Remove alertmanager pre-install job in favor of Helm annotations

2021-06-30 11:02:17 -07:00 · 2021-06-30 11:02:17 -07:00 · d69ab2578e
parent de94acb762
commit d69ab2578e
4 changed files with 38 additions and 292 deletions
--- a/packages/rancher-monitoring/generated-changes/overlay/templates/alertmanager/cleanupSecret.yaml
+++ b/packages/rancher-monitoring/generated-changes/overlay/templates/alertmanager/cleanupSecret.yaml
@ -1,88 +0,0 @@
-{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) (.Values.alertmanager.secret.cleanupOnUninstall) }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
-  labels:
-{{ include "kube-prometheus-stack.labels" . | indent 4 }}
-    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-    "helm.sh/hook-weight": "5"
-spec:
-  template:
-    metadata:
-      name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-      labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }}
-        app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-    spec:
-      serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-{{- if .Values.alertmanager.secret.securityContext }}
-      securityContext:
-{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }}
-{{- end }}
-      containers:
-        - name: delete-secret
-          image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }}
-          imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }}
-          command:
-          - /bin/sh
-          - -c
-          - >
-            if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then
-              kubectl delete secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
-            fi;
-      restartPolicy: OnFailure
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} 
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-  labels:
-    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-    "helm.sh/hook-weight": "3"
-rules:
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs: ['get', 'delete']
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-  labels:
-    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-    "helm.sh/hook-weight": "3"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-subjects:
- kind: ServiceAccount
-  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
-  labels:
-    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-    "helm.sh/hook-weight": "3"
-{{- end }}
--- a/packages/rancher-monitoring/generated-changes/patch/README.md.patch
+++ b/packages/rancher-monitoring/generated-changes/patch/README.md.patch
@ -1,6 +1,6 @@
 --- charts-original/README.md
 +++ charts/README.md
-@@ -193,7 +193,43 @@
+@@ -193,7 +193,39 @@
 helm show values prometheus-community/kube-prometheus-stack
 ```
 
@ -21,10 +21,6 @@
 +| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` |
 +| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` |
 +| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` |
-+| `alertmanager.secret.cleanupOnUninstall` | Whether or not to trigger a job to clean up the alertmanager config secret to be deleted on a `helm uninstall`. By default, this is disabled to prevent the loss of alerting configuration on an uninstall. | `false` |
-+| `alertmanager.secret.image.pullPolicy` | Image pull policy for job(s) related to alertmanager config secret's lifecycle | `IfNotPresent` |
-+| `alertmanager.secret.image.repository` | Repository to use for job(s) related to alertmanager config secret's lifecycle | `rancher/rancher-agent` |
-+| `alertmanager.secret.image.tag` | Tag to use for job(s) related to alertmanager config secret's lifecycle | `v2.4.8` |
 +
 +The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart.
 +
--- a/packages/rancher-monitoring/generated-changes/patch/templates/alertmanager/secret.yaml.patch
+++ b/packages/rancher-monitoring/generated-changes/patch/templates/alertmanager/secret.yaml.patch
@ -1,164 +1,28 @@
 --- charts-original/templates/alertmanager/secret.yaml
 +++ charts/templates/alertmanager/secret.yaml
-@@ -1,11 +1,19 @@
+@@ -1,11 +1,17 @@
 {{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
-+{{- if .Release.IsInstall }}
+{{/* This file is applied when the operation is helm install and the target secret does not exist. */}}
 +{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }}
-+{{- if (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName) }}
-+{{- required (printf "Cannot overwrite existing secret %s in namespace %s." $secretName (include "kube-prometheus-stack.namespace" .)) "" }}
-+{{- end }}{{- end }}
+{{- if (not (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName)) }}
 apiVersion: v1
 kind: Secret
 metadata:
 -  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
+  name: {{ $secretName }}
   namespace: {{ template "kube-prometheus-stack.namespace" . }}
 -{{- if .Values.alertmanager.secret.annotations }}
   annotations:
-+    "helm.sh/hook": pre-install
-+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
+    "helm.sh/hook": pre-install, pre-upgrade
 +    "helm.sh/hook-weight": "3"
+    "helm.sh/resource-policy": keep
 +{{- if .Values.alertmanager.secret.annotations }}
 {{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
 {{- end }}
   labels:
-@@ -20,4 +28,139 @@
+@@ -20,4 +26,4 @@
 {{- range $key, $val := .Values.alertmanager.templateFiles }}
   {{ $key }}: {{ $val | b64enc | quote }}
 {{- end }}
-+---
-+apiVersion: batch/v1
-+kind: Job
-+metadata:
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
-+  labels:
-+{{ include "kube-prometheus-stack.labels" . | indent 4 }}
-+    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-+  annotations:
-+    "helm.sh/hook": pre-install
-+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-+    "helm.sh/hook-weight": "5"
-+spec:
-+  template:
-+    metadata:
-+      name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+      labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }}
-+        app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-+    spec:
-+      serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+{{- if .Values.alertmanager.secret.securityContext }}
-+      securityContext:
-+{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }}
-+{{- end }}
-+      containers:
-+        - name: copy-pre-install-secret
-+          image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }}
-+          imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }}
-+          command:
-+          - /bin/sh
-+          - -c
-+          - >
-+            if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then
-+              echo "Secret already exists"
-+              exit 1
-+            fi;
-+            kubectl patch secret -n {{ template "kube-prometheus-stack.namespace" . }} --dry-run -o yaml
-+            alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+            -p '{{ printf "{\"metadata\":{\"name\": \"alertmanager-%s-alertmanager\"}}" (include "kube-prometheus-stack.fullname" .) }}'
-+            | kubectl apply -f -;
-+            kubectl annotate secret -n {{ template "kube-prometheus-stack.namespace" . }}
-+            alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
-+            helm.sh/hook- helm.sh/hook-delete-policy- helm.sh/hook-weight-;
-+      restartPolicy: OnFailure
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} 
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-+---
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRole
-+metadata:
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+  labels:
-+    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-+  annotations:
-+    "helm.sh/hook": pre-install
-+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-+    "helm.sh/hook-weight": "3"
-+rules:
-+- apiGroups:
-+  - ""
-+  resources:
-+  - secrets
-+  verbs: ['create', 'get', 'patch']
-+- apiGroups: ['policy']
-+  resources: ['podsecuritypolicies']
-+  verbs:     ['use']
-+  resourceNames:
-+  - alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+---
-+apiVersion: rbac.authorization.k8s.io/v1
-+kind: ClusterRoleBinding
-+metadata:
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+  labels:
-+    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-+  annotations:
-+    "helm.sh/hook": pre-install
-+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-+    "helm.sh/hook-weight": "3"
-+roleRef:
-+  apiGroup: rbac.authorization.k8s.io
-+  kind: ClusterRole
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+subjects:
-+- kind: ServiceAccount
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
-+---
-+apiVersion: v1
-+kind: ServiceAccount
-+metadata:
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
-+  labels:
-+    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-+  annotations:
-+    "helm.sh/hook": pre-install
-+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-+    "helm.sh/hook-weight": "3"
-+---
-+apiVersion: policy/v1beta1
-+kind: PodSecurityPolicy
-+metadata:
-+  name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install
-+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
-+  labels:
-+    app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
-+  annotations:
-+    "helm.sh/hook": pre-install
-+    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
-+    "helm.sh/hook-weight": "3"
-+spec:
-+  privileged: false
-+  allowPrivilegeEscalation: false
-+  hostNetwork: false
-+  hostIPC: false
-+  hostPID: false
-+  runAsUser:
-+    rule: 'MustRunAsNonRoot'
-+  seLinux:
-+    rule: 'RunAsAny'
-+  supplementalGroups:
-+    rule: 'MustRunAs'
-+    ranges:
-+      - min: 1
-+        max: 65535
-+  fsGroup:
-+    rule: 'MustRunAs'
-+    ranges:
-+      - min: 1
-+        max: 65535
-+  readOnlyRootFilesystem: false
-+  volumes:
-+    - 'secret'
- {{- end }}
+-{{- end }}
+{{- end }}{{- end }}
--- a/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch
+++ b/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch
@ -559,33 +559,7 @@
 
   ingress:
     enabled: false
-@@ -243,6 +732,25 @@
-   ## Configuration for Alertmanager secret
-   ##
-   secret:
-+
-+    # Should the Alertmanager Config Secret be cleaned up on an uninstall?
-+    # This is set to false by default to prevent the loss of alerting configuration on an uninstall
-+    # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false
-+    #
-+    cleanupOnUninstall: false
-+
-+    # The image used to manage the Alertmanager Config Secret's lifecycle
-+    # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false
-+    #
-+    image:
-+      repository: rancher/rancher-agent
-+      tag: v2.5.7
-+      pullPolicy: IfNotPresent
-+
-+    securityContext:
-+      runAsNonRoot: true
-+      runAsUser: 1000
-+
-     annotations: {}
- 
-   ## Configuration for creating an Ingress that will map to each Alertmanager replica service
-@@ -395,7 +903,7 @@
+@@ -395,7 +884,7 @@
     ## Image of Alertmanager
     ##
     image:
@ -594,7 +568,7 @@
       tag: v0.22.2
       sha: ""
 
-@@ -507,9 +1015,13 @@
+@@ -507,9 +996,13 @@
     ## Define resources requests and limits for single Pods.
     ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
     ##
@ -611,7 +585,7 @@
 
     ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
     ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
-@@ -613,6 +1125,30 @@
+@@ -613,6 +1106,30 @@
   enabled: true
   namespaceOverride: ""
 
@ -642,7 +616,7 @@
   ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
   ##
   forceDeployDatasources: false
-@@ -625,6 +1161,18 @@
+@@ -625,6 +1142,18 @@
   ##
   defaultDashboardsEnabled: true
 
@ -661,7 +635,7 @@
   adminPassword: prom-operator
 
   ingress:
-@@ -664,6 +1212,7 @@
+@@ -664,6 +1193,7 @@
     dashboards:
       enabled: true
       label: grafana_dashboard
@ -669,7 +643,7 @@
 
       ## Annotations for Grafana dashboard configmaps
       ##
-@@ -716,7 +1265,60 @@
+@@ -716,7 +1246,60 @@
   ## Passed to grafana subchart and used by servicemonitor below
   ##
   service:
@ -731,7 +705,7 @@
 
   ## If true, create a serviceMonitor for grafana
   ##
-@@ -746,6 +1348,14 @@
+@@ -746,6 +1329,14 @@
     #   targetLabel: nodename
     #   replacement: $1
     #   action: replace
@ -746,7 +720,7 @@
 
 ## Component scraping the kube api server
 ##
-@@ -907,7 +1517,7 @@
+@@ -907,7 +1498,7 @@
 ## Component scraping the kube controller manager
 ##
 kubeControllerManager:
@ -755,7 +729,7 @@
 
   ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1054,7 +1664,7 @@
+@@ -1054,7 +1645,7 @@
 ## Component scraping etcd
 ##
 kubeEtcd:
@ -764,7 +738,7 @@
 
   ## If your etcd is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1119,7 +1729,7 @@
+@@ -1119,7 +1710,7 @@
 ## Component scraping kube scheduler
 ##
 kubeScheduler:
@ -773,7 +747,7 @@
 
   ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1177,7 +1787,7 @@
+@@ -1177,7 +1768,7 @@
 ## Component scraping kube proxy
 ##
 kubeProxy:
@ -782,7 +756,7 @@
 
   ## If your kube proxy is not deployed as a pod, specify IPs it can be found on
   ##
-@@ -1266,6 +1876,13 @@
+@@ -1266,6 +1857,13 @@
     create: true
   podSecurityPolicy:
     enabled: true
@ -796,7 +770,7 @@
 
 ## Deploy node exporter as a daemonset to all nodes
 ##
-@@ -1319,6 +1936,16 @@
+@@ -1319,6 +1917,16 @@
   extraArgs:
     - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
     - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
@ -813,7 +787,7 @@
 
 ## Manages Prometheus and Alertmanager components
 ##
-@@ -1331,8 +1958,8 @@
+@@ -1331,8 +1939,8 @@
     enabled: true
     # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
     tlsMinVersion: VersionTLS13
@ -824,7 +798,7 @@
 
   ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
   ## rules from making their way into prometheus and potentially preventing the container from starting
-@@ -1349,7 +1976,7 @@
+@@ -1349,7 +1957,7 @@
     patch:
       enabled: true
       image:
@ -833,7 +807,7 @@
         tag: v1.5.2
         sha: ""
         pullPolicy: IfNotPresent
-@@ -1498,13 +2125,13 @@
+@@ -1498,13 +2106,13 @@
 
   ## Resource limits & requests
   ##
@ -854,7 +828,7 @@
 
   # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
   # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
-@@ -1557,7 +2184,7 @@
+@@ -1557,7 +2165,7 @@
   ## Prometheus-operator image
   ##
   image:
@ -863,7 +837,7 @@
     tag: v0.48.0
     sha: ""
     pullPolicy: IfNotPresent
-@@ -1573,7 +2200,7 @@
+@@ -1573,7 +2181,7 @@
   ## Prometheus-config-reloader image to use for config and rule reloading
   ##
   prometheusConfigReloaderImage:
@ -872,7 +846,7 @@
     tag: v0.48.0
     sha: ""
 
-@@ -1659,7 +2286,7 @@
+@@ -1659,7 +2267,7 @@
     port: 9090
 
     ## To be used with a proxy extraContainer port
@ -881,7 +855,7 @@
 
     ## List of IP addresses at which the Prometheus server service is available
     ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
-@@ -1916,7 +2543,7 @@
+@@ -1916,7 +2524,7 @@
     ## Image of Prometheus.
     ##
     image:
@ -890,7 +864,7 @@
       tag: v2.27.1
       sha: ""
 
-@@ -1979,6 +2606,11 @@
+@@ -1979,6 +2587,11 @@
     ##
     externalUrl: ""
 
@ -902,7 +876,7 @@
     ## Define which Nodes the Pods are scheduled on.
     ## ref: https://kubernetes.io/docs/user-guide/node-selection/
     ##
-@@ -2011,7 +2643,7 @@
+@@ -2011,7 +2624,7 @@
     ## prometheus resource to be created with selectors based on values in the helm deployment,
     ## which will also match the PrometheusRule resources created
     ##
@ -911,7 +885,7 @@
 
     ## PrometheusRules to be selected for target discovery.
     ## If {}, select all PrometheusRules
-@@ -2036,7 +2668,7 @@
+@@ -2036,7 +2649,7 @@
     ## prometheus resource to be created with selectors based on values in the helm deployment,
     ## which will also match the servicemonitors created
     ##
@ -920,7 +894,7 @@
 
     ## ServiceMonitors to be selected for target discovery.
     ## If {}, select all ServiceMonitors
-@@ -2059,7 +2691,7 @@
+@@ -2059,7 +2672,7 @@
     ## prometheus resource to be created with selectors based on values in the helm deployment,
     ## which will also match the podmonitors created
     ##
@ -929,7 +903,7 @@
 
     ## PodMonitors to be selected for target discovery.
     ## If {}, select all PodMonitors
-@@ -2190,9 +2822,13 @@
+@@ -2190,9 +2803,13 @@
 
     ## Resource limits & requests
     ##
@ -946,7 +920,7 @@
 
     ## Prometheus StorageSpec for persistent data
     ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
-@@ -2215,7 +2851,13 @@
+@@ -2215,7 +2832,13 @@
     #    medium: Memory
 
     # Additional volumes on the output StatefulSet definition.
@ -961,7 +935,7 @@
 
     # Additional VolumeMounts on the output StatefulSet definition.
     volumeMounts: []
-@@ -2322,9 +2964,34 @@
+@@ -2322,9 +2945,34 @@
     ##
     thanos: {}
 
@ -997,7 +971,7 @@
 
     ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
     ## (permissions, dir tree) on mounted volumes before starting prometheus
-@@ -2332,7 +2999,7 @@
+@@ -2332,7 +2980,7 @@
 
     ## PortName to use for Prometheus.
     ##