diff --git a/packages/backup-restore-operator/charts/Chart.yaml b/packages/backup-restore-operator/charts/Chart.yaml index 44fd155de..d2e5a5461 100644 --- a/packages/backup-restore-operator/charts/Chart.yaml +++ b/packages/backup-restore-operator/charts/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v0.0.1-rc12 +appVersion: v0.0.1-rc13 description: Backup-restore-operator can be used to backup kubernetes cluster metadata for certain applications and restore from it name: backup-restore-operator diff --git a/packages/backup-restore-operator/charts/templates/rancher-resourceset.yaml b/packages/backup-restore-operator/charts/templates/rancher-resourceset.yaml index d68815ec2..318ca1f2d 100644 --- a/packages/backup-restore-operator/charts/templates/rancher-resourceset.yaml +++ b/packages/backup-restore-operator/charts/templates/rancher-resourceset.yaml @@ -11,6 +11,10 @@ resourceSelectors: - apiVersion: "v1" kindsRegexp: "^Secret$|^serviceaccounts$" namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" - apiVersion: "rbac.authorization.k8s.io/v1" kindsRegexp: "^roles$|^rolebindings$" namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" @@ -32,7 +36,7 @@ resourceSelectors: - apiVersion: "project.cattle.io/v3" kindsRegexp: "." - apiVersion: "catalog.cattle.io/v1" - kindsRegexp: "." + kindsRegexp: "^clusterrepos$" - apiVersion: "resources.cattle.io/v1" kindsRegexp: "^ResourceSet$" - apiVersion: "eks.cattle.io/v1" diff --git a/packages/backup-restore-operator/charts/values.yaml b/packages/backup-restore-operator/charts/values.yaml index bf8ec398b..dd9c21d0d 100644 --- a/packages/backup-restore-operator/charts/values.yaml +++ b/packages/backup-restore-operator/charts/values.yaml @@ -1,6 +1,6 @@ image: repository: rancher/backup-restore-operator - tag: v0.0.1-rc12 + tag: v0.0.1-rc13 ## Default s3 bucket for storing all backup files created by the backup-restore-operator s3: diff --git a/packages/fleet-agent/package.yaml b/packages/fleet-agent/package.yaml index 598718ea5..68512ba1a 100644 --- a/packages/fleet-agent/package.yaml +++ b/packages/fleet-agent/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/fleet/releases/download/v0.3.0-beta1/fleet-agent-0.3.0-beta1.tgz +url: https://github.com/rancher/fleet/releases/download/v0.3.0-beta2/fleet-agent-0.3.0-beta2.tgz packageVersion: 00 diff --git a/packages/fleet-crd/package.yaml b/packages/fleet-crd/package.yaml index 33d32164a..99bc24e8b 100644 --- a/packages/fleet-crd/package.yaml +++ b/packages/fleet-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/fleet/releases/download/v0.3.0-beta1/fleet-crd-0.3.0-beta1.tgz +url: https://github.com/rancher/fleet/releases/download/v0.3.0-beta2/fleet-crd-0.3.0-beta2.tgz packageVersion: 00 diff --git a/packages/fleet/package.yaml b/packages/fleet/package.yaml index a8d3a6275..5c29069fa 100644 --- a/packages/fleet/package.yaml +++ b/packages/fleet/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/fleet/releases/download/v0.3.0-beta1/fleet-0.3.0-beta1.tgz +url: https://github.com/rancher/fleet/releases/download/v0.3.0-beta2/fleet-0.3.0-beta2.tgz packageVersion: 00 diff --git a/packages/rancher-istio/charts/templates/istio-install-job.yaml b/packages/rancher-istio/charts/templates/istio-install-job.yaml index 24604673e..0e9c732e1 100644 --- a/packages/rancher-istio/charts/templates/istio-install-job.yaml +++ b/packages/rancher-istio/charts/templates/istio-install-job.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: istioctl-installer - image: rancher/istio-installer:{{ .Values.installerVersion }} + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} env: - name: RELEASE_NAME value: {{ .Release.Name }} diff --git a/packages/rancher-istio/charts/templates/istio-uninstall-job.yaml b/packages/rancher-istio/charts/templates/istio-uninstall-job.yaml index 937722a04..b5946e55f 100644 --- a/packages/rancher-istio/charts/templates/istio-uninstall-job.yaml +++ b/packages/rancher-istio/charts/templates/istio-uninstall-job.yaml @@ -12,7 +12,7 @@ spec: spec: containers: - name: istioctl-uninstaller - image: rancher/istio-installer:{{ .Values.installerVersion }} + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} env: - name: RELEASE_NAME value: {{ .Release.Name }} diff --git a/packages/rancher-istio/charts/values.yaml b/packages/rancher-istio/charts/values.yaml index a7f1be8fa..90e467be3 100644 --- a/packages/rancher-istio/charts/values.yaml +++ b/packages/rancher-istio/charts/values.yaml @@ -1,8 +1,11 @@ overlayFile: "" tag: 1.7.1 -installerVersion: 1.7.1-rancher1 forceInstall: false +installer: + repository: rancher/istio-installer + tag: 1.7.1-rancher1 + istiocoredns: enabled: false image: diff --git a/packages/rancher-logging/overlay/templates/loggings/eks/logging.yaml b/packages/rancher-logging/overlay/templates/loggings/eks/logging.yaml index 90031ebe7..a0b7f8004 100644 --- a/packages/rancher-logging/overlay/templates/loggings/eks/logging.yaml +++ b/packages/rancher-logging/overlay/templates/loggings/eks/logging.yaml @@ -9,9 +9,15 @@ metadata: spec: controlNamespace: {{ .Release.Namespace }} fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} inputTail: Tag: "eks" Path: "/var/log/messages" Parser: "syslog" - fluentd: {} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} {{- end }} diff --git a/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml b/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml index 88268c7e5..3455a0a93 100644 --- a/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml +++ b/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -9,6 +9,9 @@ metadata: spec: controlNamespace: {{ .Release.Namespace }} fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} inputTail: Tag: "k3s" Path: "/var/log/k3s.log" @@ -16,5 +19,8 @@ spec: - source: "/var/log/" destination: "/var/log" readOnly: true - fluentd: {} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} {{- end }} diff --git a/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml b/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml index 69a9a9387..e986680fe 100644 --- a/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml +++ b/packages/rancher-logging/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -9,6 +9,9 @@ metadata: spec: controlNamespace: {{ .Release.Namespace }} fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} inputTail: Tag: "k3s" Path: "/var/log/syslog" @@ -16,5 +19,8 @@ spec: - source: "/var/log/" destination: "/var/log" readOnly: true - fluentd: {} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} {{- end }} diff --git a/packages/rancher-monitoring/overlay/CHANGELOG.md b/packages/rancher-monitoring/overlay/CHANGELOG.md index 1feb0a297..12041a94f 100644 --- a/packages/rancher-monitoring/overlay/CHANGELOG.md +++ b/packages/rancher-monitoring/overlay/CHANGELOG.md @@ -10,12 +10,10 @@ All notable changes from the upstream Prometheus Operator chart will be added to - Added support for `kubeAdmControllerManager`, `kubeAdmScheduler`, `kubeAdmProxy`, and `kubeAdmEtcd` PushProx exporters for monitoring k8s components within kubeAdm clusters - Added support for `rke2ControllerManager`, `rke2Scheduler`, `rke2Proxy`, and `rke2Etcd` PushProx exporters for monitoring k8s components within rke2 clusters - Exposed `prometheus.prometheusSpec.ignoreNamespaceSelectors` on values.yaml and set it to `true` by default. This value instructs the default Prometheus server deployed with this chart to ignore the `namespaceSelector` field within any created ServiceMonitor or PodMonitor CRs that it selects. This prevents ServiceMonitors and PodMonitors from configuring the Prometheus scrape configuration to monitor resources outside the namespace that they are deployed in; if a user needs to have one ServiceMonitor / PodMonitor monitor resources within several namespaces, they will need to either disable this default option or create one ServiceMonitor / PodMonitor CR per namespace that they would like to monitor. Relevant fields were also updated in the default README.md -- Added `grafana.sidecar.dashboards.searchNamespace` to values.yaml with a default value of `grafana-dashboards`. The namespace provided should contain all ConfigMaps with the label `grafana_dashboard` and will be searched by the Grafana Dashboards sidecar for updates. The namespace specified is also created along with this deployment. All default dashboard ConfigMaps have been relocated from the deployment namespace to the namespace specified -- Added `grafana.sidecar.datasources.searchNamespace` to values.yaml with a default value of `grafana-datasources`. The namespace provided should contain all ConfigMaps with the label `grafana_datasource` and will be searched by the Grafana Datasources sidecar for updates. The namespace specified is also created along with this deployment. All default datasource ConfigMaps have been relocated from the deployment namespace to the namespace specified -- Added `monitoring-admin`, `monitoring-edit`, and `monitoring-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Prometheus Operator CRs. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to assign specific users `monitoring-edit` or `monitoring-view` within a specific namespace to allow them to set up `ServiceMonitors` / `PodMonitors` that only monitor resources within that namespace. If `.Values.global.rbac.userRoles.aggregateRolesForRBAC` is enabled, these ClusterRoles will aggregate into the respective default ClusterRoles provided by Kubernetes -- Added `grafana-config-edit` and `grafana-config-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Secrets or ConfigMaps utilized by Grafana. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to assign the following users with these permissions: - - User who needs to be able to persist custom Grafana dashboards from the Grafana UI but does not need to be able to interact with Prometheus CRs: `grafana-config-edit` within the `.Values.grafana.sidecar.dashboards.searchNamespace` (default `grafana-dashboards`) namespace - - User who needs to be able to persist new Grafana datasources but does not need to be able to interact with Prometheus CRs: `.Values.grafana.sidecar.datasources.searchNamespace` (default `grafana-datasources`) namespace +- Added `grafana.sidecar.dashboards.searchNamespace` to `values.yaml` with a default value of `cattle-dashboards`. The namespace provided should contain all ConfigMaps with the label `grafana_dashboard` and will be searched by the Grafana Dashboards sidecar for updates. The namespace specified is also created along with this deployment. All default dashboard ConfigMaps have been relocated from the deployment namespace to the namespace specified +- Added `monitoring-admin`, `monitoring-edit`, and `monitoring-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Prometheus Operator CRs. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `ClusterRoleBinding` to bind these roles to a Subject to allow them to set up or view `ServiceMonitors` / `PodMonitors` / `PrometheusRules` and view `Prometheus` or `Alertmanager` CRs across the cluster. If `.Values.global.rbac.userRoles.aggregateRolesForRBAC` is enabled, these ClusterRoles will aggregate into the respective default ClusterRoles provided by Kubernetes +- Added `monitoring-config-admin`, `monitoring-config-edit` and `monitoring-config-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `Secrets` and `ConfigMaps` within the `cattle-monitoring-system` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-monitoring-system` namespace to allow them to modify Secrets / ConfigMaps tied to the deployment, such as your Alertmanager Config Secret. +- Added `monitoring-dashboard-admin`, `monitoring-dashboard-edit` and `monitoring-dashboard-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `ConfigMaps` within the `cattle-dashboards` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`) and deploying Grafana as part of this chart. In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-dashboards` namespace to allow them to create / modify ConfigMaps that contain the JSON used to persist Grafana Dashboards on the cluster. - Added default resource limits for `Prometheus Operator`, `Prometheus`, `AlertManager`, `Grafana`, `kube-state-metrics`, `node-exporter` - Added a default template `rancher_defaults.tmpl` to AlertManager that Rancher will offer to users in order to help configure the way alerts are rendered on a notifier. Also updated the default template deployed with this chart to reference that template and added an example of a Slack config using this template as a comment in the `values.yaml`. - Added support for private registries via introducing a new field for `global.cattle.systemDefaultRegistry` that, if supplied, will automatically be prepended onto every image used by the chart. diff --git a/packages/rancher-monitoring/overlay/templates/rancher-monitoring/clusterrole.yaml b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/clusterrole.yaml new file mode 100644 index 000000000..845f589dc --- /dev/null +++ b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/clusterrole.yaml @@ -0,0 +1,93 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-admin + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-edit + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- end }} +rules: +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} diff --git a/packages/rancher-monitoring/overlay/templates/rancher-monitoring/config-role.yaml b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/config-role.yaml new file mode 100644 index 000000000..f48ffc827 --- /dev/null +++ b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/config-role.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-admin + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-edit + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-view + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} diff --git a/packages/rancher-monitoring/overlay/templates/rancher-monitoring/dashboard-role.yaml b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/dashboard-role.yaml new file mode 100644 index 000000000..d17957961 --- /dev/null +++ b/packages/rancher-monitoring/overlay/templates/rancher-monitoring/dashboard-role.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create .Values.grafana.enabled }} +{{- if or .Values.grafana.sidecar.dashboards.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-admin + namespace: {{ .Values.grafana.sidecar.dashboards.searchNamespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-edit + namespace: {{ .Values.grafana.sidecar.dashboards.searchNamespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-view + namespace: {{ .Values.grafana.sidecar.dashboards.searchNamespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} +{{- end }} diff --git a/packages/rancher-monitoring/rancher-monitoring.patch b/packages/rancher-monitoring/rancher-monitoring.patch index 23f7ef118..53f5bbfc9 100644 --- a/packages/rancher-monitoring/rancher-monitoring.patch +++ b/packages/rancher-monitoring/rancher-monitoring.patch @@ -664,7 +664,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/alertmanager/secret.yaml packages/rancher-monitoring/charts/templates/alertmanager/secret.yaml --- packages/rancher-monitoring/charts-original/templates/alertmanager/secret.yaml +++ packages/rancher-monitoring/charts/templates/alertmanager/secret.yaml -@@ -1,11 +1,16 @@ +@@ -1,11 +1,19 @@ {{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} +{{- if .Release.IsInstall }} +{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }} @@ -679,11 +679,14 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.alertmanager.secret.annotations }} annotations: ++ "helm.sh/hook": pre-install ++ "helm.sh/hook-delete-policy": hook-succeeded, hook-failed ++ "helm.sh/hook-weight": "3" +{{- if .Values.alertmanager.secret.annotations }} {{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} {{- end }} labels: -@@ -20,4 +25,93 @@ +@@ -20,4 +28,93 @@ {{- range $key, $val := .Values.alertmanager.templateFiles }} {{ $key }}: {{ $val | b64enc | quote }} {{- end }} @@ -813,6 +816,18 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem labels: app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager {{ include "kube-prometheus-stack.labels" . | indent 4 }} +diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/exporters/kube-dns/servicemonitor.yaml packages/rancher-monitoring/charts/templates/exporters/kube-dns/servicemonitor.yaml +--- packages/rancher-monitoring/charts-original/templates/exporters/kube-dns/servicemonitor.yaml ++++ packages/rancher-monitoring/charts/templates/exporters/kube-dns/servicemonitor.yaml +@@ -3,7 +3,7 @@ + kind: ServiceMonitor + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns +- namespace: {{ template "kube-prometheus-stack.namespace" . }} ++ namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + {{ include "kube-prometheus-stack.labels" . | indent 4 }} diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/exporters/kubelet/servicemonitor.yaml packages/rancher-monitoring/charts/templates/exporters/kubelet/servicemonitor.yaml --- packages/rancher-monitoring/charts-original/templates/exporters/kubelet/servicemonitor.yaml +++ packages/rancher-monitoring/charts/templates/exporters/kubelet/servicemonitor.yaml @@ -845,7 +860,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource - namespace: {{ template "kube-prometheus-stack.namespace" . }} -+ namespace: {{ .Values.grafana.sidecar.datasources.searchNamespace }} ++ namespace: {{ default .Values.grafana.sidecar.datasources.searchNamespace (include "kube-prometheus-stack.namespace" .) }} {{- if .Values.grafana.sidecar.datasources.annotations }} annotations: {{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }} @@ -1365,7 +1380,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/grafana/namespaces.yaml packages/rancher-monitoring/charts/templates/grafana/namespaces.yaml --- packages/rancher-monitoring/charts-original/templates/grafana/namespaces.yaml +++ packages/rancher-monitoring/charts/templates/grafana/namespaces.yaml -@@ -0,0 +1,19 @@ +@@ -0,0 +1,10 @@ +{{- if and .Values.grafana.enabled }} +{{- if or .Values.grafana.sidecar.dashboards.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 @@ -1375,15 +1390,6 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem + labels: + name: {{ .Values.grafana.sidecar.dashboards.searchNamespace }} +{{- end }} -+--- -+{{- if or .Values.grafana.sidecar.dashboards.enabled .Values.grafana.defaultDashboardsEnabled }} -+apiVersion: v1 -+kind: Namespace -+metadata: -+ name: {{ .Values.grafana.sidecar.datasources.searchNamespace }} -+ labels: -+ name: {{ .Values.grafana.sidecar.datasources.searchNamespace }} -+{{- end }} +{{- end }} \ No newline at end of file diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/prometheus/prometheus.yaml packages/rancher-monitoring/charts/templates/prometheus/prometheus.yaml @@ -1719,159 +1725,6 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/tem {{- end }} imagePullPolicy: {{ .Values.prometheusOperator.tlsProxy.image.pullPolicy }} args: -diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/templates/rancher-monitoring/clusterrole.yaml packages/rancher-monitoring/charts/templates/rancher-monitoring/clusterrole.yaml ---- packages/rancher-monitoring/charts-original/templates/rancher-monitoring/clusterrole.yaml -+++ packages/rancher-monitoring/charts/templates/rancher-monitoring/clusterrole.yaml -@@ -0,0 +1,148 @@ -+{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} -+--- -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRole -+metadata: -+ name: monitoring-admin -+ labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -+ {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} -+ rbac.authorization.k8s.io/aggregate-to-admin: "true" -+ {{- end }} -+rules: -+- apiGroups: -+ - monitoring.coreos.com -+ resources: -+ - alertmanagers -+ - prometheuses -+ - prometheuses/finalizers -+ - alertmanagers/finalizers -+ verbs: -+ - 'get' -+ - 'list' -+ - 'watch' -+- apiGroups: -+ - monitoring.coreos.com -+ resources: -+ - thanosrulers -+ - thanosrulers/finalizers -+ - servicemonitors -+ - podmonitors -+ - prometheusrules -+ - podmonitors -+ verbs: -+ - '*' -+- apiGroups: -+ - "" -+ resources: -+ - configmaps -+ - secrets -+ verbs: -+ - '*' -+--- -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRole -+metadata: -+ name: monitoring-edit -+ labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -+ {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} -+ rbac.authorization.k8s.io/aggregate-to-edit: "true" -+ {{- end }} -+rules: -+rules: -+- apiGroups: -+ - monitoring.coreos.com -+ resources: -+ - alertmanagers -+ - prometheuses -+ - prometheuses/finalizers -+ - alertmanagers/finalizers -+ verbs: -+ - 'get' -+ - 'list' -+ - 'watch' -+- apiGroups: -+ - monitoring.coreos.com -+ resources: -+ - thanosrulers -+ - thanosrulers/finalizers -+ - servicemonitors -+ - podmonitors -+ - prometheusrules -+ - podmonitors -+ verbs: -+ - '*' -+- apiGroups: -+ - "" -+ resources: -+ - configmaps -+ - secrets -+ verbs: -+ - '*' -+--- -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRole -+metadata: -+ name: monitoring-view -+ labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -+ {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} -+ rbac.authorization.k8s.io/aggregate-to-view: "true" -+ {{- end }} -+rules: -+- apiGroups: -+ - monitoring.coreos.com -+ resources: -+ - alertmanagers -+ - prometheuses -+ - prometheuses/finalizers -+ - alertmanagers/finalizers -+ - thanosrulers -+ - thanosrulers/finalizers -+ - servicemonitors -+ - podmonitors -+ - prometheusrules -+ - podmonitors -+ verbs: -+ - 'get' -+ - 'list' -+ - 'watch' -+- apiGroups: -+ - "" -+ resources: -+ - configmaps -+ - secrets -+ verbs: -+ - 'get' -+ - 'list' -+ - 'watch' -+{{- if .Values.grafana.enabled }} -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRole -+metadata: -+ name: grafana-config-edit -+ labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -+rules: -+- apiGroups: -+ - "" -+ resources: -+ - configmaps -+ - secrets -+ verbs: -+ - '*' -+--- -+apiVersion: rbac.authorization.k8s.io/v1 -+kind: ClusterRole -+metadata: -+ name: grafana-config-view -+ labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -+rules: -+- apiGroups: -+ - "" -+ resources: -+ - configmaps -+ - secrets -+ verbs: -+ - 'get' -+ - 'list' -+ - 'watch' -+{{- end }} -+{{- end }} -\ No newline at end of file diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/values.yaml packages/rancher-monitoring/charts/values.yaml --- packages/rancher-monitoring/charts-original/values.yaml +++ packages/rancher-monitoring/charts/values.yaml @@ -2359,19 +2212,11 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val dashboards: enabled: true label: grafana_dashboard -+ searchNamespace: grafana-dashboards ++ searchNamespace: cattle-dashboards ## Annotations for Grafana dashboard configmaps ## -@@ -548,6 +909,7 @@ - ## ref: https://git.io/fjaBS - createPrometheusReplicasDatasources: false - label: grafana_datasource -+ searchNamespace: grafana-datasources - - extraConfigmapMounts: [] - # - name: certs-configmap -@@ -575,6 +937,19 @@ +@@ -575,6 +936,19 @@ ## service: portName: service @@ -2391,7 +2236,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## If true, create a serviceMonitor for grafana ## -@@ -600,6 +975,14 @@ +@@ -600,6 +974,14 @@ # targetLabel: nodename # replacement: $1 # action: replace @@ -2406,7 +2251,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## Component scraping the kube api server ## -@@ -756,7 +1139,7 @@ +@@ -756,7 +1138,7 @@ ## Component scraping the kube controller manager ## kubeControllerManager: @@ -2415,7 +2260,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on ## -@@ -889,7 +1272,7 @@ +@@ -889,7 +1271,7 @@ ## Component scraping etcd ## kubeEtcd: @@ -2424,7 +2269,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## If your etcd is not deployed as a pod, specify IPs it can be found on ## -@@ -949,7 +1332,7 @@ +@@ -949,7 +1331,7 @@ ## Component scraping kube scheduler ## kubeScheduler: @@ -2433,7 +2278,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on ## -@@ -1002,7 +1385,7 @@ +@@ -1002,7 +1384,7 @@ ## Component scraping kube proxy ## kubeProxy: @@ -2442,7 +2287,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## If your kube proxy is not deployed as a pod, specify IPs it can be found on ## -@@ -1076,6 +1459,13 @@ +@@ -1076,6 +1458,13 @@ create: true podSecurityPolicy: enabled: true @@ -2456,7 +2301,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## Deploy node exporter as a daemonset to all nodes ## -@@ -1125,6 +1515,16 @@ +@@ -1125,6 +1514,16 @@ extraArgs: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/) - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$ @@ -2473,7 +2318,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## Manages Prometheus and Alertmanager components ## -@@ -1138,7 +1538,7 @@ +@@ -1138,7 +1537,7 @@ tlsProxy: enabled: true image: @@ -2482,7 +2327,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val tag: v1.5.2 sha: "" pullPolicy: IfNotPresent -@@ -1156,7 +1556,7 @@ +@@ -1156,7 +1555,7 @@ patch: enabled: true image: @@ -2491,7 +2336,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val tag: v1.2.1 sha: "" pullPolicy: IfNotPresent -@@ -1285,13 +1685,13 @@ +@@ -1285,13 +1684,13 @@ ## Resource limits & requests ## @@ -2512,7 +2357,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working -@@ -1335,7 +1735,7 @@ +@@ -1335,7 +1734,7 @@ ## Prometheus-operator image ## image: @@ -2521,7 +2366,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val tag: v0.38.1 sha: "" pullPolicy: IfNotPresent -@@ -1343,14 +1743,14 @@ +@@ -1343,14 +1742,14 @@ ## Configmap-reload image to use for reloading configmaps ## configmapReloadImage: @@ -2538,7 +2383,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val tag: v0.38.1 sha: "" -@@ -1366,14 +1766,6 @@ +@@ -1366,14 +1765,6 @@ ## secretFieldSelector: "" @@ -2553,7 +2398,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## Deploy a Prometheus instance ## prometheus: -@@ -1614,7 +2006,7 @@ +@@ -1614,7 +2005,7 @@ ## Image of Prometheus. ## image: @@ -2562,7 +2407,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val tag: v2.18.2 sha: "" -@@ -1666,6 +2058,11 @@ +@@ -1666,6 +2057,11 @@ ## externalUrl: "" @@ -2574,7 +2419,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## Define which Nodes the Pods are scheduled on. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## -@@ -1698,7 +2095,7 @@ +@@ -1698,7 +2094,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the PrometheusRule resources created ## @@ -2583,7 +2428,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## PrometheusRules to be selected for target discovery. ## If {}, select all ServiceMonitors -@@ -1723,7 +2120,7 @@ +@@ -1723,7 +2119,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the servicemonitors created ## @@ -2592,7 +2437,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## ServiceMonitors to be selected for target discovery. ## If {}, select all ServiceMonitors -@@ -1743,7 +2140,7 @@ +@@ -1743,7 +2139,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the podmonitors created ## @@ -2601,7 +2446,7 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rancher-monitoring/charts-original/val ## PodMonitors to be selected for target discovery. ## If {}, select all PodMonitors -@@ -1840,9 +2237,13 @@ +@@ -1840,9 +2236,13 @@ ## Resource limits & requests ## diff --git a/packages/rancher-operator-crd/package.yaml b/packages/rancher-operator-crd/package.yaml index 595a0da3a..30035bd17 100644 --- a/packages/rancher-operator-crd/package.yaml +++ b/packages/rancher-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/rancher-operator/releases/download/v0.1.0-alpha7/rancher-operator-crd-0.1.0-alpha7.tgz +url: https://github.com/rancher/rancher-operator/releases/download/v0.1.0-alpha8/rancher-operator-crd-0.1.0-alpha8.tgz packageVersion: 00 diff --git a/packages/rancher-operator/package.yaml b/packages/rancher-operator/package.yaml index 2bc3bcac8..5b4e08460 100644 --- a/packages/rancher-operator/package.yaml +++ b/packages/rancher-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/rancher-operator/releases/download/v0.1.0-alpha7/rancher-operator-0.1.0-alpha7.tgz +url: https://github.com/rancher/rancher-operator/releases/download/v0.1.0-alpha8/rancher-operator-0.1.0-alpha8.tgz packageVersion: 00 diff --git a/packages/rancher-webhook/package.yaml b/packages/rancher-webhook/package.yaml index 1d1fc4419..6081e75b1 100644 --- a/packages/rancher-webhook/package.yaml +++ b/packages/rancher-webhook/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/webhook/releases/download/v0.1.0-alpha7/rancher-webhook-0.1.0-alpha7.tgz +url: https://github.com/rancher/webhook/releases/download/v0.1.0-alpha8/rancher-webhook-0.1.0-alpha8.tgz packageVersion: 00