonitors to be selected for target discovery.
     ## If {}, select all PodMonitors
-@@ -2597,9 +3388,13 @@
+@@ -2597,9 +3387,13 @@
     ## Resource limits & requests
     ##
@ -1129,7 +1128,7 @@
     ## Prometheus StorageSpec for persistent data
     ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md
-@@ -2622,7 +3417,13 @@
+@@ -2622,7 +3416,13 @@
     #    medium: Memory
     # Additional volumes on the output StatefulSet definition.
@ -1144,7 +1143,7 @@
     # Additional VolumeMounts on the output StatefulSet definition.
     volumeMounts: []
-@@ -2768,21 +3569,34 @@
+@@ -2768,21 +3568,34 @@
       #         fileName: "objstore.yaml"
       # objectStorageConfigFile: /var/secrets/object-store.yaml
@ -1192,7 +1191,7 @@
     ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
     ## (permissions, dir tree) on mounted volumes before starting prometheus
-@@ -3154,7 +3968,7 @@
+@@ -3154,7 +3967,7 @@
     ## Image of ThanosRuler
     ##
     image:
--- a/packages/rancher-monitoring/rancher-monitoring/package.yaml
+++ b/packages/rancher-monitoring/rancher-monitoring/package.yaml
@ -1,7 +1,7 @@
 url: https://github.com/prometheus-community/helm-charts.git
 subdirectory: charts/kube-prometheus-stack
 commit: f0e1cb7c070f556146c2833dbd132f7a321ffa45
-version: 101.1.0
+version: 102.0.0
 additionalCharts:
  - workingDir: charts-crd
    crdOptions:
--- a/release.yaml
+++ b/release.yaml
@ -60,10 +60,10 @@ rancher-logging-crd:
 - 102.0.0+up3.17.10
 rancher-monitoring:
 - 100.2.0+up40.1.2
- 101.1.0+up40.1.2
+- 102.0.0+up40.1.2
 rancher-monitoring-crd:
 - 100.2.0+up40.1.2
- 101.1.0+up40.1.2
+- 102.0.0+up40.1.2
 rancher-project-monitoring:
 - 1.1.0+up0.2.0-rc1
 rancher-pushprox: