From ed7f77d9af1f4526d34d8ec513e4e04779349e82 Mon Sep 17 00:00:00 2001 From: Donnie Adams Date: Tue, 11 May 2021 16:29:04 -0700 Subject: [PATCH] (dev-v2.6-archive) Add gke-operator (partially cherry picked from commit b608a65c411ef884709df25c32c9edfbcd6bea3f) --- .../rancher-cis-benchmark/charts/Chart.yaml | 4 +- .../rancher-cis-benchmark/charts/values.yaml | 2 +- .../templates/crd-template/Chart.yaml | 2 +- .../generated-changes/patch/Chart.yaml.patch | 12 +++ .../rancher-eks-operator-crd/package.yaml | 2 +- .../generated-changes/patch/Chart.yaml.patch | 15 +++ packages/rancher-eks-operator/package.yaml | 2 +- .../rancher-gke-operator-crd/package.yaml | 2 + packages/rancher-gke-operator/package.yaml | 2 + .../patch/templates/pvc.yaml.patch | 18 ---- .../patch/templates/statefulset.yaml.patch | 17 ---- packages/rancher-grafana/package.yaml | 2 +- .../loggings/kube-audit/logging.yaml | 98 ------------------- .../patch/templates/_helpers.tpl.patch | 38 +------ .../generated-changes/patch/values.yaml.patch | 15 +-- .../generated-changes/patch/values.yaml.patch | 77 +++++++-------- 16 files changed, 78 insertions(+), 230 deletions(-) create mode 100644 packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch create mode 100644 packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch create mode 100644 packages/rancher-gke-operator-crd/package.yaml create mode 100644 packages/rancher-gke-operator/package.yaml delete mode 100644 packages/rancher-grafana/generated-changes/patch/templates/pvc.yaml.patch delete mode 100644 packages/rancher-grafana/generated-changes/patch/templates/statefulset.yaml.patch delete mode 100644 packages/rancher-logging/generated-changes/overlay/templates/loggings/kube-audit/logging.yaml diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml index b361a00d5..f281b9ed4 100644 --- a/packages/rancher-cis-benchmark/charts/Chart.yaml +++ b/packages/rancher-cis-benchmark/charts/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: v1.0.5 +appVersion: v1.0.4 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster name: rancher-cis-benchmark -version: 1.0.5 +version: 1.0.4 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml index e1086b1ac..05bcdac4f 100644 --- a/packages/rancher-cis-benchmark/charts/values.yaml +++ b/packages/rancher-cis-benchmark/charts/values.yaml @@ -5,7 +5,7 @@ image: cisoperator: repository: rancher/cis-operator - tag: v1.0.5-rc1 + tag: v1.0.4 securityScan: repository: rancher/security-scan tag: v0.2.3 diff --git a/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml b/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml index 55c9ca8ed..eeb3fc6fc 100644 --- a/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml +++ b/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -version: 1.0.5 +version: 1.0.4 description: Installs the CRDs for rancher-cis-benchmark. name: rancher-cis-benchmark-crd type: application diff --git a/packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..e265c3211 --- /dev/null +++ b/packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,12 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -5,7 +5,7 @@ + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-eks-operator-crd + apiVersion: v2 +-appVersion: 2.0.1-rc1 ++appVersion: 2.0.1 + description: EKS Operator CustomResourceDefinitions + name: rancher-eks-operator-crd +-version: 2.0.1-rc1 ++version: 2.0.1 diff --git a/packages/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator-crd/package.yaml index 055c613e8..212410162 100644 --- a/packages/rancher-eks-operator-crd/package.yaml +++ b/packages/rancher-eks-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.1.1-rc1/rancher-eks-operator-crd-1.1.1-rc1.tgz +url: https://github.com/rancher/eks-operator/releases/download/v2.0.1-rc1/rancher-eks-operator-crd-2.0.1-rc1.tgz packageVersion: 0 diff --git a/packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..489e5c074 --- /dev/null +++ b/packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,15 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -9,10 +9,10 @@ + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management + apiVersion: v2 +-appVersion: 2.0.1-rc1 ++appVersion: 2.0.1 + description: A Helm chart for provisioning EKS clusters + home: https://github.com/rancher/eks-operator + name: rancher-eks-operator + sources: + - https://github.com/rancher/eks-operator +-version: 2.0.1-rc1 ++version: 2.0.1 diff --git a/packages/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/package.yaml index 45e97a44e..7bb6e0b15 100644 --- a/packages/rancher-eks-operator/package.yaml +++ b/packages/rancher-eks-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.1.1-rc1/rancher-eks-operator-1.1.1-rc1.tgz +url: https://github.com/rancher/eks-operator/releases/download/v2.0.1-rc1/rancher-eks-operator-2.0.1-rc1.tgz packageVersion: 0 diff --git a/packages/rancher-gke-operator-crd/package.yaml b/packages/rancher-gke-operator-crd/package.yaml new file mode 100644 index 000000000..7a9b37526 --- /dev/null +++ b/packages/rancher-gke-operator-crd/package.yaml @@ -0,0 +1,2 @@ +url: https://github.com/rancher/gke-operator/releases/download/v1.1.1-rc1/rancher-gke-operator-crd-1.1.1-rc1.tgz +packageVersion: 0 diff --git a/packages/rancher-gke-operator/package.yaml b/packages/rancher-gke-operator/package.yaml new file mode 100644 index 000000000..98b92048a --- /dev/null +++ b/packages/rancher-gke-operator/package.yaml @@ -0,0 +1,2 @@ +url: https://github.com/rancher/gke-operator/releases/download/v1.1.1-rc1/rancher-gke-operator-1.1.1-rc1.tgz +packageVersion: 0 diff --git a/packages/rancher-grafana/generated-changes/patch/templates/pvc.yaml.patch b/packages/rancher-grafana/generated-changes/patch/templates/pvc.yaml.patch deleted file mode 100644 index 192b305ff..000000000 --- a/packages/rancher-grafana/generated-changes/patch/templates/pvc.yaml.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- charts-original/templates/pvc.yaml -+++ charts/templates/pvc.yaml -@@ -16,12 +16,14 @@ - {{- end }} - spec: - accessModes: -+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} -+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: -- storage: {{ .Values.persistence.size | quote }} -+ storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClassName }} - storageClassName: {{ .Values.persistence.storageClassName }} - {{- end -}} diff --git a/packages/rancher-grafana/generated-changes/patch/templates/statefulset.yaml.patch b/packages/rancher-grafana/generated-changes/patch/templates/statefulset.yaml.patch deleted file mode 100644 index ebf0760af..000000000 --- a/packages/rancher-grafana/generated-changes/patch/templates/statefulset.yaml.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- charts-original/templates/statefulset.yaml -+++ charts/templates/statefulset.yaml -@@ -39,11 +39,13 @@ - - metadata: - name: storage - spec: -+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} -+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} - accessModes: {{ .Values.persistence.accessModes }} - storageClassName: {{ .Values.persistence.storageClassName }} - resources: - requests: -- storage: {{ .Values.persistence.size }} -+ storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }} - {{- with .Values.persistence.selectorLabels }} - selector: - matchLabels: diff --git a/packages/rancher-grafana/package.yaml b/packages/rancher-grafana/package.yaml index af14b2972..0de5357fe 100644 --- a/packages/rancher-grafana/package.yaml +++ b/packages/rancher-grafana/package.yaml @@ -1,4 +1,4 @@ url: https://github.com/grafana/helm-charts.git subdirectory: charts/grafana commit: 837b4ace32278eee14310f1d654d651d0898bb19 -packageVersion: 2 +packageVersion: 1 diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/kube-audit/logging.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/kube-audit/logging.yaml deleted file mode 100644 index 5095526f0..000000000 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/kube-audit/logging.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- if .Values.additionalLoggingSources.kubeAudit.enabled }} -apiVersion: logging.banzaicloud.io/v1beta1 -kind: Logging -metadata: - name: {{ .Release.Name }}-kube-audit - namespace: {{ .Release.Namespace }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -spec: - controlNamespace: {{ .Release.Namespace }} - {{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }} - loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }} - {{- end }} - fluentbit: - disableKubernetesFilter: true - image: - repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} - tag: {{ .Values.images.fluentbit.tag }} - inputTail: - Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }} - Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }} - Parser: json - {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} - Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} - Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} - Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Multiline_Flush }} - Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} - Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} - {{- end }} - extraVolumeMounts: - - source: {{ template "kubeAuditPathPrefix" . }} - destination: "/kube-audit-logs" - readOnly: true - {{- if not .Values.disablePvc }} - {{- with .Values.fluentbit.bufferStorage }} - bufferStorage: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.bufferStorageVolume }} - bufferStorageVolume: {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - {{- if .Values.global.psp.enabled }} - security: - podSecurityPolicyCreate: true - roleBasedAccessControlCreate: true - {{- end }} - {{- with (concat (.Values.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - nodeSelector: - {{- include "controlplaneSelector" . | nindent 6 }} - {{- with .Values.fluentbit.resources }} - resources: {{- toYaml . | nindent 6 }} - {{- end }} - fluentd: - image: - repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} - tag: {{ .Values.images.fluentd.tag }} - configReloaderImage: - repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} - tag: {{ .Values.images.config_reloader.tag }} - {{- if not .Values.disablePvc }} - {{- with .Values.fluentd.bufferStorageVolume }} - bufferStorageVolume: {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - disablePvc: {{ .Values.disablePvc }} - {{- if .Values.fluentd.replicas }} - scaling: - replicas: {{ .Values.fluentd.replicas }} - {{- end }} - {{- if .Values.global.psp.enabled }} - security: - podSecurityPolicyCreate: true - roleBasedAccessControlCreate: true - {{- end }} - {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} - tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} - nodeSelector: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentd.resources }} - resources: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentd.livenessProbe }} - livenessProbe: {{- toYaml . | nindent 6 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch index 6f9f7293c..6dfbf8f3a 100644 --- a/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch +++ b/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch @@ -1,6 +1,6 @@ --- charts-original/templates/_helpers.tpl +++ charts/templates/_helpers.tpl -@@ -56,3 +56,68 @@ +@@ -56,3 +56,33 @@ {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} @@ -34,39 +34,3 @@ +{{- define "windowsInputTailMount" -}} +{{- (include "windowsPathPrefix" .) | replace "C:" "" -}} +{{- end -}} -+ -+{{/* -+Set the controlplane selector based on kubernetes distribution -+*/}} -+{{- define "controlplaneSelector" -}} -+{{- $master := or .Values.additionalLoggingSources.rke2.enabled .Values.additionalLoggingSources.k3s.enabled -}} -+{{- $defaultSelector := $master | ternary (dict "node-role.kubernetes.io/master" "true") (dict "node-role.kubernetes.io/controlplane" "true") -}} -+{{ default $defaultSelector .Values.additionalLoggingSources.kubeAudit.nodeSelector | toYaml }} -+{{- end -}} -+ -+{{/* -+Set kube-audit file path prefix based on distribution -+*/}} -+{{- define "kubeAuditPathPrefix" -}} -+{{- if .Values.additionalLoggingSources.rke.enabled -}} -+{{ default "/var/log/kube-audit" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} -+{{- else if .Values.additionalLoggingSources.rke2.enabled -}} -+{{ default "/var/lib/rancher/rke2/server/logs" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} -+{{- else -}} -+{{ required "Directory PathPrefix of the kube-audit location is required" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} -+{{- end -}} -+{{- end -}} -+ -+{{/* -+Set kube-audit file name based on distribution -+*/}} -+{{- define "kubeAuditFilename" -}} -+{{- if .Values.additionalLoggingSources.rke.enabled -}} -+{{ default "audit-log.json" .Values.additionalLoggingSources.kubeAudit.auditFilename }} -+{{- else if .Values.additionalLoggingSources.rke2.enabled -}} -+{{ default "audit.log" .Values.additionalLoggingSources.kubeAudit.auditFilename }} -+{{- else -}} -+{{ required "Filename of the kube-audit log is required" .Values.additionalLoggingSources.kubeAudit.auditFilename }} -+{{- end -}} -+{{- end -}} -\ No newline at end of file diff --git a/packages/rancher-logging/generated-changes/patch/values.yaml.patch b/packages/rancher-logging/generated-changes/patch/values.yaml.patch index 1dd568dda..84597e8d8 100644 --- a/packages/rancher-logging/generated-changes/patch/values.yaml.patch +++ b/packages/rancher-logging/generated-changes/patch/values.yaml.patch @@ -36,7 +36,7 @@ rbac: enabled: true psp: -@@ -85,3 +93,107 @@ +@@ -85,3 +93,94 @@ additionalLabels: {} metricRelabelings: [] relabelings: [] @@ -62,19 +62,6 @@ + enabled: false + gke: + enabled: false -+ kubeAudit: -+ auditFilename: "" -+ enabled: false -+ pathPrefix: "" -+ fluentbit: -+ logTag: kube-audit -+ tolerations: -+ - key: node-role.kubernetes.io/controlplane -+ value: "true" -+ effect: NoSchedule -+ - key: node-role.kubernetes.io/etcd -+ value: "true" -+ effect: NoExecute + +images: + config_reloader: diff --git a/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch b/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch index f7b7a16da..1bc32dd5d 100644 --- a/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch +++ b/packages/rancher-monitoring/generated-changes/patch/values.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/values.yaml +++ charts/values.yaml -@@ -2,13 +2,279 @@ +@@ -2,13 +2,278 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -225,10 +225,9 @@ + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: -+ - effect: "NoExecute" -+ operator: "Exists" + - effect: "NoSchedule" -+ operator: "Exists" ++ key: node-role.kubernetes.io/master ++ operator: "Equal" + +## Component scraping nginx-ingress-controller +## @@ -282,7 +281,7 @@ ## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6 ## -@@ -89,8 +355,32 @@ +@@ -89,8 +354,32 @@ ## global: @@ -315,7 +314,7 @@ pspEnabled: true pspAnnotations: {} ## Specify pod annotations -@@ -143,6 +433,22 @@ +@@ -143,6 +432,22 @@ ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file ## https://prometheus.io/webtools/alerting/routing-tree-editor/ ## @@ -338,7 +337,7 @@ config: global: resolve_timeout: 5m -@@ -179,25 +485,76 @@ +@@ -179,25 +484,76 @@ ## ref: https://prometheus.io/docs/alerting/notifications/ ## https://prometheus.io/docs/alerting/notification_examples/ ## @@ -434,7 +433,7 @@ ingress: enabled: false -@@ -235,6 +592,25 @@ +@@ -235,6 +591,25 @@ ## Configuration for Alertmanager secret ## secret: @@ -460,7 +459,7 @@ annotations: {} ## Configuration for creating an Ingress that will map to each Alertmanager replica service -@@ -352,7 +728,7 @@ +@@ -352,7 +727,7 @@ ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig tlsConfig: {} @@ -469,7 +468,7 @@ ## metric relabel configs to apply to samples before ingestion. ## -@@ -383,7 +759,7 @@ +@@ -383,7 +758,7 @@ ## Image of Alertmanager ## image: @@ -478,7 +477,7 @@ tag: v0.21.0 sha: "" -@@ -495,9 +871,13 @@ +@@ -495,9 +870,13 @@ ## Define resources requests and limits for single Pods. ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @@ -495,7 +494,7 @@ ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. -@@ -601,10 +981,46 @@ +@@ -601,10 +980,46 @@ enabled: true namespaceOverride: "" @@ -542,7 +541,7 @@ adminPassword: prom-operator ingress: -@@ -644,6 +1060,7 @@ +@@ -644,6 +1059,7 @@ dashboards: enabled: true label: grafana_dashboard @@ -550,7 +549,7 @@ ## Annotations for Grafana dashboard configmaps ## -@@ -692,7 +1109,60 @@ +@@ -692,7 +1108,60 @@ ## Passed to grafana subchart and used by servicemonitor below ## service: @@ -573,7 +572,7 @@ + proxy: + image: + repository: rancher/mirrored-library-nginx -+ tag: 1.19.9-alpine ++ tag: 1.19.2-alpine + + ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod + extraContainers: | @@ -612,7 +611,7 @@ ## If true, create a serviceMonitor for grafana ## -@@ -722,6 +1192,14 @@ +@@ -722,6 +1191,14 @@ # targetLabel: nodename # replacement: $1 # action: replace @@ -627,7 +626,7 @@ ## Component scraping the kube api server ## -@@ -879,7 +1357,7 @@ +@@ -879,7 +1356,7 @@ ## Component scraping the kube controller manager ## kubeControllerManager: @@ -636,7 +635,7 @@ ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on ## -@@ -1014,7 +1492,7 @@ +@@ -1014,7 +1491,7 @@ ## Component scraping etcd ## kubeEtcd: @@ -645,7 +644,7 @@ ## If your etcd is not deployed as a pod, specify IPs it can be found on ## -@@ -1076,7 +1554,7 @@ +@@ -1076,7 +1553,7 @@ ## Component scraping kube scheduler ## kubeScheduler: @@ -654,7 +653,7 @@ ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on ## -@@ -1131,7 +1609,7 @@ +@@ -1131,7 +1608,7 @@ ## Component scraping kube proxy ## kubeProxy: @@ -663,7 +662,7 @@ ## If your kube proxy is not deployed as a pod, specify IPs it can be found on ## -@@ -1210,6 +1688,13 @@ +@@ -1210,6 +1687,13 @@ create: true podSecurityPolicy: enabled: true @@ -677,7 +676,7 @@ ## Deploy node exporter as a daemonset to all nodes ## -@@ -1259,6 +1744,16 @@ +@@ -1259,6 +1743,16 @@ extraArgs: - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ @@ -694,7 +693,7 @@ ## Manages Prometheus and Alertmanager components ## -@@ -1271,8 +1766,8 @@ +@@ -1271,8 +1765,8 @@ enabled: true # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants tlsMinVersion: VersionTLS13 @@ -705,7 +704,7 @@ ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted ## rules from making their way into prometheus and potentially preventing the container from starting -@@ -1289,7 +1784,7 @@ +@@ -1289,7 +1783,7 @@ patch: enabled: true image: @@ -714,7 +713,7 @@ tag: v1.5.0 sha: "" pullPolicy: IfNotPresent -@@ -1428,13 +1923,13 @@ +@@ -1428,13 +1922,13 @@ ## Resource limits & requests ## @@ -735,7 +734,7 @@ # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working -@@ -1487,7 +1982,7 @@ +@@ -1487,7 +1981,7 @@ ## Prometheus-operator image ## image: @@ -744,7 +743,7 @@ tag: v0.46.0 sha: "" pullPolicy: IfNotPresent -@@ -1503,7 +1998,7 @@ +@@ -1503,7 +1997,7 @@ ## Prometheus-config-reloader image to use for config and rule reloading ## prometheusConfigReloaderImage: @@ -753,7 +752,7 @@ tag: v0.46.0 sha: "" -@@ -1558,6 +2053,14 @@ +@@ -1558,6 +2052,14 @@ ## nodePort: 30901 @@ -768,7 +767,7 @@ ## Configuration for Prometheus service ## service: -@@ -1570,7 +2073,7 @@ +@@ -1570,7 +2072,7 @@ port: 9090 ## To be used with a proxy extraContainer port @@ -777,7 +776,7 @@ ## List of IP addresses at which the Prometheus server service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips -@@ -1822,7 +2325,7 @@ +@@ -1822,7 +2324,7 @@ ## Image of Prometheus. ## image: @@ -786,7 +785,7 @@ tag: v2.24.0 sha: "" -@@ -1885,6 +2388,11 @@ +@@ -1885,6 +2387,11 @@ ## externalUrl: "" @@ -798,7 +797,7 @@ ## Define which Nodes the Pods are scheduled on. ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## -@@ -1917,7 +2425,7 @@ +@@ -1917,7 +2424,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the PrometheusRule resources created ## @@ -807,7 +806,7 @@ ## PrometheusRules to be selected for target discovery. ## If {}, select all PrometheusRules -@@ -1942,7 +2450,7 @@ +@@ -1942,7 +2449,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the servicemonitors created ## @@ -816,7 +815,7 @@ ## ServiceMonitors to be selected for target discovery. ## If {}, select all ServiceMonitors -@@ -1965,7 +2473,7 @@ +@@ -1965,7 +2472,7 @@ ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the podmonitors created ## @@ -825,7 +824,7 @@ ## PodMonitors to be selected for target discovery. ## If {}, select all PodMonitors -@@ -2092,9 +2600,13 @@ +@@ -2092,9 +2599,13 @@ ## Resource limits & requests ## @@ -842,7 +841,7 @@ ## Prometheus StorageSpec for persistent data ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md -@@ -2117,7 +2629,13 @@ +@@ -2117,7 +2628,13 @@ # medium: Memory # Additional volumes on the output StatefulSet definition. @@ -857,14 +856,14 @@ # Additional VolumeMounts on the output StatefulSet definition. volumeMounts: [] -@@ -2224,9 +2742,34 @@ +@@ -2224,9 +2741,34 @@ ## thanos: {} + proxy: + image: + repository: rancher/mirrored-library-nginx -+ tag: 1.19.9-alpine ++ tag: 1.19.2-alpine + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. ## if using proxy extraContainer update targetPort with proxy container port @@ -893,7 +892,7 @@ ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes ## (permissions, dir tree) on mounted volumes before starting prometheus -@@ -2234,7 +2777,7 @@ +@@ -2234,7 +2776,7 @@ ## PortName to use for Prometheus. ##