From d69ab2578ebacb18f05eda1efaef537700c410b3 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 30 Jun 2021 11:02:17 -0700 Subject: [PATCH] Remove alertmanager pre-install job in favor of Helm annotations --- .../templates/alertmanager/cleanupSecret.yaml | 88 ---------- .../generated-changes/patch/README.md.patch | 6 +- .../templates/alertmanager/secret.yaml.patch | 154 +----------------- .../generated-changes/patch/values.yaml.patch | 82 ++++------ 4 files changed, 38 insertions(+), 292 deletions(-) delete mode 100644 packages/rancher-monitoring/generated-changes/overlay/templates/alertmanager/cleanupSecret.yaml diff --git a/packages/rancher-monitoring/generated-changes/overlay/templates/alertmanager/cleanupSecret.yaml b/packages/rancher-monitoring/generated-changes/overlay/templates/alertmanager/cleanupSecret.yaml deleted file mode 100644 index 908955697..000000000 --- a/packages/rancher-monitoring/generated-changes/overlay/templates/alertmanager/cleanupSecret.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) (.Values.alertmanager.secret.cleanupOnUninstall) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded, hook-failed - "helm.sh/hook-weight": "5" -spec: - template: - metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete - labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }} - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - spec: - serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete -{{- if .Values.alertmanager.secret.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }} -{{- end }} - containers: - - name: delete-secret - image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }} - imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }} - command: - - /bin/sh - - -c - - > - if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then - kubectl delete secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager - fi; - restartPolicy: OnFailure - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded, hook-failed - "helm.sh/hook-weight": "3" -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: ['get', 'delete'] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded, hook-failed - "helm.sh/hook-weight": "3" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete -subjects: -- kind: ServiceAccount - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete - namespace: {{ template "kube-prometheus-stack.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-delete-policy": hook-succeeded, hook-failed - "helm.sh/hook-weight": "3" -{{- end }} \ No newline at end of file diff --git a/packages/rancher-monitoring/generated-changes/patch/README.md.patch b/packages/rancher-monitoring/generated-changes/patch/README.md.patch index aa173fe84..927bd6ed9 100644 --- a/packages/rancher-monitoring/generated-changes/patch/README.md.patch +++ b/packages/rancher-monitoring/generated-changes/patch/README.md.patch @@ -1,6 +1,6 @@ --- charts-original/README.md +++ charts/README.md -@@ -193,7 +193,43 @@ +@@ -193,7 +193,39 @@ helm show values prometheus-community/kube-prometheus-stack ``` @@ -21,10 +21,6 @@ +| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` | +| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` | +| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` | -+| `alertmanager.secret.cleanupOnUninstall` | Whether or not to trigger a job to clean up the alertmanager config secret to be deleted on a `helm uninstall`. By default, this is disabled to prevent the loss of alerting configuration on an uninstall. | `false` | -+| `alertmanager.secret.image.pullPolicy` | Image pull policy for job(s) related to alertmanager config secret's lifecycle | `IfNotPresent` | -+| `alertmanager.secret.image.repository` | Repository to use for job(s) related to alertmanager config secret's lifecycle | `rancher/rancher-agent` | -+| `alertmanager.secret.image.tag` | Tag to use for job(s) related to alertmanager config secret's lifecycle | `v2.4.8` | + +The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart. + diff --git a/packages/rancher-monitoring/generated-changes/patch/templates/alertmanager/secret.yaml.patch b/packages/rancher-monitoring/generated-changes/patch/templates/alertmanager/secret.yaml.patch index ae7df7d5f..bc412ea90 100644 --- a/packages/rancher-monitoring/generated-changes/patch/templates/alertmanager/secret.yaml.patch +++ b/packages/rancher-monitoring/generated-changes/patch/templates/alertmanager/secret.yaml.patch @@ -1,164 +1,28 @@ --- charts-original/templates/alertmanager/secret.yaml +++ charts/templates/alertmanager/secret.yaml -@@ -1,11 +1,19 @@ +@@ -1,11 +1,17 @@ {{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} -+{{- if .Release.IsInstall }} ++{{/* This file is applied when the operation is helm install and the target secret does not exist. */}} +{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }} -+{{- if (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName) }} -+{{- required (printf "Cannot overwrite existing secret %s in namespace %s." $secretName (include "kube-prometheus-stack.namespace" .)) "" }} -+{{- end }}{{- end }} ++{{- if (not (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName)) }} apiVersion: v1 kind: Secret metadata: - name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install ++ name: {{ $secretName }} namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.alertmanager.secret.annotations }} annotations: -+ "helm.sh/hook": pre-install -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed ++ "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" ++ "helm.sh/resource-policy": keep +{{- if .Values.alertmanager.secret.annotations }} {{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} {{- end }} labels: -@@ -20,4 +28,139 @@ +@@ -20,4 +26,4 @@ {{- range $key, $val := .Values.alertmanager.templateFiles }} {{ $key }}: {{ $val | b64enc | quote }} {{- end }} -+--- -+apiVersion: batch/v1 -+kind: Job -+metadata: -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ namespace: {{ template "kube-prometheus-stack.namespace" . }} -+ labels: -+{{ include "kube-prometheus-stack.labels" . | indent 4 }} -+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -+ annotations: -+ "helm.sh/hook": pre-install -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+ "helm.sh/hook-weight": "5" -+spec: -+ template: -+ metadata: -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }} -+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -+ spec: -+ serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+{{- if .Values.alertmanager.secret.securityContext }} -+ securityContext: -+{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }} -+{{- end }} -+ containers: -+ - name: copy-pre-install-secret -+ image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }} -+ imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }} -+ command: -+ - /bin/sh -+ - -c -+ - > -+ if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then -+ echo "Secret already exists" -+ exit 1 -+ fi; -+ kubectl patch secret -n {{ template "kube-prometheus-stack.namespace" . }} --dry-run -o yaml -+ alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ -p '{{ printf "{\"metadata\":{\"name\": \"alertmanager-%s-alertmanager\"}}" (include "kube-prometheus-stack.fullname" .) }}' -+ | kubectl apply -f -; -+ kubectl annotate secret -n {{ template "kube-prometheus-stack.namespace" . }} -+ alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager -+ helm.sh/hook- helm.sh/hook-delete-policy- helm.sh/hook-weight-; -+ restartPolicy: OnFailure -+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -+--- -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRole -+metadata: -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ labels: -+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -+ annotations: -+ "helm.sh/hook": pre-install -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+ "helm.sh/hook-weight": "3" -+rules: -+- apiGroups: -+ - "" -+ resources: -+ - secrets -+ verbs: ['create', 'get', 'patch'] -+- apiGroups: ['policy'] -+ resources: ['podsecuritypolicies'] -+ verbs: ['use'] -+ resourceNames: -+ - alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+--- -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRoleBinding -+metadata: -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ labels: -+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -+ annotations: -+ "helm.sh/hook": pre-install -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+ "helm.sh/hook-weight": "3" -+roleRef: -+ apiGroup: rbac.authorization.k8s.io -+ kind: ClusterRole -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+subjects: -+- kind: ServiceAccount -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ namespace: {{ template "kube-prometheus-stack.namespace" . }} -+--- -+apiVersion: v1 -+kind: ServiceAccount -+metadata: -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ namespace: {{ template "kube-prometheus-stack.namespace" . }} -+ labels: -+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -+ annotations: -+ "helm.sh/hook": pre-install -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+ "helm.sh/hook-weight": "3" -+--- -+apiVersion: policy/v1beta1 -+kind: PodSecurityPolicy -+metadata: -+ name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install -+ namespace: {{ template "kube-prometheus-stack.namespace" . }} -+ labels: -+ app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -+ annotations: -+ "helm.sh/hook": pre-install -+ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed -+ "helm.sh/hook-weight": "3" -+spec: -+ privileged: false -+ allowPrivilegeEscalation: false -+ hostNetwork: false -+ hostIPC: false -+ hostPID: false -+ runAsUser: -+ rule: 'MustRunAsNonRoot' -+ seLinux: -+ rule: 'RunAsAny' -+ supplementalGroups: -+ rule: 'MustRunAs' -+ ranges: -+ - min: 1 -+ max: 65535 -+ fsGroup: -+ rule: 'MustRunAs' -+ ranges: -+ - min: 1 -+ max: 65535 -+ readOnlyRootFilesystem: false -+ volumes: -+ - 'secret' - {{- end }} +-{{- end }} ++{{- end }}{{- end }} diff --git a/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch b/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch index d4d3b0873..5c28ade2a 100644 --- a/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch +++ b/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch @@ -559,33 +559,7 @@ ingress: enabled: false -@@ -243,6 +732,25 @@ - ## Configuration for Alertmanager secret - ## - secret: -+ -+ # Should the Alertmanager Config Secret be cleaned up on an uninstall? -+ # This is set to false by default to prevent the loss of alerting configuration on an uninstall -+ # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false -+ # -+ cleanupOnUninstall: false -+ -+ # The image used to manage the Alertmanager Config Secret's lifecycle -+ # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false -+ # -+ image: -+ repository: rancher/rancher-agent -+ tag: v2.5.7 -+ pullPolicy: IfNotPresent -+ -+ securityContext: -+ runAsNonRoot: true -+ runAsUser: 1000 -+ - annotations: {} - - ## Configuration for creating an Ingress that will map to each Alertmanager replica service -@@ -395,7 +903,7 @@ +@@ -395,7 +884,7 @@ ## Image of Alertmanager ## image: @@ -594,7 +568,7 @@ tag: v0.22.2 sha: "" -@@ -507,9 +1015,13 @@ +@@ -507,9 +996,13 @@ ## Define resources requests and limits for single Pods. ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @@ -611,7 +585,7 @@ ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. -@@ -613,6 +1125,30 @@ +@@ -613,6 +1106,30 @@ enabled: true namespaceOverride: "" @@ -642,7 +616,7 @@ ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled ## forceDeployDatasources: false -@@ -625,6 +1161,18 @@ +@@ -625,6 +1142,18 @@ ## defaultDashboardsEnabled: true @@ -661,7 +635,7 @@ adminPassword: prom-operator ingress: -@@ -664,6 +1212,7 @@ +@@ -664,6 +1193,7 @@ dashboards: enabled: true label: grafana_dashboard @@ -669,7 +643,7 @@ ## Annotations for Grafana dashboard configmaps ## -@@ -716,7 +1265,60 @@ +@@ -716,7 +1246,60 @@ ## Passed to grafana subchart and used by servicemonitor below ## service: @@ -731,7 +705,7 @@ ## If true, create a serviceMonitor for grafana ## -@@ -746,6 +1348,14 @@ +@@ -746,6 +1329,14 @@ # targetLabel: nodename # replacement: $1 # action: replace @@ -746,7 +720,7 @@ ## Component scraping the kube api server ## -@@ -907,7 +1517,7 @@ +@@ -907,7 +1498,7 @@ ## Component scraping the kube controller manager ## kubeControllerManager: @@ -755,7 +729,7 @@ ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on ## -@@ -1054,7 +1664,7 @@ +@@ -1054,7 +1645,7 @@ ## Component scraping etcd ## kubeEtcd: @@ -764,7 +738,7 @@ ## If your etcd is not deployed as a pod, specify IPs it can be found on ## -@@ -1119,7 +1729,7 @@ +@@ -1119,7 +1710,7 @@ ## Component scraping kube scheduler ## kubeScheduler: @@ -773,7 +747,7 @@ ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on ## -@@ -1177,7 +1787,7 @@ +@@ -1177,7 +1768,7 @@ ## Component scraping kube proxy ## kubeProxy: @@ -782,7 +756,7 @@ ## If your kube proxy is not deployed as a pod, specify IPs it can be found on ## -@@ -1266,6 +1876,13 @@ +@@ -1266,6 +1857,13 @@ create: true podSecurityPolicy: enabled: true @@ -796,7 +770,7 @@ ## Deploy node exporter as a daemonset to all nodes ## -@@ -1319,6 +1936,16 @@ +@@ -1319,6 +1917,16 @@ extraArgs: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ @@ -813,7 +787,7 @@ ## Manages Prometheus and Alertmanager components ## -@@ -1331,8 +1958,8 @@ +@@ -1331,8 +1939,8 @@ enabled: true # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants tlsMinVersion: VersionTLS13 @@ -824,7 +798,7 @@ ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted ## rules from making their way into prometheus and potentially preventing the container from starting -@@ -1349,7 +1976,7 @@ +@@ -1349,7 +1957,7 @@ patch: enabled: true image: @@ -833,7 +807,7 @@ tag: v1.5.2 sha: "" pullPolicy: IfNotPresent -@@ -1498,13 +2125,13 @@ +@@ -1498,13 +2106,13 @@ ## Resource limits & requests ## @@ -854,7 +828,7 @@ # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working -@@ -1557,7 +2184,7 @@ +@@ -1557,7 +2165,7 @@ ## Prometheus-operator image ## image: @@ -863,7 +837,7 @@ tag: v0.48.0 sha: "" pullPolicy: IfNotPresent -@@ -1573,7 +2200,7 @@ +@@ -1573,7 +2181,7 @@ ## Prometheus-config-reloader image to use for config and rule reloading ## prometheusConfigReloaderImage: @@ -872,7 +846,7 @@ tag: v0.48.0 sha: "" -@@ -1659,7 +2286,7 @@ +@@ -1659,7 +2267,7 @@ port: 9090 ## To be used with a proxy extraContainer port @@ -881,7 +855,7 @@ ## List of IP addresses at which the Prometheus server service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips -@@ -1916,7 +2543,7 @@ +@@ -1916,7 +2524,7 @@ ## Image of Prometheus. ## image: @@ -890,7 +864,7 @@ tag: v2.27.1 sha: "" -@@ -1979,6 +2606,11 @@ +@@ -1979,6 +2587,11 @@ ## externalUrl: "" @@ -902,7 +876,7 @@ ## Define which Nodes the Pods are scheduled on. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## -@@ -2011,7 +2643,7 @@ +@@ -2011,7 +2624,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the PrometheusRule resources created ## @@ -911,7 +885,7 @@ ## PrometheusRules to be selected for target discovery. ## If {}, select all PrometheusRules -@@ -2036,7 +2668,7 @@ +@@ -2036,7 +2649,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the servicemonitors created ## @@ -920,7 +894,7 @@ ## ServiceMonitors to be selected for target discovery. ## If {}, select all ServiceMonitors -@@ -2059,7 +2691,7 @@ +@@ -2059,7 +2672,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the podmonitors created ## @@ -929,7 +903,7 @@ ## PodMonitors to be selected for target discovery. ## If {}, select all PodMonitors -@@ -2190,9 +2822,13 @@ +@@ -2190,9 +2803,13 @@ ## Resource limits & requests ## @@ -946,7 +920,7 @@ ## Prometheus StorageSpec for persistent data ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md -@@ -2215,7 +2851,13 @@ +@@ -2215,7 +2832,13 @@ # medium: Memory # Additional volumes on the output StatefulSet definition. @@ -961,7 +935,7 @@ # Additional VolumeMounts on the output StatefulSet definition. volumeMounts: [] -@@ -2322,9 +2964,34 @@ +@@ -2322,9 +2945,34 @@ ## thanos: {} @@ -997,7 +971,7 @@ ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes ## (permissions, dir tree) on mounted volumes before starting prometheus -@@ -2332,7 +2999,7 @@ +@@ -2332,7 +2980,7 @@ ## PortName to use for Prometheus. ##